]> git.p6c8.net - policy-templates.git/blob - docs/index.md
Update extension workshop URL. Fixes #1104
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
21 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
22 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
23 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
24 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
25 | **[`AutofillAddressEnabled`](#autofilladdressenabled)** | Enable autofill for addresses.
26 | **[`AutofillCreditCardEnabled`](#autofillcreditcardenabled)** | Enable autofill for payment methods.
27 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
28 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
29 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
30 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
31 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
32 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
33 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
34 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
35 | **[`Certificates`](#certificates)** |
36 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
37 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
38 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
39 | **[`Cookies`](#cookies)** | Configure cookie preferences.
40 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
41 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
42 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
43 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
44 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
45 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
46 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
47 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
48 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
49 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
50 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
51 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
52 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
53 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
54 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
55 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
56 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
57 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
58 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
59 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
60 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
61 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
62 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
63 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
64 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
65 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
66 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
67 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
68 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
69 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
70 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
71 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
72 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
73 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
74 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
75 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
76 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
77 | **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
78 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
79 | **[`Handlers`](#handlers)** | Configure default application handlers.
80 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
81 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
82 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
83 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
84 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
85 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
86 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
87 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
88 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
89 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
90 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
91 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
92 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
93 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
94 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
95 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
96 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
97 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
98 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
99 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
100 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
101 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
102 | **[`Preferences`](#preferences)** | Set and lock preferences.
103 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
104 | **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
105 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
106 | **[`Proxy`](#proxy)** | Configure proxy settings.
107 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
108 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
109 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
110 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
111 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
112 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
113 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
114 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
115 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
116 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
117 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
118 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
119 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
120 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
121 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
122 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
123 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
124 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
125 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
126 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
127
128 ### 3rdparty
129
130 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/enterprise-development/#how-to-add-policy).
131
132 For GPO and Intune, the extension developer should provide an ADMX file.
133
134 **Compatibility:** Firefox 68\
135 **CCK2 Equivalent:** N/A\
136 **Preferences Affected:** N/A
137
138 #### macOS
139 ```
140 <dict>
141 <key>3rdparty</key>
142 <dict>
143 <key>Extensions</key>
144 <dict>
145 <key>uBlock0@raymondhill.net</key>
146 <dict>
147 <key>adminSettings</key>
148 <dict>
149 <key>selectedFilterLists</key>
150 <array>
151 <string>ublock-privacy</string>
152 <string>ublock-badware</string>
153 <string>ublock-filters</string>
154 <string>user-filters</string>
155 </array>
156 </dict>
157 </dict>
158 </dict>
159 </dict>
160 </dict>
161 ```
162 #### policies.json
163 ```
164 {
165 "policies": {
166 "3rdparty": {
167 "Extensions": {
168 "uBlock0@raymondhill.net": {
169 "adminSettings": {
170 "selectedFilterLists": [
171 "ublock-privacy",
172 "ublock-badware",
173 "ublock-filters",
174 "user-filters"
175 ]
176 }
177 }
178 }
179 }
180 }
181 }
182 ```
183
184 ### AllowedDomainsForApps
185
186 Define domains allowed to access Google Workspace.
187
188 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
189
190 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
191
192 **Compatibility:** Firefox 89, Firefox ESR 78.11\
193 **CCK2 Equivalent:** N/A\
194 **Preferences Affected:** N/A
195
196 #### Windows (GPO)
197 ```
198 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
199 ```
200 #### Windows (Intune)
201 OMA-URI:
202 ```
203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
204 ```
205 Value (string):
206 ```
207 <enabled/>
208 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
209 ```
210 #### macOS
211 ```
212 <dict>
213 <key>AllowedDomainsForApps</key>
214 <string>managedfirefox.com,example.com</string>
215 </dict>
216 ```
217 #### policies.json
218 ```
219 {
220 "policies": {
221 "AllowedDomainsForApps": "managedfirefox.com,example.com"
222 }
223 }
224 ```
225 ### AllowFileSelectionDialogs
226
227 Enable or disable file selection dialogs.
228
229 **Compatibility:** Firefox 124\
230 **CCK2 Equivalent:** N/A\
231 **Preferences Affected:** `widget.disable_file_pickers`
232
233 #### Windows (GPO)
234 ```
235 Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0
236 ```
237 #### Windows (Intune)
238 OMA-URI:
239 ```
240 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate
241 ```
242 Value (string):
243 ```
244 <enabled/> or <disabled/>
245 ```
246 #### macOS
247 ```
248 <dict>
249 <key>AllowFileSelectionDialogs</key>
250 <true/> | <false/>
251 </dict>
252 ```
253 #### policies.json
254 ```
255 {
256 "policies": {
257 "AllowFileSelectionDialogs": true | false
258 }
259 }
260 ```
261 ### AppAutoUpdate
262
263 Enable or disable **automatic** application update.
264
265 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
266
267 If set to false, application updates are downloaded but the user can choose when to install the update.
268
269 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
270
271 **Compatibility:** Firefox 75, Firefox ESR 68.7\
272 **CCK2 Equivalent:** N/A\
273 **Preferences Affected:** `app.update.auto`
274
275 #### Windows (GPO)
276 ```
277 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
278 ```
279 #### Windows (Intune)
280 OMA-URI:
281 ```
282 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
283 ```
284 Value (string):
285 ```
286 <enabled/> or <disabled/>
287 ```
288 #### macOS
289 ```
290 <dict>
291 <key>AppAutoUpdate</key>
292 <true/> | <false/>
293 </dict>
294 ```
295 #### policies.json
296 ```
297 {
298 "policies": {
299 "AppAutoUpdate": true | false
300 }
301 }
302 ```
303 ### AppUpdatePin
304
305 Prevent Firefox from being updated beyond the specified version.
306
307 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
308
309 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
310
311 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
312
313 **Compatibility:** Firefox 102,\
314 **CCK2 Equivalent:** N/A\
315 **Preferences Affected:** N/A
316
317 #### Windows (GPO)
318 ```
319 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
320 ```
321 #### Windows (Intune)
322 OMA-URI:
323 ```
324 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
325 ```
326 Value (string):
327 ```
328 <enabled/>
329 <data id="AppUpdatePin" value="106."/>
330 ```
331 #### macOS
332 ```
333 <dict>
334 <key>AppUpdatePin</key>
335 <string>106.</string>
336 </dict>
337 ```
338 #### policies.json
339 ```
340 {
341 "policies": {
342 "AppUpdatePin": "106."
343 }
344 }
345 ```
346 ### AppUpdateURL
347
348 Change the URL for application update if you are providing Firefox updates from a custom update server.
349
350 **Compatibility:** Firefox 62, Firefox ESR 60.2\
351 **CCK2 Equivalent:** N/A\
352 **Preferences Affected:** `app.update.url`
353
354 #### Windows (GPO)
355 ```
356 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
357 ```
358 #### Windows (Intune)
359 OMA-URI:
360 ```
361 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
362 ```
363 Value (string):
364 ```
365 <enabled/>
366 <data id="AppUpdateURL" value="https://yoursite.com"/>
367 ```
368 #### macOS
369 ```
370 <dict>
371 <key>AppUpdateURL</key>
372 <string>https://yoursite.com</string>
373 </dict>
374 ```
375 #### policies.json
376 ```
377 {
378 "policies": {
379 "AppUpdateURL": "https://yoursite.com"
380 }
381 }
382 ```
383 ### Authentication
384
385 Configure sites that support integrated authentication.
386
387 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
388
389 `PrivateBrowsing` enables integrated authentication in private browsing.
390
391 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
392 **CCK2 Equivalent:** N/A\
393 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
394
395 #### Windows (GPO)
396 ```
397 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
398 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
399 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
400 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
401 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
402 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
403 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
404 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
405 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
406 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
407 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
408 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
409 ```
410 #### Windows (Intune)
411 OMA-URI:
412 ```
413 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
414 ```
415 Value (string):
416 ```
417 <enabled/>
418 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
419 ```
420 OMA-URI:
421 ```
422 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
423 ```
424 Value (string):
425 ```
426 <enabled/>
427 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
428 ```
429 OMA-URI:
430 ```
431 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
432 ```
433 Value (string):
434 ```
435 <enabled/>
436 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
437 ```
438 OMA-URI:
439 ```
440 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
441 ```
442 Value (string):
443 ```
444 <enabled/>
445 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
446 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
447 ```
448 OMA-URI:
449 ```
450 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
451 ```
452 Value (string):
453 ```
454 <enabled/> or <disabled/>
455 ```
456 OMA-URI:
457 ```
458 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
459 ```
460 Value (string):
461 ```
462 <enabled/> or <disabled/>
463 ```
464 #### macOS
465 ```
466 <dict>
467 <key>Authentication</key>
468 <dict>
469 <key>SPNEGO</key>
470 <array>
471 <string>mydomain.com</string>
472 <string>https://myotherdomain.com</string>
473 </array>
474 <key>Delegated</key>
475 <array>
476 <string>mydomain.com</string>
477 <string>https://myotherdomain.com</string>
478 </array>
479 <key>NTLM</key>
480 <array>
481 <string>mydomain.com</string>
482 <string>https://myotherdomain.com</string>
483 </array>
484 <key>AllowNonFQDN</key>
485 <dict>
486 <key>SPNEGO</key>
487 <true/> | <false/>
488 <key>NTLM</key>
489 <true/> | <false/>
490 </dict>
491 <key>AllowProxies</key>
492 <dict>
493 <key>SPNEGO</key>
494 <true/> | <false/>
495 <key>NTLM</key>
496 <true/> | <false/>
497 </dict>
498 <key>Locked</key>
499 <true/> | <false/>
500 <key>PrivateBrowsing</key>
501 <true/> | <false/>
502 </dict>
503 </dict>
504 ```
505 #### policies.json
506 ```
507 {
508 "policies": {
509 "Authentication": {
510 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
511 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
512 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
513 "AllowNonFQDN": {
514 "SPNEGO": true | false,
515 "NTLM": true | false
516 },
517 "AllowProxies": {
518 "SPNEGO": true | false,
519 "NTLM": true | false
520 },
521 "Locked": true | false,
522 "PrivateBrowsing": true | false
523 }
524 }
525 }
526 ```
527 ### AutofillAddressEnabled
528
529 Enables or disables autofill for addresses.
530
531 This only applies when address autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/automatically-fill-your-address-web-forms) for more information.
532
533 **Compatibility:** Firefox 125, Firefox ESR 115.10\
534 **CCK2 Equivalent:** N/A\
535 **Preferences Affected:** `extensions.formautofill.addresses.enabled`
536
537 #### Windows (GPO)
538 ```
539 Software\Policies\Mozilla\Firefox\AutofillAddressEnabled = 0x1 | 0x0
540 ```
541 #### Windows (Intune)
542 OMA-URI:
543 ```
544 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillAddressEnabled
545 ```
546 Value (string):
547 ```
548 <enabled/> or <disabled/>
549 ```
550 #### macOS
551 ```
552 <dict>
553 <key>AutofillAddressEnabled</key>
554 <true/> | <false/>
555 </dict>
556 ```
557 #### policies.json
558 ```
559 {
560 "policies": {
561 "AutofillAddressEnabled": true | false
562 }
563 }
564 ```
565 ### AutofillCreditCardEnabled
566
567 Enables or disables autofill for payment methods.
568
569 This only applies when payment method autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/credit-card-autofill) for more information.
