MS case : Some users are unable to utilize the Application shortcuts on the Start menu and taskbar
Service health – Microsoft 365 admin center
ASR “Block Win32 API calls from Office macro” removes icons Office and Edge and… and….
Set this rule to Audit. For testing purposes you also may use an exclusion in Defender for the directory : C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Shortcut directory location is “C:\ProgramData\Microsoft\Windows\Start Menu\Programs”
Location of office programs is “C:\Program Files\Microsoft Office\root\Office16\”
Before rolling out anything you must first excluded or put in AUdit mode “Block Win32 API calls from Office macro” from security baselines.
Then made a New ASR rule in Intune and deployed it to all devices.
Now it’s the best to force a sync to all devices via Powershell MS – Graph.
Connect-MSGraph
$Devices = Get-IntuneManagedDevice -Filter "contains(operatingsystem, 'Windows')" | Get-MSGraphAllPages
# Check total devices
$devices.count
To sync all devices, Write-host command to get more visibility if the script is running.
Foreach ($Device in $Devices)
{
Invoke-IntuneManagedDeviceSyncDevice -managedDeviceId $Device.managedDeviceId
Write-Host "Sending Sync request to Device with DeviceID $($Device.managedDeviceId)" -ForegroundColor Yellow
}
When you finished these steps there will be 2 methods to recreate the shortcuts.
- Create a Intunewin file with the original shortcuts and deploy this to your devices. If not all of your devices need the shortcuts it’s maybe the best to make the package available in the company portal (instead of required).
- Recreate the shortcuts via a powershell script.
Method 1 : create Intunewin with the original shortcuts
Copy shortcuts from a working device. Or download from here.
Original Start menu location where you find the files : C:\ProgramData\Microsoft\Windows\Start Menu\Programs
(Btw. office applications are located in this directory : C:\Program Files\Microsoft Office\root\Office16)
Now use IntuneWin to create an application.
Make Directory \IN and put here all shortcuts, the powershell script and a version file.
Create IntuneWin file
.\IntuneWinAppUtil -c C:\IntuneWin\Shortcuts\IN -s C:\IntuneWin\Shortcuts\IN\install.ps1 -o C:\IntuneWin\Shortcuts\OUT
Create a W32 application in Intune and Upload the file to Intune.
$LogFile = "C:\Windows\Temp\shortcuts.log"
$TargetFolder = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs"
$SourceFolder = $PSScriptRoot
# Delete any existing logfile if it exists
If (Test-Path $LogFile){Remove-Item $LogFile -Force -ErrorAction SilentlyContinue -Confirm:$false}
Function Write-Log{
param (
[Parameter(Mandatory = $true)]
[string]$Message
)
$TimeGenerated = $(Get-Date -UFormat "%D %T")
$Line = "$TimeGenerated : $Message"
Add-Content -Value $Line -Path $LogFile -Encoding Ascii
}
Write-Log "Starting the copy of license file"
# Make sure target folder exists
If (!(Test-Path $TargetFolder)){
Write-Log "Target folder $TargetFolder does not exist, creating it"
New-Item -Path $TargetFolder -ItemType Directory -Force
}
# Copy the files
Write-Log "About to copy contents from $SourceFolder to $TargetFolder"
try {
Copy-Item -Path "$SourceFolder\*" -Destination $TargetFolder -Recurse -Force -ErrorAction Stop
Write-Log "Contents of $SourceFolder successfully copied to $TargetFolder"
}
catch {
Write-Log "Failed to copy $SourceFolder to $TargetFolder. Error is: $($_.Exception.Message))"
}
There is also a possibility to recreate the Office shortcuts via Powershell, see method 2 :
Method 2 : Powershell script which create shortcuts
#Shortcut MS EDGE
$SourceFilePath = "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()
#shortcut EXCEL
$SourceFilePath = "C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()
#shortcut WORD
$SourceFilePath = "C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()
#shortcut ONENOTE
$SourceFilePath = "C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()
#shortcut OUTLOOK
$SourceFilePath = "C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()
#shortcut POWERPOINT
$SourceFilePath = "C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()
#shortcut WINWORD
$SourceFilePath = "C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()
#shortcut ONEDRIVE
$SourceFilePath = "C:\Program Files\Microsoft Onedrive\Onedrive.EXE"
$ShortcutPath = "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk"
$WScriptObj = New-Object -ComObject ("WScript.Shell")
$shortcut = $WscriptObj.CreateShortcut($ShortcutPath)
$shortcut.TargetPath = $SourceFilePath
$shortcut.Save()