Deploy a desktop shortcut for a Microsoft Store app with Intune

To deploy a Microsoft Store shortcut to the desktop, we’ll need to create a PowerShell script with the following content:

$TargetFile =  "C:\Windows\explorer.exe"
$ShortcutFile = "$env:USERPROFILE\Desktop\CompanyPortal.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.Arguments="shell:AppsFolder\Microsoft.CompanyPortal_8wekyb3d8bbwe!App"
$Shortcut.TargetPath = $TargetFile
$Shortcut.Save()

In the Arguments line, note that I’m selecting the Company Portal app. If you’re interested in deploying another app but aren’t sure of the full name (the “_8weky…” part after CompanyPortal is required), press Winkey+r and run shell:AppsFolder to see all of the available apps:

Then in the file explorer window that appears, select one of the applications and drag it to the desktop:

Then open the properties of the shortcut to see the full name:

Once we have the PowerShell script ready, upload to Intune and deploy to the device. You can do this by going to the Microsoft Endpoint Manager admin center, selecting Devices > Scripts > +Add > Windows 10. Make sure that you’re also deploying the Microsoft Store app itself!

And then you should be good to go! Here’s how the desktop shortcut looks on my test device:

You’ll probably have noticed that the Icon for Company Portal is set to a File Explorer icon. To configure the icon location of the shortcut, add an additional line to the PowerShell script:

$Shortcut.IconLocation = "c:\LocationOfYourIcon.ico"

The problem is that Microsoft Store apps don’t expose the .ico (or .dll or .exe) file that can be used as an icon for a shortcut location. I’ve tried a few methods of extracting the icon on the fly but they simply produce a blank icon. If you’ve found a way to extract the icon during the script let me know!

One easy answer to the icon problem is deploying the icon as a Win32 app in Intune, copying it to the temp directory, and then running the script. If you’re interested in this approach, also comment below, and I’ll work on a follow up blog post.

The other easy answer is pointing the .IconLocation to a publicly available endpoint for the .ico. Like for example… https://deviceadvice.io/wp-content/uploads/2020/08/CompanyPortalApp.ico

Now our updated script will look like:

$TargetFile =  "C:\Windows\explorer.exe"
$ShortcutFile = "$env:USERPROFILE\Desktop\CompanyPortal.lnk"
$WScriptShell = New-Object -ComObject WScript.Shell
$Shortcut = $WScriptShell.CreateShortcut($ShortcutFile)
$Shortcut.Arguments="shell:AppsFolder\Microsoft.CompanyPortal_8wekyb3d8bbwe!App"
$Shortcut.IconLocation = " https://deviceadvice.io/wp-content/uploads/2020/08/CompanyPortalApp.ico"
$Shortcut.TargetPath = $TargetFile
$Shortcut.Save()

And the deployed icon on the desktop:

As another short aside – it’s worth mentioning that this requires an Azure AD Joined or Hybrid Azure AD Joined device because of the Intune Management Extension (the Windows service Intune users to run scripts). Azure AD Registered devices (including devices enrolled via the Company Portal itself) won’t even receive the management extension. If you’re deploying Win32 apps you’ll also notice this – that devices need to be joined to Azure AD before they can install those applications, because the Intune Management Extension is doing the install.

And that’s all! Happy deploying! 🏠