570
571 **Compatibility:** Firefox 125, Firefox ESR 115.10\
572 **CCK2 Equivalent:** N/A\
573 **Preferences Affected:** `extensions.formautofill.creditCards.enabled`
574
575 #### Windows (GPO)
576 ```
577 Software\Policies\Mozilla\Firefox\AutofillCreditCardEnabled = 0x1 | 0x0
578 ```
579 #### Windows (Intune)
580 OMA-URI:
581 ```
582 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillCreditCardEnabled
583 ```
584 Value (string):
585 ```
586 <enabled/> or <disabled/>
587 ```
588 #### macOS
589 ```
590 <dict>
591 <key>AutofillCreditCardEnabled</key>
592 <true/> | <false/>
593 </dict>
594 ```
595 #### policies.json
596 ```
597 {
598 "policies": {
599 "AutofillCreditCardEnabled": true | false
600 }
601 }
602 ```
603 ### AutoLaunchProtocolsFromOrigins
604 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
605
606 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
607
608 The schema is:
609 ```
610 {
611 "items": {
612 "properties": {
613 "allowed_origins": {
614 "items": {
615 "type": "string"
616 },
617 "type": "array"
618 },
619 "protocol": {
620 "type": "string"
621 }
622 },
623 "required": [
624 "protocol",
625 "allowed_origins"
626 ],
627 "type": "object"
628 },
629 "type": "array"
630 }
631 ```
632 **Compatibility:** Firefox 90, Firefox ESR 78.12\
633 **CCK2 Equivalent:** N/A\
634 **Preferences Affected:** N/A
635
636 #### Windows (GPO)
637 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
638 ```
639 [
640 {
641 "protocol": "zoommtg",
642 "allowed_origins": [
643 "https://somesite.zoom.us"
644 ]
645 }
646 ]
647 ```
648 #### Windows (Intune)
649 OMA-URI:
650 ```
651 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
652 ```
653 Value (string):
654 ```
655 <enabled/>
656 <data id="JSON" value='
657 [
658 {
659 "protocol": "zoommtg",
660 "allowed_origins": [
661 "https://somesite.zoom.us"
662 ]
663 }
664 ]'/>
665 ```
666 #### macOS
667 ```
668 <dict>
669 <key>AutoLaunchProtocolsFromOrigins</key>
670 <array>
671 <dict>
672 <key>protocol</key>
673 <string>zoommtg</string>
674 <key>allowed_origins</key>
675 <array>
676 <string>https://somesite.zoom.us</string>
677 </array>
678 </dict>
679 </array>
680 </dict>
681 ```
682 #### policies.json
683 ```
684 {
685 "policies": {
686 "AutoLaunchProtocolsFromOrigins": [{
687 "protocol": "zoommtg",
688 "allowed_origins": [
689 "https://somesite.zoom.us"
690 ]
691 }]
692 }
693 }
694 ```
695 ### BackgroundAppUpdate
696
697 Enable or disable **automatic** application update **in the background**, when the application is not running.
698
699 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
700
701 If set to false, the application will not try to install updates when the application is not running.
702
703 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
704
705 If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows).
706
707 **Compatibility:** Firefox 90 (Windows only)\
708 **CCK2 Equivalent:** N/A\
709 **Preferences Affected:** `app.update.background.enabled`
710
711 #### Windows (GPO)
712 ```
713 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
714 ```
715 #### Windows (Intune)
716 OMA-URI:
717 ```
718 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
719 ```
720 Value (string):
721 ```
722 <enabled/> or <disabled/>
723 ```
724 #### macOS
725 ```
726 <dict>
727 <key>BackgroundAppUpdate</key>
728 <true/> | <false/>
729 </dict>
730 ```
731 #### policies.json
732 ```
733 {
734 "policies": {
735 "BackgroundAppUpdate": true | false
736 }
737 }
738 ```
739 ### BlockAboutAddons
740
741 Block access to the Add-ons Manager (about:addons).
742
743 **Compatibility:** Firefox 60, Firefox ESR 60\
744 **CCK2 Equivalent:** `disableAddonsManager`\
745 **Preferences Affected:** N/A
746
747 #### Windows (GPO)
748 ```
749 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
750 ```
751 #### Windows (Intune)
752 OMA-URI:
753 ```
754 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
755 ```
756 Value (string):
757 ```
758 <enabled/> or <disabled/>
759 ```
760 #### macOS
761 ```
762 <dict>
763 <key>BlockAboutAddons</key>
764 <true/> | <false/>
765 </dict>
766 ```
767 #### policies.json
768 ```
769 {
770 "policies": {
771 "BlockAboutAddons": true | false
772 }
773 }
774 ```
775 ### BlockAboutConfig
776
777 Block access to about:config.
778
779 **Compatibility:** Firefox 60, Firefox ESR 60\
780 **CCK2 Equivalent:** `disableAboutConfig`\
781 **Preferences Affected:** N/A
782
783 #### Windows (GPO)
784 ```
785 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
786 ```
787 #### Windows (Intune)
788 OMA-URI:
789 ```
790 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
791 ```
792 Value (string):
793 ```
794 <enabled/> or <disabled/>
795 ```
796 #### macOS
797 ```
798 <dict>
799 <key>BlockAboutConfig</key>
800 <true/> | <false/>
801 </dict>
802 ```
803 #### policies.json
804 ```
805 {
806 "policies": {
807 "BlockAboutConfig": true | false
808 }
809 }
810 ```
811 ### BlockAboutProfiles
812
813 Block access to About Profiles (about:profiles).
814
815 **Compatibility:** Firefox 60, Firefox ESR 60\
816 **CCK2 Equivalent:** `disableAboutProfiles`\
817 **Preferences Affected:** N/A
818
819 #### Windows (GPO)
820 ```
821 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
822 ```
823 #### Windows (Intune)
824 OMA-URI:
825 ```
826 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
827 ```
828 Value (string):
829 ```
830 <enabled/> or <disabled/>
831 ```
832 #### macOS
833 ```
834 <dict>
835 <key>BlockAboutProfiles</key>
836 <true/> | <false/>
837 </dict>
838 ```
839 #### policies.json
840 ```
841 {
842 "policies": {
843 "BlockAboutProfiles": true | false
844 }
845 }
846 ```
847 ### BlockAboutSupport
848
849 Block access to Troubleshooting Information (about:support).
850
851 **Compatibility:** Firefox 60, Firefox ESR 60\
852 **CCK2 Equivalent:** `disableAboutSupport`\
853 **Preferences Affected:** N/A
854
855 #### Windows (GPO)
856 ```
857 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
858 ```
859 #### Windows (Intune)
860 OMA-URI:
861 ```
862 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
863 ```
864 Value (string):
865 ```
866 <enabled/> or <disabled/>
867 ```
868 #### macOS
869 ```
870 <dict>
871 <key>BlockAboutSupport</key>
872 <true/> | <false/>
873 </dict>
874 ```
875 #### policies.json
876 ```
877 {
878 "policies": {
879 "BlockAboutSupport": true | false
880 }
881 }
882 ```
883 ### Bookmarks
884
885 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
886
887 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
888
889 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
890
891 **Compatibility:** Firefox 60, Firefox ESR 60\
892 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
893 **Preferences Affected:** N/A
894
895 #### Windows (GPO)
896 ```
897 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
898 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
899 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
900 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
901 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
902
903 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
904 ```
905 []
906 ```
907
908 ```
909 #### Windows (Intune)
910 OMA-URI:
911 ```
912 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
913 ```
914 Value (string):
915 ```
916 <enabled/>
917 <data id="BookmarkTitle" value="Example"/>
918 <data id="BookmarkURL" value="https://example.com"/>
919 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
920 <data id="BookmarkPlacement" value="toolbar | menu"/>
921 <data id="BookmarkFolder" value="FolderName"/>
922 ```
923 OMA-URI:
924 ```
925 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
926 ```
927 Value (string):
928 ```
929 <enabled/>
930 <data id="JSON" value='[]'/>
931 ```
932 #### macOS
933 ```
934 <dict>
935 <key>Bookmarks</key>
936 <array>
937 <dict>
938 <key>Title</key>
939 <string>Example</string>
940 <key>URL</key>
941 <string>https://example.com</string>
942 <key>Favicon</key>
943 <string>https://example.com/favicon.ico</string>
944 <key>Placement</key>
945 <string>toolbar | menu</string>
946 <key>Folder</key>
947 <string>FolderName</string>
948 </dict>
949 </array>
950 </dict>
951 ```
952 #### policies.json
953 ```
954 {
955 "policies": {
956 "Bookmarks": [
957 {
958 "Title": "Example",
959 "URL": "https://example.com",
960 "Favicon": "https://example.com/favicon.ico",
961 "Placement": "toolbar" | "menu",
962 "Folder": "FolderName"
963 }
964 ]
965 }
966 }
967 ```
968 ### CaptivePortal
969 Enable or disable the detection of captive portals.
970
971 **Compatibility:** Firefox 67, Firefox ESR 60.7\
972 **CCK2 Equivalent:** N/A\
973 **Preferences Affected:** `network.captive-portal-service.enabled`
974
975 #### Windows (GPO)
976 ```
977 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
978 ```
979 #### Windows (Intune)
980 OMA-URI:
981 ```
982 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
983 ```
984 Value (string):
985 ```
986 <enabled/> or <disabled/>
987 ```
988 #### macOS
989 ```
990 <dict>
991 <key>CaptivePortal</key>
992 <true/> | <false/>
993 </dict>
994 ```
995 #### policies.json
996 ```
997 {
998 "policies": {
999 "CaptivePortal": true | false
1000 }
1001 }
1002 ```
1003 ### Certificates
1004
1005 ### Certificates | ImportEnterpriseRoots
1006
1007 Trust certificates that have been added to the operating system certificate store by a user or administrator.
1008
1009 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
1010
1011 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
1012
1013 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
1014 **CCK2 Equivalent:** N/A\
1015 **Preferences Affected:** `security.enterprise_roots.enabled`
1016
1017 #### Windows (GPO)
1018 ```
1019 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
1020 ```
1021 #### Windows (Intune)
