Skip to content

Modifications and Flags

Customize how applications launch using policy-driven modifications. This page is an overview that explains where to configure changes and links to focused topics.

What You'll Learn

  • Understand where to configure settings: Global vs per-app policy vs per-launch profile
  • Know what types of modifications are available (flags, arguments, mounts, networking, device settings)
  • Find the detailed authoring pages for each topic

Overview

Modifications let you set the runtime posture, network policy, mounts, and command-line edits that apply when apps launch. Author them at the right scope based on how broadly you want the change to apply.

  • Global (all launches): configuration.launch and configuration.network
  • Per-app (when that app launches): apps[].modifications
  • Per-launch profile (only when that launch profile is selected): apps[].profiles[]
  • Precedence: Launch Profile > Policy (App) > Global. See: Merging & Precedence

Modification Types

  • Runtime settings — adjust isolation, clipboard, Storage Contexts, visual cues, auditing, and extensions. Author structured runtime settings instead of raw flags. See Runtime Configuration and Schema Reference: Modifications.
  • Arguments — prepend, append, or replace command-line arguments for the launched executable. See Application Arguments.
  • Mounts — add host folders or shared storage into the runtime using structured mounts with merge-aware identities. See Mounts & Shared Storage.
  • Networking — define runtime network capabilities and proxy routing rules, and override them per app or launch profile. See Networking.
  • Devices — control printer availability and other runtime-managed devices using portable settings or vendor extensions. See Device-Level Settings.

Troubleshooting Tips

  • If arguments aren’t taking effect, verify there is no replace at a more specific scope.
  • Use a visible test setting (for example runtime.visual.borderColor) during testing to confirm runtime changes are applied.
  • Confirm at least one enabled allow policy matches the executable; modifications do not apply without authorization.