ANAVEM
EnglishFrancais
ANAVEM
Reference
Languagefr
Configure Program Pinning to Taskbar Using Microsoft Intune Policy

Configure Program Pinning to Taskbar Using Microsoft Intune Policy

Control Windows taskbar customization across your organization by configuring Intune policies that manage program pinning. Deploy XML configurations and prevent unauthorized taskbar modifications.

Emanuel DE ALMEIDA
3/14/2026 15 min 19
mediumintune 8 steps 15 min

Overview

Managing taskbar consistency across your Windows environment ensures users have quick access to corporate applications while maintaining organizational standards. Microsoft Intune's taskbar pinning policies let you control which applications appear on user taskbars and whether users can modify these pins.

This tutorial walks you through configuring program pinning using Intune's Settings catalog, deploying XML configurations, and managing user permissions. You'll learn to create policies that work with the latest Windows 11 features, including the PinGeneration attribute that provides more flexible user control.

Implementation Guide

Full Procedure

01

Access Microsoft Intune Admin Center and Create Configuration Profile

Start by logging into the Microsoft Intune admin center to create your taskbar configuration policy.

Open your browser and navigate to endpoint.microsoft.com. Sign in with your administrator credentials that have Intune permissions.

Once logged in, navigate to Devices > Configuration > Create > New policy.

Select Platform: Windows 10 and later and Profile type: Settings catalog, then click Create.

Pro tip: Use Settings catalog instead of Administrative templates for better flexibility and access to the latest Windows features.

Verification: You should see the policy creation wizard with the Settings catalog option selected.

02

Configure Basic Policy Settings and Naming

Name your policy with a descriptive title that indicates its purpose and scope.

In the Basics tab, enter:

  • Name: "Windows 11 Taskbar Configuration - Corporate Apps"
  • Description: "Controls taskbar pinning for standard corporate applications across all managed devices"

Click Next to proceed to the configuration settings.

Warning: Use clear naming conventions as you'll likely have multiple taskbar policies for different user groups or device types.

Verification: The policy name appears in the breadcrumb navigation at the top of the page.

03

Create XML Configuration for Pinned Applications

Before adding settings to Intune, create the XML file that defines which applications should be pinned to the taskbar.

Create a new text file and add the following XML structure for pinning Microsoft Edge and Notepad:

<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification" Version="1">
  <LayoutOptions StartTileGroupCellWidth="6" />
  <DefaultLayoutOverride>
    <StartLayoutCollection>
      <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
        <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\notepad.lnk" />
        <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationID="Microsoft.MicrosoftEdge" PinGeneration="1" />
      </defaultlayout:StartLayout>
    </StartLayoutCollection>
  </DefaultLayoutOverride>
</LayoutModificationTemplate>

The PinGeneration="1" attribute allows users to unpin the application without it being re-pinned on the next policy refresh. This requires Windows 11 23H2 with KB5060826 or Windows 11 24H2 with KB5060829.

Pro tip: Use AUMID for UWP apps, .lnk paths for desktop applications, and DesktopApplicationID for modern shell applications like Edge.

Verification: Validate your XML syntax using an online XML validator before proceeding.

04

Add Configure Start Pins Setting to Policy

Now add the XML configuration to your Intune policy using the Settings catalog.

In the Configuration settings tab, click Add settings.

In the Settings picker, search for "Start" and expand the Start category.

Select Configure Start Pins and click Add.

In the Configure Start Pins field, paste your XML configuration from the previous step.

Click Next to proceed to assignments.

Warning: Ensure your XML is properly formatted. Malformed XML will cause the policy to fail silently on target devices.

Verification: The Configure Start Pins setting should appear in your policy with the XML content visible in the text area.

05

Configure User Pinning Restrictions (Optional)

If you want to prevent users from pinning or unpinning any programs beyond your corporate configuration, add an additional setting.

Click Add settings again and search for "taskbar".

Navigate to Administrative Templates > Start Menu and Taskbar.

Select Do not allow pinning programs to the Taskbar (User) and set it to Enabled.

This completely locks the taskbar from user modifications.

Pro tip: Consider the user experience impact. Completely locking the taskbar may reduce productivity for power users who rely on custom shortcuts.

Verification: Both Configure Start Pins and the pinning restriction should appear in your policy configuration.

06

Assign Policy to Target Groups

Configure which users or devices will receive this taskbar configuration.

In the Assignments tab, choose your assignment method:

  • Include groups: Select specific Azure AD groups
  • Exclude groups: Exclude pilot groups or executives who need flexibility

For Windows 11 23H2+ features like PinGeneration, click Add filter and create a device filter:

(device.osVersion -startsWith "10.0.22631") or (device.osVersion -startsWith "10.0.26100")

This targets Windows 11 23H2 (build 22631) and 24H2 (build 26100) devices.

Click Next to review your configuration.

Warning: Test with a small pilot group first. Taskbar changes affect user productivity and should be rolled out gradually.

Verification: Your target groups and any filters should be listed in the assignment summary.