1022 OMA-URI:
1023 ```
1024 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
1025 ```
1026 Value (string):
1027 ```
1028 <enabled/> or <disabled/>
1029 ```
1030 #### macOS
1031 ```
1032 <dict>
1033 <key>Certificates</key>
1034 <dict>
1035 <key>ImportEnterpriseRoots</key>
1036 <true/> | <false/>
1037 </dict>
1038 </dict>
1039 ```
1040 #### policies.json
1041 ```
1042 {
1043 "policies": {
1044 "Certificates": {
1045 "ImportEnterpriseRoots": true | false
1046 }
1047 }
1048 }
1049 ```
1050 ### Certificates | Install
1051
1052 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
1053
1054 - Windows
1055 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
1056 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
1057 - macOS
1058 - /Library/Application Support/Mozilla/Certificates
1059 - ~/Library/Application Support/Mozilla/Certificates
1060 - Linux
1061 - /usr/lib/mozilla/certificates
1062 - /usr/lib64/mozilla/certificates
1063 - ~/.mozilla/certificates
1064
1065 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
1066
1067 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
1068
1069 Certificates are installed using the trust string `CT,CT,`.
1070
1071 Binary (DER) and ASCII (PEM) certificates are both supported.
1072
1073 **Compatibility:** Firefox 64, Firefox ESR 64\
1074 **CCK2 Equivalent:** `certs.ca`\
1075 **Preferences Affected:** N/A
1076
1077 #### Windows (GPO)
1078 ```
1079 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
1080 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
1081 ```
1082 #### Windows (Intune)
1083 OMA-URI:
1084 ```
1085 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
1086 ```
1087 Value (string):
1088 ```
1089 <enabled/>
1090 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
1091 ```
1092 #### macOS
1093 ```
1094 <dict>
1095 <key>Certificates</key>
1096 <dict>
1097 <key>Install</key>
1098 <array>
1099 <string>cert1.der</string>
1100 <string>/Users/username/cert2.pem</string>
1101 </array>
1102 </dict>
1103 </dict>
1104 ```
1105 #### policies.json
1106 ```
1107 {
1108 "policies": {
1109 "Certificates": {
1110 "Install": ["cert1.der", "/home/username/cert2.pem"]
1111 }
1112 }
1113 }
1114 ```
1115 ### Containers
1116 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1117
1118 Currently you can set the initial set of containers.
1119
1120 For each container, you can specify the name, icon, and color.
1121
1122 | Name | Description |
1123 | --- | --- |
1124 | `name`| Name of container
1125 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1126 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1127
1128 **Compatibility:** Firefox 113\
1129 **CCK2 Equivalent:** N/A\
1130 **Preferences Affected:** N/A
1131
1132 #### Windows (GPO)
1133 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1134 ```
1135 {
1136 "Default": [
1137 {
1138 "name": "My container",
1139 "icon": "pet",
1140 "color": "turquoise"
1141 }
1142 ]
1143 }
1144 ```
1145 #### Windows (Intune)
1146 OMA-URI:
1147 ```
1148 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1149 ```
1150 Value (string):
1151 ```
1152 <enabled/>
1153 <data id="JSON" value='
1154 {
1155 "Default": [
1156 {
1157 "name": "My container",
1158 "icon": "pet",
1159 "color": "turquoise"
1160 }
1161 ]
1162 }
1163 '/>
1164 ```
1165 #### macOS
1166 ```
1167 <dict>
1168 <key>Default</key>
1169 <dict>
1170 <key>Containers</key>
1171 <array>
1172 <dict>
1173 <key>name</key>
1174 <string>My container</string>
1175 <key>icon</key>
1176 <string>pet</string>
1177 <key>color</key>
1178 <string>turquoise</string>
1179 </dict>
1180 </array>
1181 </dict>
1182 </dict>
1183 ```
1184 #### policies.json
1185 ```
1186 {
1187 "policies": {
1188 "Containers": {
1189 "Default": [
1190 {
1191 "name": "My container",
1192 "icon": "pet",
1193 "color": "turquoise"
1194 }
1195 ]
1196 }
1197 }
1198 }
1199 ```
1200 ### Cookies
1201 Configure cookie preferences.
1202
1203 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1204
1205 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1206
1207 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1208
1209 `Behavior` sets the default behavior for cookies based on the values below.
1210
1211 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1212
1213 | Value | Description
1214 | --- | --- |
1215 | accept | Accept all cookies
1216 | reject-foreign | Reject third party cookies
1217 | reject | Reject all cookies
1218 | limit-foreign | Reject third party cookies for sites you haven't visited
1219 | reject-tracker | Reject cookies for known trackers (default)
1220 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1221
1222 `Locked` prevents the user from changing cookie preferences.
1223
1224 `Default` determines whether cookies are accepted at all. (*Deprecated*. Use `Behavior` instead)
1225
1226 `AcceptThirdParty` determines how third-party cookies are handled. (*Deprecated*. Use `Behavior` instead)
1227
1228 `RejectTracker` only rejects cookies for trackers. (*Deprecated*. Use `Behavior` instead)
1229
1230 `ExpireAtSessionEnd` determines when cookies expire. (*Deprecated*. Use [`SanitizeOnShutdown`](#sanitizeonshutdown-selective) instead)
1231
1232 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1233 **CCK2 Equivalent:** N/A\
1234 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1235
1236 #### Windows (GPO)
1237 ```
1238 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1239 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1240 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1241 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1242 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1243 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1244 ```
1245 #### Windows (Intune)
1246 OMA-URI:
1247 ```
1248 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1249 ```
1250 Value (string):
1251 ```
1252 <enabled/>
1253 <data id="Permissions" value="1&#xF000;https://example.com"/>
1254 ```
1255 OMA-URI:
1256 ```
1257 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1258 ```
1259 Value (string):
1260 ```
1261 <enabled/>
1262 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1263 ```
1264 OMA-URI:
1265 ```
1266 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1267 ```
1268 Value (string):
1269 ```
1270 <enabled/>
1271 <data id="Permissions" value="1&#xF000;https://example.org"/>
1272 ```
1273 OMA-URI:
1274 ```
1275 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1276 ```
1277 Value (string):
1278 ```
1279 <enabled/> or <disabled/>
1280 ```
1281 OMA-URI:
1282 ```
1283 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1284 ```
1285 Value (string):
1286 ```
1287 <enabled/>
1288 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1289 ```
1290 OMA-URI:
1291 ```
1292 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1293 ```
1294 Value (string):
1295 ```
1296 <enabled/>
1297 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1298 ```
1299 #### macOS
1300 ```
1301 <dict>
1302 <key>Cookies</key>
1303 <dict>
1304 <key>Allow</key>
1305 <array>
1306 <string>http://example.com</string>
1307 </array>
1308 <key>AllowSession</key>
1309 <array>
1310 <string>http://example.edu</string>
1311 </array>
1312 <key>Block</key>
1313 <array>
1314 <string>http://example.org</string>
1315 </array>
1316 <key>Locked</key>
1317 <true/> | <false/>
1318 <key>Behavior</key>
1319 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1320 <key>BehaviorPrivateBrowsing</key>
1321 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1322 </dict>
1323 </dict>
1324 ```
1325 #### policies.json
1326 ```
1327 {
1328 "policies": {
1329 "Cookies": {
1330 "Allow": ["http://example.org/"],
1331 "AllowSession": ["http://example.edu/"],
1332 "Block": ["http://example.edu/"],
1333 "Locked": true | false,
1334 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1335 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1336 }
1337 }
1338 }
1339 ```
1340 ### DefaultDownloadDirectory
1341 Set the default download directory.
1342
1343 You can use ${home} for the native home directory.
1344
1345 **Compatibility:** Firefox 68, Firefox ESR 68\
1346 **CCK2 Equivalent:** N/A\
1347 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1348
1349 #### Windows (GPO)
1350 ```
1351 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1352 ```
1353 #### Windows (Intune)
1354 OMA-URI:
1355 ```
1356 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1357 ```
1358 Value (string):
1359 ```
1360 <enabled/>
1361 <data id="Preferences_String" value="${home}\Downloads"/>
1362 ```
1363 #### macOS
1364 ```
1365 <dict>
1366 <key>DefaultDownloadDirectory</key>
1367 <string>${home}/Downloads</string>
1368 </dict>
1369 ```
1370 #### policies.json (macOS and Linux)
1371 ```
1372 {
1373 "policies": {
1374 "DefaultDownloadDirectory": "${home}/Downloads"
1375 }
1376 }
1377 ```
1378 #### policies.json (Windows)
1379 ```
1380 {
1381 "policies": {
1382 "DefaultDownloadDirectory": "${home}\\Downloads"
1383 }
1384 }
1385 ```
1386 ### DisableAppUpdate
1387 Turn off application updates within Firefox.
1388
1389 **Compatibility:** Firefox 60, Firefox ESR 60\
1390 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1391 **Preferences Affected:** N/A
1392
1393 #### Windows (GPO)
1394 ```
1395 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1396 ```
1397 #### Windows (Intune)
1398 OMA-URI:
1399 ```
1400 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1401 ```
1402 Value (string):
1403 ```
1404 <enabled/> or <disabled/>
1405 ```
1406 #### macOS
1407 ```
1408 <dict>
1409 <key>DisableAppUpdate</key>
1410 <true/> | <false/>
1411 </dict>
1412 ```
1413 #### policies.json
1414 ```
1415 {
1416 "policies": {
1417 "DisableAppUpdate": true | false
1418 }
1419 }
1420 ```
1421 ### DisableBuiltinPDFViewer
1422 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1423
1424 **Compatibility:** Firefox 60, Firefox ESR 60\
1425 **CCK2 Equivalent:** `disablePDFjs`\
1426 **Preferences Affected:** `pdfjs.disabled`
1427
1428 #### Windows (GPO)
1429 ```
1430 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1431 ```
1432 #### Windows (Intune)
1433 OMA-URI:
1434 ```
1435 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1436 ```
1437 Value (string):
1438 ```
1439 <enabled/> or <disabled/>
1440 ```
1441 #### macOS
1442 ```
1443 <dict>
1444 <key>DisableBuiltinPDFViewer</key>
1445 <true/> | <false/>
1446 </dict>
1447 ```
1448 #### policies.json
1449 ```
1450 {
1451 "policies": {
1452 "DisableBuiltinPDFViewer": true | false
1453 }
1454 }
1455 ```
1456 ### DisabledCiphers
1457 Disable specific cryptographic ciphers, listed below.
1458
1459 ```
1460 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1461 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1462 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1463 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1464 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1465 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1466 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1467 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1468 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1469 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1470 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1471 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1472 TLS_RSA_WITH_AES_128_GCM_SHA256
1473 TLS_RSA_WITH_AES_256_GCM_SHA384
1474 TLS_RSA_WITH_AES_128_CBC_SHA
1475 TLS_RSA_WITH_AES_256_CBC_SHA
1476 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1477 ```
1478
1479 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1480
1481 ---
1482 **Note:**
1483
1484 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1485
1486 ---
1487 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1488 **CCK2 Equivalent:** N/A\
1489 **Preferences Affected:** N/A
1490
1491 #### Windows (GPO)
1492 ```
1493 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1494 ```
1495 #### Windows (Intune)
1496 OMA-URI:
1497 ```
1498 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1499
1500 ```
1501 Value (string):
1502 ```
1503 <enabled/> or <disabled/>
1504 ```
1505 #### macOS
1506 ```
1507 <dict>
1508 <key>DisabledCiphers</key>
1509 <dict>
1510 <key>CIPHER_NAME</key>
1511 <true/> | <false/>
1512 </dict>
1513 </dict>
1514 ```
1515 #### policies.json
1516 ```
1517 {
1518 "policies": {
1519 "DisabledCiphers": {
1520 "CIPHER_NAME": true | false,
1521 }
1522 }
1523 }
1524 ```
1525 ### DisableDefaultBrowserAgent
1526 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1527
1528 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1529
1530 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1531 **CCK2 Equivalent:** N/A\
1532 **Preferences Affected:** N/A
1533
1534 #### Windows (GPO)
1535 ```
1536 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1537 ```
1538 #### Windows (Intune)
