Appearance
Turbo Launcher Administrator Guide
This guide is for administrators and security engineers who configure, deploy, secure, and troubleshoot Turbo Launcher.
Turbo Launcher discovers applications across Windows, macOS, and Linux; normalizes them into a common model; evaluates requests through a JSON-based allowlist policy; and launches applications inside a Secure Sandbox runtime with optional remote placement, DLP, and audit controls.
What You'll Learn
- How to design and maintain Launcher policy and runtime configuration
- How to manage application discovery across desktop, web, SaaS, CLI, and container sources
- How to configure storage, Turbo Drive, and mounts for the Files tab and structured mounts
- How to enforce networking, DLP, device, and identity/SSO controls
- How to deploy, test, and align Launcher posture to CMMC, ITAR, or NIST requirements
Using this guide
The Administrator Guide is organized into focused topics. Start with Architecture to understand how Launcher fits into your environment, then move into Policy, Storage, and Security as you design and harden your configuration.
Each section links to the underlying reference pages under /policy/getting-started/ and related runtime docs.
1. Architecture, Runtime, and Deployment
Learn how Turbo Launcher fits into the client stack, how discovery, policy, and runtime interact, and how policies are delivered.
Use this section when you need to:
- Understand how Launcher, Sandbox Manager, and Turbo Client work together.
- See where policy files live and how they are evaluated.
- Plan initial deployment and integration into your endpoint build.
Topics:
- High-level architecture and launch flow
- Normalized application records and the discovery pipeline
- Secure Sandbox runtime model (
runtime.*layering) - Installation, policy file layout, and evaluation flow
Read:
2. Application Management
Configure how applications are discovered, grouped, and surfaced in the Applications tab.
Use this section when you need to:
- Control which desktop, web, SaaS, and CLI apps appear in Launcher.
- Tune provider order, filters, and deduplication rules.
- Troubleshoot missing or duplicate applications.
Topics:
- Discovery providers (
configuration.discovery.providers) - Provider catalog (Windows/macOS/Linux/Web/SaaS/CLI/portable/workspaces/container)
- Provider ordering, filtering, and deduplication
- Grouping and presentation in the UI
Read:
3. Policy System (Core Configuration)
Design and maintain the JSON-based allowlist policy that controls which apps and file operations are allowed.
Use this section when you need to:
- Define which applications and file operations are permitted.
- Apply ABAC rules and visibility controls.
- Configure launch profiles, flags, and arguments.
Topics:
- Policy structure (configuration, apps, fileTypes, fileAssociations, files)
- Global configuration (identity, posture, classification, runtime defaults)
- Authorization and Visibility (allow/deny, visibility, ABAC requirements)
- Matchers and patterns (targetPath, publisherCertificate, fileHash, version, etc.)
- Modifications, flags, and arguments
- Launch profiles
- Merging and precedence (global → app → launch profile)
- Variable substitution and CRED-backed secrets
Read:
4. Storage and File Management
Configure Files tab storage, structured mounts, Turbo Drive integrations, and file policies.
Use this section when you need to:
- Decide which local folders appear in the Files tab via Storage Contexts.
- Map cloud storage (OneDrive, Dropbox, SMB) into containers using Turbo Drive.
- Enforce storage posture (filesystem type, encryption, permissions).
- Route file types to the right apps and control import/export behavior.
Topics:
- Storage Contexts for the Files tab (
runtime.files.contexts) - Structured mounts (global, per-app, per-launch profile)
- Turbo Drive (OneDrive, Dropbox, SMB) mappings into containers
- File types, associations, and file operation policies
- Secure Sandbox storage posture (filesystems, encryption, ACLs)
Read:
5. Security, Networking, and DLP
Harden Launcher’s runtime by controlling network access, devices, and data motion.
Use this section when you need to:
- Lock down outbound network access and configure proxies/secure DNS.
- Restrict printers, removable media, bluetooth, and NFC.
- Apply DLP controls to clipboard, drag-and-drop, and screen capture/sharing.
- Integrate external DLP/OCR/CASB processors.
Topics:
- Networking policy (capabilities, proxyRouting, secure DNS/DoH, ZTNA-style egress)
- Device controls (printers, removable media, bluetooth, NFC)
- DataMotion and DLP for clipboard, drag-and-drop, screen capture/sharing
- External processors and connectors (DLP/OCR/CASB engines)
- Proxy configuration and secrets
- Security best practices for regulated environments
Read:
6. Identity, Audit, and Compliance
Integrate identity providers, enforce ABAC, and configure audit trails for compliance.
Use this section when you need to:
- Configure SSO and per-app identity adapters.
- Define ABAC rules on apps, mounts, and Storage Contexts.
- Set up audit integrity, export, and fail-closed behavior.
- Align Launcher configuration with CMMC, NIST, or ITAR requirements.
Topics:
- Identity Access (SSO) and per-app adapters
- ABAC expressions on apps, mounts, and Storage Contexts
- Audit trails (integrity, timestamping, export, fail-closed behavior)
- Aligning Launcher configuration with CMMC, NIST, ITAR
Read:
7. Administration and User Experience
Delegate configuration tasks safely and standardize how users experience Launcher.
Use this section when you need to:
- Delegate parts of policy management to workspace or app owners.
- Define configuration templates that constrain user-configurable values.
- Design how user configurations (
user-profiles.json) map to enterprise templates.
Topics:
- Configuration templates (
configurationTemplates) that constrain user-configurable values - User configurations (
user-profiles.json) validated against templates
Read:
8. Reference and Troubleshooting
Use the schema references, examples, and troubleshooting guides to validate your configuration and diagnose issues.
Use this section when you need to:
- Look up the full policy or user configuration schema.
- Review detailed concept and limitation references.
- Find example configurations and recipes for common scenarios.
- Troubleshoot application, discovery, files, policy, or proxy issues.
Topics:
- Policy and user configuration schemas
- Core Launcher concepts and reference (discovery, runtime, mounts, storage, cloud)
- Policy examples and recipes for common scenarios
- Limitations and scope
- Testing and validation practices
- Troubleshooting for applications, discovery, files, policy, and proxy
Read:
Schemas
Concepts & Reference
Examples & Recipes
Testing & Validation
Troubleshooting