07

Deploy and Monitor Policy Application

Complete the policy creation and monitor its deployment across your organization.

Review all settings in the Review + create tab, then click Create.

Navigate to Devices > Monitor > Device configuration to track deployment status.

On target devices, force policy sync by running:

gpupdate /force

Or through Settings > Accounts > Access work or school > [Your organization] > Sync.

Check policy application in Event Viewer: Applications and Services Logs > Microsoft > Windows > StartLayout > Operational.

Pro tip: Windows 11 Insider Preview builds 26200.5722+ (Dev) and 26120.5722+ (Beta) apply taskbar policies instantly without requiring sign-out.

Verification: Users should see the configured applications pinned to their taskbar within 15-30 minutes of policy sync.

08

Test and Validate Taskbar Configuration

Verify that your taskbar policy is working correctly on target devices.

On a test device, check that:

  • Configured applications appear pinned in the correct order
  • Users cannot pin unauthorized applications (if restriction is enabled)
  • PinGeneration allows selective unpinning without re-pinning

Test the policy by having a user attempt to:

  1. Right-click the taskbar and select "Taskbar settings"
  2. Try to pin a new application from the Start menu
  3. Attempt to unpin a corporate-mandated application

Document any unexpected behavior for troubleshooting.

Warning: If users report that only one pin applies during Autopilot, check for conflicting Group Policy objects and review the StartLayout event logs.

Verification: Run Get-AppxPackage | Select Name, PackageFullName in PowerShell to identify correct application identifiers for troubleshooting.

Frequently Asked Questions

What is the PinGeneration attribute in Windows 11 taskbar configuration?+
PinGeneration is a Windows 11 23H2+ feature that allows users to permanently unpin corporate-mandated applications without them being re-pinned during policy refresh. When you set PinGeneration="1" in your XML configuration, users can unpin the application and it won't reappear unless you increment the PinGeneration value. This provides a balance between organizational control and user flexibility, requiring Windows 11 23H2 with KB5060826 or Windows 11 24H2 with KB5060829.
How do I prevent users from pinning any programs to the taskbar in Intune?+
Use the "Do not allow pinning programs to the Taskbar (User)" policy in Intune's Settings catalog under Administrative Templates > Start Menu and Taskbar. Set this to Enabled to completely prevent users from pinning, unpinning, or rearranging taskbar icons. This works independently of the Configure Start Pins policy, so you can deploy corporate pins while preventing user modifications. Consider the user experience impact as this may reduce productivity for power users.
Why are my taskbar pins not applying to Windows devices through Intune?+
Common causes include XML formatting errors, incorrect application identifiers, or conflicting Group Policy objects. Validate your XML syntax first, then verify application paths and identifiers using PowerShell commands like Get-AppxPackage or Get-StartApps. Check Event Viewer under Applications and Services Logs > Microsoft > Windows > StartLayout > Operational for specific error messages. Ensure you're targeting compatible Windows versions and that devices have successfully synced the policy.
What's the difference between AUMID and DesktopApplicationID in taskbar XML?+
AUMID (Application User Model ID) is used for UWP applications from the Microsoft Store, like Microsoft.WindowsCalculator_8wekyb3d8bbwe!App. DesktopApplicationID is used for modern shell applications like Microsoft Edge (Microsoft.MicrosoftEdge). For traditional desktop applications, use DesktopApplicationLinkPath pointing to the .lnk file location. Using the wrong identifier type will cause the pin to fail silently, so verify your application type before configuring the XML.
Can I target specific Windows 11 versions for taskbar pinning policies in Intune?+
Yes, use Intune device filters to target specific Windows versions. Create a filter with the rule (device.osVersion -startsWith "10.0.22631") or (device.osVersion -startsWith "10.0.26100") to target Windows 11 23H2 and 24H2 respectively. This is essential for using PinGeneration features that require these specific builds with their corresponding KB updates. For mixed environments, create separate policies for different Windows versions to ensure compatibility.
Emanuel DE ALMEIDA
Written by

Emanuel DE ALMEIDA

Microsoft MCSA-certified Cloud Architect | Fortinet-focused. I modernize cloud, hybrid & on-prem infrastructure for reliability, security, performance and cost control - sharing field-tested ops & troubleshooting.

Tags
#intune#windows#taskbar

Further Intelligence

Deepen your knowledge with related resources

How to Troubleshoot and Fix Outlook Desktop Sync Issues in 2026
tutorial
Microsoft 365

How to Troubleshoot and Fix Outlook Desktop Sync Issues in 2026

Deep Dive
Configure Program Pinning to Taskbar Using Microsoft Intune Policy
tutorial
DevOps

Configure Program Pinning to Taskbar Using Microsoft Intune Policy

Deep Dive
List Installed Roles and Features Using PowerShell on Windows Server
tutorial
DevOps

List Installed Roles and Features Using PowerShell on Windows Server

Deep Dive

Discussion

Share your thoughts and insights

You must be logged in to comment.

Log in
Loading comments...