1539 OMA-URI:
1540 ```
1541 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1542 ```
1543 Value (string):
1544 ```
1545 <enabled/> or <disabled/>
1546 ```
1547 #### policies.json
1548 ```
1549 {
1550 "policies": {
1551 "DisableDefaultBrowserAgent": true | false
1552 }
1553 }
1554 ```
1555 ### DisableDeveloperTools
1556 Remove access to all developer tools.
1557
1558 **Compatibility:** Firefox 60, Firefox ESR 60\
1559 **CCK2 Equivalent:** `removeDeveloperTools`\
1560 **Preferences Affected:** `devtools.policy.disabled`
1561
1562 #### Windows (GPO)
1563 ```
1564 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1565 ```
1566 #### Windows (Intune)
1567 OMA-URI:
1568 ```
1569 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1570 ```
1571 Value (string):
1572 ```
1573 <enabled/> or <disabled/>
1574 ```
1575 #### macOS
1576 ```
1577 <dict>
1578 <key>DisableDeveloperTools</key>
1579 <true/> | <false/>
1580 </dict>
1581 ```
1582 #### policies.json
1583 ```
1584 {
1585 "policies": {
1586 "DisableDeveloperTools": true | false
1587 }
1588 }
1589 ```
1590 ### DisableFeedbackCommands
1591 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1592
1593 **Compatibility:** Firefox 60, Firefox ESR 60\
1594 **CCK2 Equivalent:** N/A\
1595 **Preferences Affected:** N/A
1596
1597 #### Windows (GPO)
1598 ```
1599 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1600 ```
1601 #### Windows (Intune)
1602 OMA-URI:
1603 ```
1604 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1605 ```
1606 Value (string):
1607 ```
1608 <enabled/> or <disabled/>
1609 ```
1610 #### macOS
1611 ```
1612 <dict>
1613 <key>DisableFeedbackCommands</key>
1614 <true/> | <false/>
1615 </dict>
1616 ```
1617 #### policies.json
1618 ```
1619 {
1620 "policies": {
1621 "DisableFeedbackCommands": true | false
1622 }
1623 }
1624 ```
1625 ### DisableFirefoxAccounts
1626 Disable Firefox Accounts integration (Sync).
1627
1628 **Compatibility:** Firefox 60, Firefox ESR 60\
1629 **CCK2 Equivalent:** `disableSync`\
1630 **Preferences Affected:** `identity.fxaccounts.enabled`
1631
1632 #### Windows (GPO)
1633 ```
1634 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1635 ```
1636 #### Windows (Intune)
1637 OMA-URI:
1638 ```
1639 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1640 ```
1641 Value (string):
1642 ```
1643 <enabled/> or <disabled/>
1644 ```
1645 #### macOS
1646 ```
1647 <dict>
1648 <key>DisableFirefoxAccounts</key>
1649 <true/> | <false/>
1650 </dict>
1651 ```
1652 #### policies.json
1653 ```
1654 {
1655 "policies": {
1656 "DisableFirefoxAccounts": true | false
1657 }
1658 }
1659 ```
1660 ### DisableFirefoxScreenshots
1661 Remove access to Firefox Screenshots.
1662
1663 **Compatibility:** Firefox 60, Firefox ESR 60\
1664 **CCK2 Equivalent:** N/A\
1665 **Preferences Affected:** `extensions.screenshots.disabled`
1666
1667 #### Windows (GPO)
1668 ```
1669 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1670 ```
1671 #### Windows (Intune)
1672 OMA-URI:
1673 ```
1674 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1675 ```
1676 Value (string):
1677 ```
1678 <enabled/> or <disabled/>
1679 ```
1680 #### macOS
1681 ```
1682 <dict>
1683 <key>DisableFirefoxScreenshots</key>
1684 <true/> | <false/>
1685 </dict>
1686 ```
1687 #### policies.json
1688 ```
1689 {
1690 "policies": {
1691 "DisableFirefoxScreenshots": true | false
1692 }
1693 }
1694 ```
1695 ### DisableFirefoxStudies
1696 Disable Firefox studies (Shield).
1697
1698 **Compatibility:** Firefox 60, Firefox ESR 60\
1699 **CCK2 Equivalent:** N/A\
1700 **Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
1701
1702 #### Windows (GPO)
1703 ```
1704 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1705 ```
1706 #### Windows (Intune)
1707 OMA-URI:
1708 ```
1709 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1710 ```
1711 Value (string):
1712 ```
1713 <enabled/> or <disabled/>
1714 ```
1715 #### macOS
1716 ```
1717 <dict>
1718 <key>DisableFirefoxStudies</key>
1719 <true/> | <false/>
1720 </dict>
1721 ```
1722 #### policies.json
1723 ```
1724 {
1725 "policies": {
1726 "DisableFirefoxStudies": true | false
1727 }
1728 }
1729 ```
1730 ### DisableForgetButton
1731 Disable the "Forget" button.
1732
1733 **Compatibility:** Firefox 60, Firefox ESR 60\
1734 **CCK2 Equivalent:** `disableForget`\
1735 **Preferences Affected:** N/A
1736
1737 #### Windows (GPO)
1738 ```
1739 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1740 ```
1741 #### Windows (Intune)
1742 OMA-URI:
1743 ```
1744 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1745 ```
1746 Value (string):
1747 ```
1748 <enabled/> or <disabled/>
1749 ```
1750 #### macOS
1751 ```
1752 <dict>
1753 <key>DisableForgetButton</key>
1754 <true/> | <false/>
1755 </dict>
1756 ```
1757 #### policies.json
1758 ```
1759 {
1760 "policies": {
1761 "DisableForgetButton": true | false
1762 }
1763 }
1764 ```
1765 ### DisableFormHistory
1766 Turn off saving information on web forms and the search bar.
1767
1768 **Compatibility:** Firefox 60, Firefox ESR 60\
1769 **CCK2 Equivalent:** `disableFormFill`\
1770 **Preferences Affected:** `browser.formfill.enable`
1771
1772 #### Windows (GPO)
1773 ```
1774 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1775 ```
1776 #### Windows (Intune)
1777 OMA-URI:
1778 ```
1779 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1780 ```
1781 Value (string):
1782 ```
1783 <enabled/> or <disabled/>
1784 ```
1785 #### macOS
1786 ```
1787 <dict>
1788 <key>DisableFormHistory</key>
1789 <true/> | <false/>
1790 </dict>
1791 ```
1792 #### policies.json
1793 ```
1794 {
1795 "policies": {
1796 "DisableFormHistory": true | false
1797 }
1798 }
1799 ```
1800 ### DisableMasterPasswordCreation
1801 Remove the master password functionality.
1802
1803 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1804
1805 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1806
1807 **Compatibility:** Firefox 60, Firefox ESR 60\
1808 **CCK2 Equivalent:** `noMasterPassword`\
1809 **Preferences Affected:** N/A
1810
1811 #### Windows (GPO)
1812 ```
1813 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1814 ```
1815 #### Windows (Intune)
1816 OMA-URI:
1817 ```
1818 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1819 ```
1820 Value (string):
1821 ```
1822 <enabled/> or <disabled/>
1823 ```
1824 #### macOS
1825 ```
1826 <dict>
1827 <key>DisableMasterPasswordCreation</key>
1828 <true/> | <false/>
1829 </dict>
1830 ```
1831 #### policies.json
1832 ```
1833 {
1834 "policies": {
1835 "DisableMasterPasswordCreation": true | false
1836 }
1837 }
1838 ```
1839 ### DisablePasswordReveal
1840 Do not allow passwords to be shown in saved logins
1841
1842 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1843 **CCK2 Equivalent:** N/A
1844 **Preferences Affected:** N/A
1845
1846 #### Windows (GPO)
1847 ```
1848 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1849 ```
1850 #### Windows (Intune)
1851 OMA-URI:
1852 ```
1853 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1854 ```
1855 Value (string):
1856 ```
1857 <enabled/> or <disabled/>
1858 ```
1859 #### macOS
1860 ```
1861 <dict>
1862 <key>DisablePasswordReveal</key>
1863 <true/> | <false/>
1864 </dict>
1865 ```
1866 #### policies.json
1867 ```
1868 {
1869 "policies": {
1870 "DisablePasswordReveal": true | false
1871 }
1872 }
1873 ```
1874 ### DisablePocket
1875 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1876
1877 **Compatibility:** Firefox 60, Firefox ESR 60\
1878 **CCK2 Equivalent:** `disablePocket`\
1879 **Preferences Affected:** `extensions.pocket.enabled`
1880
1881 #### Windows (GPO)
1882 ```
1883 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1884 ```
1885 #### Windows (Intune)
1886 OMA-URI:
1887 ```
1888 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1889 ```
1890 Value (string):
1891 ```
1892 <enabled/> or <disabled/>
1893 ```
1894 #### macOS
1895 ```
1896 <dict>
1897 <key>DisablePocket</key>
1898 <true/> | <false/>
1899 </dict>
1900 ```
1901 #### policies.json
1902 ```
1903 {
1904 "policies": {
1905 "DisablePocket": true | false
1906 }
1907 }
1908 ```
1909 ### DisablePrivateBrowsing
1910 Remove access to private browsing.
1911
1912 **Compatibility:** Firefox 60, Firefox ESR 60\
1913 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1914 **Preferences Affected:** N/A
1915
1916 #### Windows (GPO)
1917 ```
1918 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1919 ```
1920 #### Windows (Intune)
