Creating start menus for Windows could be a complex task as it requires us to export and customize an XML-file to get it right. It get’s even more complex if we want to customize the taskbar as well.
This is where the Windows Start menu Creator Tool comes to play. The tool will help us export the XML from a reference device and will ease the customization process by a lot… it will even connect to Intune, upload the XML and create the policy for you, how awesome is that?! 😍
As shown in the before customization image just a few apps were added to the start menu and the recommendations section is taking a lot of space.
After using the tool to create a start menu and a taskbar we get a more user friendly experience and our apps are never far away.
Note! The recommendations section is removed by using a separate policy.
We have some prerequisites to take care of.
- The PowerShell module: MSAL.PS must be installed on the system running the tool.
- Update 2023-08-17: As for now the tool requires you to register an app in Azure and add following permissions: DeviceManagementConfiguration.ReadWrite.All
- You will need either Global Administrator or Application Administrator to register the app in Azure
- Navigate to: https://portal.azure.com
- Click: Azure Active Directory
- Click: App registrations
- Click: New registration
- Name: I will use ‘Demo-Graph‘, but you may name the app differently (What about “Rock Enroll App”?)
- Supported account types: Accounts in this organizational directory only
- Redirect URI (Select a platform): Public client/native (mobile and desktop)
- Redirect URI (URL): https://login.microsoftonline.com/common/oauth2/nativeclient
- Click: Register
- Save the Application (client) ID in notepad, we will need it later
- Click: API Permissions
- Click: Microsoft Graph
- Click: Delegated permissions
- Search for and mark:
- Click: Add permissions
- Click: Grant admin consent for…
- Click: Yes
- Make sure that the permissions have been granted accordingly. Note❗Below is just an illustration and all of these permissions are not needed at this point, see step 15 for the required permission.
- Now navigate to https://portal.azure.com/
- Click: Azure Active Directory
- Save the Tenant ID in notepad, we will need it later.
- Lastly: Edit Config.txt with your tenant and client ID.
No support for Windows 11 as for now. I will work on that!
Edit: Good news! support for Windows 11 has been added.
Download the zip-file from my Github NicklasAhlberg/Windows-Startmenu-Creator-Tool (github.com) (look for the latest release to the right).
Prepare the reference machine
Let’s go ahead and manually configure a start menu on a reference machine. We will then run the tool to have the configuration exported as an XML-file, and upload it to Intune.
- Set up the wanted startmenu on a reference image (add the wanted apps to the startmenu manually).
- You do not need to configure the taskbar as the tool will take care of that.
- See gif (tool in action) for further instructions.
Run the tool
Note: You might need to exclude the tool from Attack Surface Reducation (ASR). The source code is available on my GitHub.
- Make sure all pre-reqs are fulfilled.
- Run the tool on the reference device.
- Click Connect to connect to your tenant.
- Add a Displayname (name of the policy).
- Add a Description (will be shown at the policy).
- Click: From reference machine checkbox.
- Optional: Add taskbar items. Check the Use Modern Apps checkbox to query the system for all installed modern apps.
- Optional: Click: Add taskbar item to add the selected app to the taskbar.
- Optional: Use the textbox to add the desktopApplication path if you want to add a desktopApplication to the taskbar.
- Optional: Check the custom taskbar combobox to check the items you have added.
- Click Create config profile.
- The policy has now been created in Intune.
- Navigate to Intune and assign the policy to a couple of test devices.
- For info: The XML-file is saved to C:\ for future reference. Open it in Notepad or in an XML-editor if you want to have a look.
The Import XML button is used to import and upload an already existing XML to Intune.