Skip to content

Turbo Launcher Administrator Guide

This guide is for administrators and security engineers who configure, deploy, secure, and troubleshoot Turbo Launcher.

Turbo Launcher discovers applications across Windows, macOS, and Linux; normalizes them into a common model; evaluates requests through a JSON-based allowlist policy; and launches applications inside a Secure Sandbox runtime with optional remote placement, DLP, and audit controls.

What You'll Learn

  • How to design and maintain Launcher policy and runtime configuration
  • How to manage application discovery across desktop, web, SaaS, CLI, and container sources
  • How to configure storage, Turbo Drive, and mounts for the Files tab and structured mounts
  • How to enforce networking, DLP, device, and identity/SSO controls
  • How to deploy, test, and align Launcher posture to CMMC, ITAR, or NIST requirements

Using this guide

The Administrator Guide is organized into focused topics. Start with Architecture to understand how Launcher fits into your environment, then move into Policy, Storage, and Security as you design and harden your configuration.

Each section links to the underlying reference pages under /policy/getting-started/ and related runtime docs.


1. Architecture, Runtime, and Deployment

Learn how Turbo Launcher fits into the client stack, how discovery, policy, and runtime interact, and how policies are delivered.

Use this section when you need to:

  • Understand how Launcher, Sandbox Manager, and Turbo Client work together.
  • See where policy files live and how they are evaluated.
  • Plan initial deployment and integration into your endpoint build.

Topics:

  • High-level architecture and launch flow
  • Normalized application records and the discovery pipeline
  • Secure Sandbox runtime model (runtime.* layering)
  • Installation, policy file layout, and evaluation flow

Read:


2. Application Management

Configure how applications are discovered, grouped, and surfaced in the Applications tab.

Use this section when you need to:

  • Control which desktop, web, SaaS, and CLI apps appear in Launcher.
  • Tune provider order, filters, and deduplication rules.
  • Troubleshoot missing or duplicate applications.

Topics:

  • Discovery providers (configuration.discovery.providers)
  • Provider catalog (Windows/macOS/Linux/Web/SaaS/CLI/portable/workspaces/container)
  • Provider ordering, filtering, and deduplication
  • Grouping and presentation in the UI

Read:


3. Policy System (Core Configuration)

Design and maintain the JSON-based allowlist policy that controls which apps and file operations are allowed.

Use this section when you need to:

  • Define which applications and file operations are permitted.
  • Apply ABAC rules and visibility controls.
  • Configure launch profiles, flags, and arguments.

Topics:

  • Policy structure (configuration, apps, fileTypes, fileAssociations, files)
  • Global configuration (identity, posture, classification, runtime defaults)
  • Authorization and Visibility (allow/deny, visibility, ABAC requirements)
  • Matchers and patterns (targetPath, publisherCertificate, fileHash, version, etc.)
  • Modifications, flags, and arguments
  • Launch profiles
  • Merging and precedence (global → app → launch profile)
  • Variable substitution and CRED-backed secrets

Read:


4. Storage and File Management

Configure Files tab storage, structured mounts, Turbo Drive integrations, and file policies.

Use this section when you need to:

  • Decide which local folders appear in the Files tab via Storage Contexts.
  • Map cloud storage (OneDrive, Dropbox, SMB) into containers using Turbo Drive.
  • Enforce storage posture (filesystem type, encryption, permissions).
  • Route file types to the right apps and control import/export behavior.

Topics:

  • Storage Contexts for the Files tab (runtime.files.contexts)
  • Structured mounts (global, per-app, per-launch profile)
  • Turbo Drive (OneDrive, Dropbox, SMB) mappings into containers
  • File types, associations, and file operation policies
  • Secure Sandbox storage posture (filesystems, encryption, ACLs)

Read:


5. Security, Networking, and DLP

Harden Launcher’s runtime by controlling network access, devices, and data motion.

Use this section when you need to:

  • Lock down outbound network access and configure proxies/secure DNS.
  • Restrict printers, removable media, bluetooth, and NFC.
  • Apply DLP controls to clipboard, drag-and-drop, and screen capture/sharing.
  • Integrate external DLP/OCR/CASB processors.

Topics:

  • Networking policy (capabilities, proxyRouting, secure DNS/DoH, ZTNA-style egress)
  • Device controls (printers, removable media, bluetooth, NFC)
  • DataMotion and DLP for clipboard, drag-and-drop, screen capture/sharing
  • External processors and connectors (DLP/OCR/CASB engines)
  • Proxy configuration and secrets
  • Security best practices for regulated environments

Read:


6. Identity, Audit, and Compliance

Integrate identity providers, enforce ABAC, and configure audit trails for compliance.

Use this section when you need to:

  • Configure SSO and per-app identity adapters.
  • Define ABAC rules on apps, mounts, and Storage Contexts.
  • Set up audit integrity, export, and fail-closed behavior.
  • Align Launcher configuration with CMMC, NIST, or ITAR requirements.

Topics:

  • Identity Access (SSO) and per-app adapters
  • ABAC expressions on apps, mounts, and Storage Contexts
  • Audit trails (integrity, timestamping, export, fail-closed behavior)
  • Aligning Launcher configuration with CMMC, NIST, ITAR

Read:


7. Administration and User Experience

Delegate configuration tasks safely and standardize how users experience Launcher.

Use this section when you need to:

  • Delegate parts of policy management to workspace or app owners.
  • Define configuration templates that constrain user-configurable values.
  • Design how user configurations (user-profiles.json) map to enterprise templates.

Topics:

  • Configuration templates (configurationTemplates) that constrain user-configurable values
  • User configurations (user-profiles.json) validated against templates

Read:


8. Reference and Troubleshooting

Use the schema references, examples, and troubleshooting guides to validate your configuration and diagnose issues.

Use this section when you need to:

  • Look up the full policy or user configuration schema.
  • Review detailed concept and limitation references.
  • Find example configurations and recipes for common scenarios.
  • Troubleshoot application, discovery, files, policy, or proxy issues.

Topics:

  • Policy and user configuration schemas
  • Core Launcher concepts and reference (discovery, runtime, mounts, storage, cloud)
  • Policy examples and recipes for common scenarios
  • Limitations and scope
  • Testing and validation practices
  • Troubleshooting for applications, discovery, files, policy, and proxy

Read:

Schemas

Concepts & Reference

Examples & Recipes

Testing & Validation

Troubleshooting