1921 OMA-URI:
1922 ```
1923 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1924 ```
1925 Value (string):
1926 ```
1927 <enabled/> or <disabled/>
1928 ```
1929 #### macOS
1930 ```
1931 <dict>
1932 <key>DisablePrivateBrowsing</key>
1933 <true/> | <false/>
1934 </dict>
1935 ```
1936 #### policies.json
1937 ```
1938 {
1939 "policies": {
1940 "DisablePrivateBrowsing": true | false
1941 }
1942 }
1943 ```
1944 ### DisableProfileImport
1945 Disables the "Import data from another browser" option in the bookmarks window.
1946
1947 **Compatibility:** Firefox 60, Firefox ESR 60\
1948 **CCK2 Equivalent:** N/A\
1949 **Preferences Affected:** N/A
1950
1951 #### Windows (GPO)
1952 ```
1953 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1954 ```
1955 #### Windows (Intune)
1956 OMA-URI:
1957 ```
1958 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1959 ```
1960 Value (string):
1961 ```
1962 <enabled/> or <disabled/>
1963 ```
1964 #### macOS
1965 ```
1966 <dict>
1967 <key>DisableProfileImport</key>
1968 <true/> | <false/>
1969 </dict>
1970 ```
1971 #### policies.json
1972 ```
1973 {
1974 "policies": {
1975 "DisableProfileImport": true | false
1976 }
1977 }
1978 ```
1979 ### DisableProfileRefresh
1980 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1981
1982 **Compatibility:** Firefox 60, Firefox ESR 60\
1983 **CCK2 Equivalent:** `disableResetFirefox`\
1984 **Preferences Affected:** `browser.disableResetPrompt`
1985
1986 #### Windows (GPO)
1987 ```
1988 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1989 ```
1990 #### Windows (Intune)
1991 OMA-URI:
1992 ```
1993 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1994 ```
1995 Value (string):
1996 ```
1997 <enabled/> or <disabled/>
1998 ```
1999 #### macOS
2000 ```
2001 <dict>
2002 <key>DisableProfileRefresh</key>
2003 <true/> | <false/>
2004 </dict>
2005 ```
2006 #### policies.json
2007 ```
2008 {
2009 "policies": {
2010 "DisableProfileRefresh": true | false
2011 }
2012 }
2013 ```
2014 ### DisableSafeMode
2015 Disable safe mode within the browser.
2016
2017 On Windows, this disables safe mode via the command line as well.
2018
2019 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
2020 **CCK2 Equivalent:** `disableSafeMode`\
2021 **Preferences Affected:** N/A
2022
2023 #### Windows (GPO)
2024 ```
2025 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
2026 ```
2027 #### Windows (Intune)
2028 OMA-URI:
2029 ```
2030 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
2031 ```
2032 Value (string):
2033 ```
2034 <enabled/> or <disabled/>
2035 ```
2036 #### macOS
2037 ```
2038 <dict>
2039 <key>DisableSafeMode</key>
2040 <true/> | <false/>
2041 </dict>
2042 ```
2043 #### policies.json
2044 ```
2045 {
2046 "policies": {
2047 "DisableSafeMode": true | false
2048 }
2049 }
2050 ```
2051 ### DisableSecurityBypass
2052 Prevent the user from bypassing security in certain cases.
2053
2054 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
2055
2056 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
2057
2058 These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
2059
2060 **Compatibility:** Firefox 60, Firefox ESR 60\
2061 **CCK2 Equivalent:** N/A\
2062 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
2063
2064 #### Windows (GPO)
2065 ```
2066 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2067 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2068 ```
2069 #### Windows (Intune)
2070 OMA-URI:
2071 ```
2072 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2073 ```
2074 Value (string):
2075 ```
2076 <enabled/> or <disabled/>
2077 ```
2078 OMA-URI:
2079 ```
2080 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2081 ```
2082 Value (string):
2083 ```
2084 <enabled/> or <disabled/>
2085 ```
2086
2087 #### macOS
2088 ```
2089 <dict>
2090 <key>DisableSecurityBypass</key>
2091 <dict>
2092 <key>InvalidCertificate</key>
2093 <true/> | <false/>
2094 <key>SafeBrowsing</key>
2095 <true/> | <false/>
2096 </dict>
2097 </dict>
2098 ```
2099 #### policies.json
2100 ```
2101 {
2102 "policies": {
2103 "DisableSecurityBypass": {
2104 "InvalidCertificate": true | false,
2105 "SafeBrowsing": true | false
2106 }
2107 }
2108 }
2109 ```
2110 ### DisableSetDesktopBackground
2111 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2112
2113 **Compatibility:** Firefox 60, Firefox ESR 60\
2114 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2115 **Preferences Affected:** N/A
2116
2117 #### Windows (GPO)
2118 ```
2119 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2120 ```
2121 #### Windows (Intune)
2122 OMA-URI:
2123 ```
2124 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2125 ```
2126 Value (string):
2127 ```
2128 <enabled/> or <disabled/>
2129 ```
2130 #### macOS
2131 ```
2132 <dict>
2133 <key>DisableSetDesktopBackground</key>
2134 <true/> | <false/>
2135 </dict>
2136 ```
2137 #### policies.json
2138 ```
2139 {
2140 "policies": {
2141 "DisableSetDesktopBackground": true | false
2142 }
2143 }
2144 ```
2145 ### DisableSystemAddonUpdate
2146 Prevent system add-ons from being installed or updated.
2147
2148 **Compatibility:** Firefox 60, Firefox ESR 60\
2149 **CCK2 Equivalent:** N/A\
2150 **Preferences Affected:** N/A
2151
2152 #### Windows (GPO)
2153 ```
2154 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2155 ```
2156 #### Windows (Intune)
2157 OMA-URI:
2158 ```
2159 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2160 ```
2161 Value (string):
2162 ```
2163 <enabled/> or <disabled/>
2164 ```
2165 #### macOS
2166 ```
2167 <dict>
2168 <key>DisableSystemAddonUpdate</key>
2169 <true/> | <false/>
2170 </dict>
2171 ```
2172 #### policies.json
2173 ```
2174 {
2175 "policies": {
2176 "DisableSystemAddonUpdate": true | false
2177 }
2178 }
2179 ```
2180 ### DisableTelemetry
2181 Prevent the upload of telemetry data.
2182
2183 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2184
2185 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2186
2187 **Compatibility:** Firefox 60, Firefox ESR 60\
2188 **CCK2 Equivalent:** `disableTelemetry`\
2189 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2190
2191 #### Windows (GPO)
2192 ```
2193 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2194 ```
2195 #### Windows (Intune)
2196 OMA-URI:
2197 ```
2198 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2199 ```
2200 Value (string):
2201 ```
2202 <enabled/> or <disabled/>
2203 ```
2204 #### macOS
2205 ```
2206 <dict>
2207 <key>DisableTelemetry</key>
2208 <true/> | <false/>
2209 </dict>
2210 ```
2211 #### policies.json
2212 ```
2213 {
2214 "policies": {
2215 "DisableTelemetry": true | false
2216 }
2217 }
2218 ```
2219 ### DisableThirdPartyModuleBlocking
2220 Do not allow blocking third-party modules from the `about:third-party` page.
2221
2222 This policy only works on Windows through GPO (not policies.json).
2223
2224 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2225 **CCK2 Equivalent:** N/A\
2226 **Preferences Affected:** N/A
2227
2228 #### Windows (GPO)
2229 ```
2230 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2231 ```
2232 #### Windows (Intune)
2233 OMA-URI:
2234 ```
2235 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2236 ```
2237 Value (string):
2238 ```
2239 <enabled/> or <disabled/>
2240 ```
2241 ### DisplayBookmarksToolbar
2242 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2243
2244 `always` means the bookmarks toolbar is always shown.
2245
2246 `never` means the bookmarks toolbar is not shown.
2247
2248 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2249
2250 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2251 **CCK2 Equivalent:** N/A\
2252 **Preferences Affected:** N/A
2253
2254 #### Windows (GPO)
2255 ```
2256 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2257 ```
2258 #### Windows (Intune)
2259 OMA-URI:
2260 ```
2261 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2262 ```
2263 Value (string):
2264 ```
2265 <enabled/>
2266 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2267 ```
2268 #### macOS
2269 ```
2270 <dict>
2271 <key>DisplayBookmarksToolbar</key>
2272 <string>always | never | newtab</string>
2273 </dict>
2274 ```
2275 #### policies.json
2276 ```
2277 {
2278 "policies": {
2279 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2280 }
2281 }
2282 ```
2283 ### DisplayMenuBar
2284 Set the state of the menubar.
2285
2286 `always` means the menubar is shown and cannot be hidden.
2287
2288 `never` means the menubar is hidden and cannot be shown.
2289
2290 `default-on` means the menubar is on by default but can be hidden.
2291
2292 `default-off` means the menubar is off by default but can be shown.
2293
2294 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2295 **CCK2 Equivalent:** `displayMenuBar`\
2296 **Preferences Affected:** N/A
2297
2298 #### Windows (GPO)
2299 ```
2300 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2301 ```
2302 #### Windows (Intune)
2303 OMA-URI:
2304 ```
2305 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2306 ```
2307 Value (string):
2308 ```
2309 <enabled/>
2310 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2311 ```
2312 #### macOS
2313 ```
2314 <dict>
2315 <key>DisplayMenuBar</key>
2316 <string>always | never | default-on | default-off</string>
2317 </dict>
2318 ```
2319 #### policies.json
2320 ```
2321 {
2322 "policies": {
2323 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2324 }
2325 }
2326 ```
2327 ### DNSOverHTTPS
2328 Configure DNS over HTTPS.
2329
2330 `Enabled` determines whether DNS over HTTPS is enabled
2331
2332 `ProviderURL` is a URL to another provider.
2333
2334 `Locked` prevents the user from changing DNS over HTTPS preferences.
2335
2336 `ExcludedDomains` excludes domains from DNS over HTTPS.
2337
2338 `Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider.
2339
2340 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\
2341 **CCK2 Equivalent:** N/A\
2342 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2343
2344 #### Windows (GPO)
2345 ```
2346 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2347 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2348 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2349 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2350 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0
2351 ```
2352 #### Windows (Intune)
2353 OMA-URI:
2354 ```
2355 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2356 ```
2357 Value (string):
2358 ```
2359 <enabled/> or <disabled/>
2360 ```
2361 OMA-URI:
2362 ```
2363 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2364 ```
2365 Value (string):
2366 ```
2367 <enabled/>
2368 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2369 ```
2370 OMA-URI:
2371 ```
2372 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2373 ```
2374 Value (string):
2375 ```
2376 <enabled/> or <disabled/>
2377 ```
2378 OMA-URI:
2379 ```
2380 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2381 ```
2382 Value (string):
2383 ```
2384 <enabled/>
2385 <data id="List" value="1&#xF000;example.com"/>
2386 ```
2387 OMA-URI:
2388 ```
2389 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback
2390 ```
2391 Value (string):
2392 ```
2393 <enabled/> or <disabled/>
2394 ```
2395 #### macOS
2396 ```
2397 <dict>
2398 <key>DNSOverHTTPS</key>
2399 <dict>
2400 <key>Enabled</key>
2401 <true/> | <false/>
2402 <key>ProviderURL</key>
2403 <string>URL_TO_ALTERNATE_PROVIDER</string>
2404 <key>Locked</key>
2405 <true/> | <false/>
2406 <key>ExcludedDomains</key>
2407 <array>
2408 <string>example.com</string>
2409 </array>
2410 <key>Fallback</key>
2411 <true/> | <false/>
2412 </dict>
2413 </dict>
2414 ```
2415 #### policies.json
2416 ```
2417 {
2418 "policies": {
2419 "DNSOverHTTPS": {
2420 "Enabled": true | false,
2421 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2422 "Locked": true | false,
2423 "ExcludedDomains": ["example.com"],
2424 "Fallback": true | false,
2425 }
2426 }
2427 }
2428 ```
2429 ### DontCheckDefaultBrowser
2430 Don't check if Firefox is the default browser at startup.
2431
2432 **Compatibility:** Firefox 60, Firefox ESR 60\
2433 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2434 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2435
2436 #### Windows (GPO)
2437 ```
2438 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2439 ```
2440 #### Windows (Intune)
2441 OMA-URI:
2442 ```
2443 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2444 ```
2445 Value (string):
2446 ```
2447 <enabled/> or <disabled/>
2448 ```
2449 #### macOS
2450 ```
2451 <dict>
2452 <key>DontCheckDefaultBrowser</key>
2453 <true/> | <false/>
2454 </dict>
2455 ```
2456 #### policies.json
2457 ```
2458 {
2459 "policies": {
2460 "DontCheckDefaultBrowser": true | false
2461 }
2462 }
2463 ```
2464 ### DownloadDirectory
2465 Set and lock the download directory.
2466
2467 You can use ${home} for the native home directory.
2468
2469 **Compatibility:** Firefox 68, Firefox ESR 68\
2470 **CCK2 Equivalent:** N/A\
2471 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2472
2473 #### Windows (GPO)
2474 ```
2475 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2476 ```
2477 #### Windows (Intune)
2478 OMA-URI:
2479 ```
2480 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2481 ```
2482 Value (string):
2483 ```
2484 <enabled/>
2485 <data id="Preferences_String" value="${home}\Downloads"/>
2486 ```
2487 #### macOS
2488 ```
2489 <dict>
2490 <key>DownloadDirectory</key>
2491 <string>${home}/Downloads</string>
2492 </dict>
2493 ```
2494 #### policies.json (macOS and Linux)
2495 ```
2496 {
2497 "policies": {
2498 "DownloadDirectory": "${home}/Downloads"
2499 }
2500 ```
2501 #### policies.json (Windows)
2502 ```
2503 {
2504 "policies": {
2505 "DownloadDirectory": "${home}\\Downloads"
2506 }
2507 ```
2508 ### EnableTrackingProtection
2509 Configure tracking protection.
2510
2511 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2512
2513 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2514
2515 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2516
2517 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2518
2519 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2520
2521 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2522
2523 `Exceptions` are origins for which tracking protection is not enabled.
2524
2525 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2526 **CCK2 Equivalent:** N/A\
2527 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2528
2529 #### Windows (GPO)
2530 ```
2531 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2532 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2533 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2534 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2535 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2536 ```
2537 #### Windows (Intune)
2538 OMA-URI:
2539 ```
2540 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2541 ```
2542 Value (string):
2543 ```
2544 <enabled/> or <disabled/>
2545 ```
2546 OMA-URI:
2547 ```
2548 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2549 ```
2550 Value (string):
2551 ```
2552 <enabled/> or <disabled/>
2553 ```
2554 OMA-URI:
2555 ```
2556 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2557 ```
2558 Value (string):
2559 ```
2560 <enabled/> or <disabled/>
2561 ```
2562 OMA-URI:
2563 ```
2564 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2565 ```
2566 Value (string):
2567 ```
2568 <enabled/>
2569 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2570 ```
2571 OMA-URI:
2572 ```
2573 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2574 ```
2575 Value (string):
2576 ```
2577 <enabled/> or <disabled/>
2578 ```
2579 #### macOS
2580 ```
2581 <dict>
2582 <key>EnableTrackingProtection</key>
2583 <dict>
2584 <key>Value</key>
2585 <true/> | <false/>
2586 <key>Locked</key>
2587 <true/> | <false/>
2588 <key>Cryptomining</key>
2589 <true/> | <false/>
2590 <key>Fingerprinting</key>
2591 <true/> | <false/>
2592 <key>Exceptions</key>
2593 <array>
2594 <string>https://example.com</string>
2595 </array>
2596 </dict>
2597 </dict>
2598 ```
2599 #### policies.json
2600 ```
2601 {
2602 "policies": {
2603 "EnableTrackingProtection": {
2604 "Value": true | false,
2605 "Locked": true | false,
2606 "Cryptomining": true | false,
2607 "Fingerprinting": true | false,
2608 "Exceptions": ["https://example.com"]
2609 }
2610 }
2611 }
2612 ```
2613 ### EncryptedMediaExtensions
2614 Enable or disable Encrypted Media Extensions and optionally lock it.
2615
2616 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2617
2618 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2619
2620 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2621 **CCK2 Equivalent:** N/A\
2622 **Preferences Affected:** `media.eme.enabled`
2623
2624 #### Windows (GPO)
2625 ```
2626 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2627 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2628 ```
2629 #### Windows (Intune)
2630 OMA-URI:
2631 ```
2632 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2633 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2634 ```
2635 Value (string):
2636 ```
2637 <enabled/>or <disabled/>
2638 ```
2639 #### macOS
2640 ```
2641 <dict>
2642 <key>EncryptedMediaExtensions</key>
2643 <dict>
2644 <key>Enabled</key>
2645 <true/> | <false/>
2646 <key>Locked</key>
2647 <true/> | <false/>
2648 </dict>
2649 </dict>
2650 ```
2651 #### policies.json
2652 ```
2653 {
2654 "policies": {
2655 "EncryptedMediaExtensions": {
2656 "Enabled": true | false,
2657 "Locked": true | false
2658 }
2659 }
2660 }
2661 ```
2662 ### EnterprisePoliciesEnabled
2663 Enable policy support on macOS.
2664
2665 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2666 **CCK2 Equivalent:** N/A\
2667 **Preferences Affected:** N/A
2668
2669 #### macOS
2670 ```
2671 <dict>
2672 <key>EnterprisePoliciesEnabled</key>
2673 <true/>
2674 </dict>
2675 ```
2676 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2677
2678 Disable warnings based on file extension for specific file types on domains.
2679
2680 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2681
2682 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2683
2684 **Compatibility:** Firefox 102\
2685 **CCK2 Equivalent:** N/A\
2686 **Preferences Affected:** N/A
2687
2688 #### Windows (GPO)
2689 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2690 ```
2691 [
2692 {
2693 "file_extension": "jnlp",
2694 "domains": ["example.com"]
2695 }
2696 ]
2697 ```
2698 #### Windows (Intune)
2699 OMA-URI:
2700 ```
2701 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2702 ```
2703 Value (string):
2704 ```
2705 <enabled/>
2706 <data id="JSON" value='
2707 [
2708 {
2709 "file_extension": "jnlp",
2710 "domains": ["example.com"]
2711 }
2712 ]
2713 '/>
2714 ```
2715 #### macOS
2716 ```
2717 <dict>
2718 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2719 <array>
2720 <dict>
2721 <key>file_extension</key>
2722 <string>jnlp</string>
2723 <key>domains</key>
2724 <array>
2725 <string>example.com</string>
2726 </array>
2727 </dict>
2728 </array>
2729 </dict>
2730 ```
2731 #### policies.json
2732 ```
2733 {
2734 "policies": {
2735 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2736 "file_extension": "jnlp",
2737 "domains": ["example.com"]
2738 }]
2739 }
2740 }
2741 ```
2742 ### Extensions
2743 Control the installation, uninstallation and locking of extensions.
2744
2745 We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2746
2747 This method will be deprecated in the near future.
2748
2749 `Install` is a list of URLs or native paths for extensions to be installed.
2750
2751 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2752
2753 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2754
2755 **Compatibility:** Firefox 60, Firefox ESR 60\
2756 **CCK2 Equivalent:** `addons`\
2757 **Preferences Affected:** N/A
2758
2759 #### Windows (GPO)
2760 ```
2761 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2762 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2763 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2764 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2765 ```
2766 #### Windows (Intune)
2767 OMA-URI:
2768 ```
2769 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2770 ```
2771 Value (string):
2772 ```
2773 <enabled/>
2774 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2775 ```
2776 OMA-URI:
2777 ```
2778 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2779 ```
2780 Value (string):
2781 ```
2782 <enabled/>
2783 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2784 ```
2785 OMA-URI:
2786 ```
2787 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2788 ```
2789 Value (string):
2790 ```
2791 <enabled/>
2792 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2793 ```
2794 #### macOS
2795 ```
2796 <dict>
2797 <key>Extensions</key>
2798 <dict>
2799 <key>Install</key>
2800 <array>
2801 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2802 <string>//path/to/xpi</string>
2803 </array>
2804 <key>Uninstall</key>
2805 <array>
2806 <string>bad_addon_id@mozilla.org</string>
2807 </array>
2808 <key>Locked</key>
2809 <array>
2810 <string>addon_id@mozilla.org</string>
2811 </array>
2812 </dict>
2813 </dict>
2814 ```
2815 #### policies.json
2816 ```
2817 {
2818 "policies": {
2819 "Extensions": {
2820 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2821 "Uninstall": ["bad_addon_id@mozilla.org"],
2822 "Locked": ["addon_id@mozilla.org"]
2823 }
2824 }
2825 }
2826 ```
2827 ### ExtensionSettings
2828 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2829
2830 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2831
2832 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2833
2834 The configuration for each extension is another dictionary that can contain the fields documented below.
2835
2836 | Name | Description |
2837 | --- | --- |
2838 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2839 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2840 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2841 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2842 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2843 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2844 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2845 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2846 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2847 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2848 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2849 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2850
2851 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2852 **CCK2 Equivalent:** N/A\
2853 **Preferences Affected:** N/A
2854
2855 #### Windows (GPO)
2856 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2857 ```
2858 {
2859 "*": {
2860 "blocked_install_message": "Custom error message.",
2861 "install_sources": ["https://yourwebsite.com/*"],
2862 "installation_mode": "blocked",
2863 "allowed_types": ["extension"]
2864 },
2865 "uBlock0@raymondhill.net": {
2866 "installation_mode": "force_installed",
2867 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2868 },
2869 "https-everywhere@eff.org": {
2870 "installation_mode": "allowed",
2871 "updates_disabled": false
2872 }
2873 }
2874 ```
2875 #### Windows (Intune)
2876 OMA-URI:
2877 ```
2878 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2879 ```
2880 Value (string):
2881 ```
2882 <enabled/>
2883 <data id="ExtensionSettings" value='
2884 {
2885 "*": {
2886 "blocked_install_message": "Custom error message.",
2887 "install_sources": ["https://yourwebsite.com/*"],
2888 "installation_mode": "blocked",
2889 "allowed_types": ["extension"]
2890 },
2891 "uBlock0@raymondhill.net": {
2892 "installation_mode": "force_installed",
2893 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2894 },
2895 "https-everywhere@eff.org": {
2896 "installation_mode": "allowed",
2897 "updates_disabled": false
2898 }
2899 }'/>
2900 ```
2901 #### macOS
2902 ```
2903 <dict>
2904 <key>ExtensionSettings</key>
2905 <dict>
2906 <key>*</key>
2907 <dict>
2908 <key>blocked_install_message</key>
2909 <string>Custom error message.</string>
2910 <key>install_sources</key>
2911 <array>
2912 <string>"https://yourwebsite.com/*"</string>
2913 </array>
2914 <key>installation_mode</key>
2915 <string>blocked</string>
2916 <key>allowed_types</key>
2917 <array>
2918 <string>extension</string>
2919 </array>
2920 </dict>
2921 <key>uBlock0@raymondhill.net</key>
2922 <dict>
2923 <key>installation_mode</key>
2924 <string>force_installed</string>
2925 <key>install_url</key>
2926 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2927 </dict>
2928 <key>https-everywhere@eff.org</key>
2929 <dict>
2930 <key>installation_mode</key>
2931 <string>allowed</string>
2932 <key>updates_disabled</key>
2933 <true/> | <false/>
2934 </dict>
2935 </dict>
2936 </dict>
2937 ```
2938 #### policies.json
2939 ```
2940 {
2941 "policies": {
2942 "ExtensionSettings": {
2943 "*": {
2944 "blocked_install_message": "Custom error message.",
2945 "install_sources": ["https://yourwebsite.com/*"],
2946 "installation_mode": "blocked",
2947 "allowed_types": ["extension"]
2948 },
2949 "uBlock0@raymondhill.net": {
2950 "installation_mode": "force_installed",
2951 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2952 },
2953 "https-everywhere@eff.org": {
2954 "installation_mode": "allowed",
2955 "updates_disabled": false
2956 }
2957 }
2958 }
2959 }
2960 ```
2961 ### ExtensionUpdate
2962 Control extension updates.
2963
2964 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2965 **CCK2 Equivalent:** N/A\
2966 **Preferences Affected:** `extensions.update.enabled`
2967
2968 #### Windows (GPO)
2969 ```
2970 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2971 ```
2972 #### Windows (Intune)
2973 OMA-URI:
2974 ```
2975 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2976 ```
2977 Value (string):
2978 ```
2979 <enabled/> or <disabled/>
2980 ```
2981 #### macOS
2982 ```
2983 <dict>
2984 <key>ExtensionUpdate</key>
2985 <true/> | <false/>
2986 </dict>
2987 ```
2988 #### policies.json
2989 ```
2990 {
2991 "policies": {
2992 "ExtensionUpdate": true | false
2993 }
2994 }
2995 ```
2996 ### FirefoxHome
2997 Customize the Firefox Home page.
2998
2999 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
3000 **CCK2 Equivalent:** N/A\
3001 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
3002
3003 #### Windows (GPO)
3004 ```
3005 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
3006 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
3007 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
3008 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
3009 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
3010 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
3011 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
3012 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
3013 ```
3014 #### Windows (Intune)
3015 OMA-URI:
3016 ```
3017 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
3018 ```
3019 Value (string):
3020 ```
3021 <enabled/>
3022 <data id="FirefoxHome_Search" value="true | false"/>
3023 <data id="FirefoxHome_TopSites" value="true | false"/>
3024 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3025 <data id="FirefoxHome_Highlights" value="true | false"/>
3026 <data id="FirefoxHome_Pocket" value="true | false"/>
3027 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3028 <data id="FirefoxHome_Snippets" value="true | false"/>
3029 <data id="FirefoxHome_Locked" value="true | false"/>
3030 ```
3031 #### macOS
3032 ```
3033 <dict>
3034 <key>FirefoxHome</key>
3035 <dict>
3036 <key>Search</key>
3037 <true/> | <false/>
3038 <key>TopSites</key>
3039 <true/> | <false/>
3040 <key>SponsoredTopSites</key>
3041 <true/> | <false/>
3042 <key>Highlights</key>
3043 <true/> | <false/>
3044 <key>Pocket</key>
3045 <true/> | <false/>
3046 <key>SponsoredPocket</key>
3047 <true/> | <false/>
3048 <key>Snippets</key>
3049 <true/> | <false/>
3050 <key>Locked</key>
3051 <true/> | <false/>
3052 </dict>
3053 </dict>
3054 ```
3055 #### policies.json
3056 ```
3057 {
3058 "policies": {
3059 "FirefoxHome": {
3060 "Search": true | false,
3061 "TopSites": true | false,
3062 "SponsoredTopSites": true | false,
3063 "Highlights": true | false,
3064 "Pocket": true | false,
3065 "SponsoredPocket": true | false,
3066 "Snippets": true | false,
3067 "Locked": true | false
3068 }
3069 }
3070 }
3071 ```
3072 ### FirefoxSuggest
3073 Customize Firefox Suggest (US only).
3074
3075 **Compatibility:** Firefox 118, Firefox ESR 115.3.
3076 **CCK2 Equivalent:** N/A\
3077 **Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
3078
3079 #### Windows (GPO)
3080 ```
3081 Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
3082 Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
3083 Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
3084 Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
3085 ```
3086 #### Windows (Intune)
3087 OMA-URI:
3088 ```
3089 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
3090 ```
3091 Value (string):
3092 ```
3093 <enabled/> or <disabled/>
3094 ```
3095 OMA-URI:
3096 ```
3097 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
3098 ```
3099 Value (string):
3100 ```
3101 <enabled/> or <disabled/>
3102 ```
3103 OMA-URI:
3104 ```
3105 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
3106 ```
3107 Value (string):
3108 ```
3109 <enabled/> or <disabled/>
3110 ```
3111 OMA-URI:
3112 ```
3113 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
3114 ```
3115 Value (string):
3116 ```
3117 <enabled/> or <disabled/>
3118 ```
3119 #### macOS
3120 ```
3121 <dict>
3122 <key>FirefoxSuggest</key>
3123 <dict>
3124 <key>WebSuggestions</key>
3125 <true/> | <false/>
3126 <key>SponsoredSuggestions</key>
3127 <true/> | <false/>
3128 <key>ImproveSuggest</key>
3129 <true/> | <false/>
3130 <key>Locked</key>
3131 <true/> | <false/>
3132 </dict>
3133 </dict>
3134 ```
3135 #### policies.json
3136 ```
3137 {
3138 "policies": {
3139 "FirefoxSuggest": {
3140 "WebSuggestions": true | false,
3141 "SponsoredSuggestions": true | false,
3142 "ImproveSuggest": true | false,
3143 "Locked": true | false
3144 }
3145 }
3146 }
3147 ```
3148 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3149 Whether to always go through the DNS server before sending a single word search string to a search engine.
3150
3151 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3152
3153 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3154
3155 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3156
3157 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3158
3159 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3160
3161 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3162 **CCK2 Equivalent:** `N/A`\
3163 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3164
3165 #### Windows (GPO)
3166 ```
3167 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3168 ```
3169 #### Windows (Intune)
3170 OMA-URI:
3171 ```
3172 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3173 ```
3174 Value (string):
3175 ```
3176 <enabled/> or <disabled/>
3177 ```
3178 #### macOS
3179 ```
3180 <dict>
3181 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3182 <true/> | <false/>
3183 </dict>
3184 ```
3185 #### policies.json
3186 ```
3187 {
3188 "policies": {
3189 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3190 }
3191 }
3192 ```
3193 ### Handlers
3194 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3195
3196 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3197
3198 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3199
3200 | Name | Description |
3201 | --- | --- |
3202 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3203 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3204 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3205 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3206 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3207 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3208
3209 **Compatibility:** Firefox 78, Firefox ESR 78\
3210 **CCK2 Equivalent:** N/A\
3211 **Preferences Affected:** N/A
3212
3213 #### Windows (GPO)
3214 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3215 ```
3216 {
3217 "mimeTypes": {
3218 "application/msword": {
3219 "action": "useSystemDefault",
3220 "ask": true | false
3221 }
3222 },
3223 "schemes": {
3224 "mailto": {
3225 "action": "useHelperApp",
3226 "ask": true | false,
3227 "handlers": [{
3228 "name": "Gmail",
3229 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3230 }]
3231 }
3232 },
3233 "extensions": {
3234 "pdf": {
3235 "action": "useHelperApp",
3236 "ask": true | false,
3237 "handlers": [{
3238 "name": "Adobe Acrobat",
3239 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3240 }]
3241 }
3242 }
3243 }
3244 ```
3245 #### Windows (Intune)
3246 OMA-URI:
3247 ```
3248 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3249 ```
3250 Value (string):
3251 ```
3252 <enabled/>
3253 <data id="Handlers" value='
3254 {
3255 "mimeTypes": {
3256 "application/msword": {
3257 "action": "useSystemDefault",
3258 "ask": true | false
3259 }
3260 },
3261 "schemes": {
3262 "mailto": {
3263 "action": "useHelperApp",
3264 "ask": true | false,
3265 "handlers": [{
3266 "name": "Gmail",
3267 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3268 }]
3269 }
3270 },
3271 "extensions": {
3272 "pdf": {
3273 "action": "useHelperApp",
3274 "ask": true | false,
3275 "handlers": [{
3276 "name": "Adobe Acrobat",
3277 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3278 }]
3279 }
3280 }
3281 }
3282 '/>
3283 ```
3284 #### macOS
3285 ```
3286 <dict>
3287 <key>Handlers</key>
3288 <dict>
3289 <key>mimeTypes</key>
3290 <dict>
3291 <key>application/msword</key>
3292 <dict>
3293 <key>action</key>
3294 <string>useSystemDefault</string>
3295 <key>ask</key>
3296 <true/> | <false/>
3297 </dict>
3298 </dict>
3299 <key>schemes</key>
3300 <dict>
3301 <key>mailto</key>
3302 <dict>
3303 <key>action</key>
3304 <string>useHelperApp</string>
3305 <key>ask</key>
3306 <true/> | <false/>
3307 <key>handlers</key>
3308 <array>
3309 <dict>
3310 <key>name</key>
3311 <string>Gmail</string>
3312 <key>uriTemplate</key>
3313 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3314 </dict>
3315 </array>
3316 </dict>
3317 </dict>
3318 <key>extensions</key>
3319 <dict>
3320 <key>pdf</key>
3321 <dict>
3322 <key>action</key>
3323 <string>useHelperApp</string>
3324 <key>ask</key>
3325 <true/> | <false/>
3326 <key>handlers</key>
3327 <array>
3328 <dict>
3329 <key>name</key>
3330 <string>Adobe Acrobat</string>
3331 <key>path</key>
3332 <string>/System/Applications/Preview.app</string>
3333 </dict>
3334 </array>
3335 </dict>
3336 </dict>
3337 </dict>
3338 </dict>
3339 ```
3340 #### policies.json
3341 ```
3342 {
3343 "policies": {
3344 "Handlers": {
3345 "mimeTypes": {
3346 "application/msword": {
3347 "action": "useSystemDefault",
3348 "ask": false
3349 }
3350 },
3351 "schemes": {
3352 "mailto": {
3353 "action": "useHelperApp",
3354 "ask": true | false,
3355 "handlers": [{
3356 "name": "Gmail",
3357 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3358 }]
3359 }
3360 },
3361 "extensions": {
3362 "pdf": {
3363 "action": "useHelperApp",
3364 "ask": true | false,
3365 "handlers": [{
3366 "name": "Adobe Acrobat",
3367 "path": "/usr/bin/acroread"
3368 }]
3369 }
3370 }
3371 }
3372 }
3373 }
3374 ```
3375 ### HardwareAcceleration
3376 Control hardware acceleration.
3377
3378 **Compatibility:** Firefox 60, Firefox ESR 60\
3379 **CCK2 Equivalent:** N/A\
3380 **Preferences Affected:** `layers.acceleration.disabled`
3381
3382 #### Windows (GPO)
3383 ```
3384 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3385 ```
3386 #### Windows (Intune)
3387 OMA-URI:
3388 ```
3389 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3390 ```
3391 Value (string):
3392 ```
3393 <enabled/> or <disabled/>
3394 ```
3395 #### macOS
3396 ```
3397 <dict>
3398 <key>HardwareAcceleration</key>
3399 <true/> | <false/>
3400 </dict>
3401 ```
3402 #### policies.json
3403 ```
3404 {
3405 "policies": {
3406 "HardwareAcceleration": true | false
3407 }
3408 }
3409 ```
3410 ### Homepage
3411 Configure the default homepage and how Firefox starts.
3412
3413 `URL` is the default homepage.
3414
3415 `Locked` prevents the user from changing homepage preferences.
3416
3417 `Additional` allows for more than one homepage.
3418
3419 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3420
3421 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3422
3423 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3424 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3425 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3426
3427 #### Windows (GPO)
3428 ```
3429 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3430 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3431 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3432 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3433 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3434 ```
3435 #### Windows (Intune)
3436 OMA-URI:
3437 ```
3438 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3439 ```
3440 Value (string):
3441 ```
3442 <enabled/>
3443
3444 <data id="HomepageURL" value="https://example.com"/>
3445 <data id="HomepageLocked" value="true | false"/>
3446 ```
3447 OMA-URI:
3448 ```
3449 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3450 ```
3451 Value (string):
3452 ```
3453 <enabled/>
3454
3455 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3456 ```
3457 OMA-URI:
3458 ```
3459 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3460 ```
3461 Value (string):
3462 ```
3463 <enabled/>
3464
3465 <data id="StartPage" value="none | homepage | previous-session"/>
3466 ```
3467 #### macOS
3468 ```
3469 <dict>
3470 <key>Homepage</key>
3471 <dict>
3472 <key>URL</key>
3473 <string>http://example.com</string>
3474 <key>Locked</key>
3475 <true/> | <false/>
3476 <key>Additional</key>
3477 <array>
3478 <string>http://example.org</string>
3479 <string>http://example.edu</string>
3480 </array>
3481 <key>StartPage</key>
3482 <string>none | homepage | previous-session | homepage-locked</string>
3483 </dict>
3484 </dict>
3485 ```
3486 #### policies.json
3487 ```
3488 {
3489 "policies": {
3490 "Homepage": {
3491 "URL": "http://example.com/",
3492 "Locked": true | false,
3493 "Additional": ["http://example.org/",
3494 "http://example.edu/"],
3495 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3496 }
3497 }
3498 }
3499 ```
3500 ### InstallAddonsPermission
3501 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3502
3503 `Allow` is a list of origins where extension installs are allowed.
3504
3505 `Default` determines whether or not extension installs are allowed by default.
3506
3507 **Compatibility:** Firefox 60, Firefox ESR 60\
3508 **CCK2 Equivalent:** `permissions.install`\
3509 **Preferences Affected:** `xpinstall.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
3510
3511 #### Windows (GPO)
3512 ```
3513 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3514 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3515 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3516 ```
3517 #### Windows (Intune)
3518 OMA-URI:
3519 ```
3520 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3521 ```
3522 Value (string):
3523 ```
3524 <enabled/>
3525 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3526 ```
3527 OMA-URI:
3528 ```
3529 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3530 ```
3531 Value (string):
3532 ```
3533 <enabled/>
3534 ```
3535 #### macOS
3536 ```
3537 <dict>
3538 <key>InstallAddonsPermission</key>
3539 <dict>
3540 <key>Allow</key>
3541 <array>
3542 <string>http://example.org</string>
3543 <string>http://example.edu</string>
3544 </array>
3545 <key>Default</key>
3546 <true/> | <false/>
3547 </dict>
3548 </dict>
3549 ```
3550 #### policies.json
3551 ```
3552 {
3553 "policies": {
3554 "InstallAddonsPermission": {
3555 "Allow": ["http://example.org/",
3556 "http://example.edu/"],
3557 "Default": true | false
3558 }
3559 }
3560 }
3561 ```
3562 ### LegacyProfiles
3563 Disable the feature enforcing a separate profile for each installation.
3564
3565 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3566
3567 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3568
3569 This policy only work on Windows via GPO (not policies.json).
3570
3571 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3572 **CCK2 Equivalent:** N/A\
3573 **Preferences Affected:** N/A
3574
3575 #### Windows (GPO)
3576 ```
3577 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3578 ```
3579 #### Windows (Intune)
3580 OMA-URI:
3581 ```
3582 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3583 ```
3584 Value (string):
3585 ```
3586 <enabled/> or <disabled/>
3587 ```
3588 ### LegacySameSiteCookieBehaviorEnabled
3589 Enable default legacy SameSite cookie behavior setting.
3590
3591 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3592
3593 **Compatibility:** Firefox 96\
3594 **CCK2 Equivalent:** N/A\
3595 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3596
3597 #### Windows (GPO)
3598 ```
3599 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3600 ```
3601 #### Windows (Intune)
3602 OMA-URI:
3603 ```
3604 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3605 ```
3606 Value (string):
3607 ```
3608 <enabled/> or <disabled/>
3609 ```
3610 #### macOS
3611 ```
3612 <dict>
3613 <key>LegacySameSiteCookieBehaviorEnabled</key>
3614 <true/> | <false/>
3615 </dict>
3616 ```
3617 #### policies.json
3618 ```
3619 {
3620 "policies": {
3621 "LegacySameSiteCookieBehaviorEnabled": true | false
3622 }
3623 ```
3624 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3625 Revert to legacy SameSite behavior for cookies on specified sites.
3626
3627 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3628
3629 **Compatibility:** Firefox 96\
3630 **CCK2 Equivalent:** N/A\
3631 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3632
3633 #### Windows (GPO)
3634 ```
3635 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3636 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3637 ```
3638 #### Windows (Intune)
3639 OMA-URI:
3640 ```
3641 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3642 ```
3643 Value (string):
3644 ```
3645 <enabled/>
3646 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3647 ```
3648 #### macOS
3649 ```
3650 <dict>
3651 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3652 <array>
3653 <string>example.org</string>
3654 <string>example.edu</string>
3655 </array>
3656 </dict>
3657 ```
3658 #### policies.json
3659 ```
3660 {
3661 "policies": {
3662 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3663 "example.edu"]
3664 }
3665 }
3666 ```
3667 ### LocalFileLinks
3668 Enable linking to local files by origin.
3669
3670 **Compatibility:** Firefox 68, Firefox ESR 68\
3671 **CCK2 Equivalent:** N/A\
3672 **Preferences Affected:** `capability.policy.localfilelinks.*`
3673
3674 #### Windows (GPO)
3675 ```
3676 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3677 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3678 ```
3679 #### Windows (Intune)
3680 OMA-URI:
3681 ```
3682 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3683 ```
3684 Value (string):
3685 ```
3686 <enabled/>
3687 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3688 ```
3689 #### macOS
3690 ```
3691 <dict>
3692 <key>LocalFileLinks</key>
3693 <array>
3694 <string>http://example.org</string>
3695 <string>http://example.edu</string>
3696 </array>
3697 </dict>
3698 ```
3699 #### policies.json
3700 ```
3701 {
3702 "policies": {
3703 "LocalFileLinks": ["http://example.org/",
3704 "http://example.edu/"]
3705 }
3706 }
3707 ```
3708 ### ManagedBookmarks
3709 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3710
3711 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3712
3713 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3714 ```
3715 {
3716 "items": {
3717 "id": "BookmarkType",
3718 "properties": {
3719 "children": {
3720 "items": {
3721 "$ref": "BookmarkType"
3722 },
3723 "type": "array"
3724 },
3725 "name": {
3726 "type": "string"
3727 },
3728 "toplevel_name": {
3729 "type": "string"
3730 },
3731 "url": {
3732 "type": "string"
3733 }
3734 },
3735 "type": "object"
3736 },
3737 "type": "array"
3738 }
3739 ```
3740 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3741 **CCK2 Equivalent:** N/A\
3742 **Preferences Affected:** N/A
3743
3744 #### Windows (GPO)
3745 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3746 ```
3747 [
3748 {
3749 "toplevel_name": "My managed bookmarks folder"
3750 },
3751 {
3752 "url": "example.com",
3753 "name": "Example"
3754 },
3755 {
3756 "name": "Mozilla links",
3757 "children": [
3758 {
3759 "url": "https://mozilla.org",
3760 "name": "Mozilla.org"
3761 },
3762 {
3763 "url": "https://support.mozilla.org/",
3764 "name": "SUMO"
3765 }
3766 ]
3767 }
3768 ]
3769 ```
3770 #### Windows (Intune)
3771 OMA-URI:
3772 ```
3773 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3774 ```
3775 Value (string):
3776 ```
3777 <enabled/>
3778 <data id="JSON" value='
3779 [
3780 {
3781 "toplevel_name": "My managed bookmarks folder"
3782 },
3783 {
3784 "url": "example.com",
3785 "name": "Example"
3786 },
3787 {
3788 "name": "Mozilla links",
3789 "children": [
3790 {
3791 "url": "https://mozilla.org",
3792 "name": "Mozilla.org"
3793 },
3794 {
3795 "url": "https://support.mozilla.org/",
3796 "name": "SUMO"
3797 }
3798 ]
3799 }
3800 ]'/>
3801 ```
3802 #### macOS
3803 ```
3804 <dict>
3805 <key>ManagedBookmarks</key>
3806 <array>
3807 <dict>
3808 <key>toplevel_name</key>
3809 <string>My managed bookmarks folder</string>
3810 <dict>
3811 <key>url</key>
3812 <string>example.com</string>
3813 <key>name</key>
3814 <string>Example</string>
3815 </dict>
3816 <dict>
3817 <key>name</key>
3818 <string>Mozilla links</string>
3819 <key>children</key>
3820 <array>
3821 <dict>
3822 <key>url</key>
3823 <string>https://mozilla.org</string>
3824 <key>name</key>
3825 <string>Mozilla</string>
3826 </dict>
3827 <dict>
3828 <key>url</key>
3829 <string>https://support.mozilla.org/</string>
3830 <key>name</key>
3831 <string>SUMO</string>
3832 </dict>
3833 </array>
3834 </dict>
3835 </array>
3836 </dict>
3837 ```
3838 #### policies.json
3839 ```
3840 {
3841 "policies": {
3842 "ManagedBookmarks": [
3843 {
3844 "toplevel_name": "My managed bookmarks folder"
3845 },
3846 {
3847 "url": "example.com",
3848 "name": "Example"
3849 },
3850 {
3851 "name": "Mozilla links",
3852 "children": [
3853 {
3854 "url": "https://mozilla.org",
3855 "name": "Mozilla.org"
3856 },
3857 {
3858 "url": "https://support.mozilla.org/",
3859 "name": "SUMO"
3860 }
3861 ]
3862 }
3863 ]
3864 }
3865 }
3866 ```
3867 ### ManualAppUpdateOnly
3868
3869 Switch to manual updates only.
3870
3871 If this policy is enabled:
3872 1. The user will never be prompted to install updates
3873 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3874 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3875
3876 This policy is primarily intended for advanced end users, not for enterprises, but it is available via GPO.
3877
3878 **Compatibility:** Firefox 87\
3879 **CCK2 Equivalent:** N/A\
3880 **Preferences Affected:** N/A
3881
3882 #### Windows (GPO)
3883 ```
3884 Software\Policies\Mozilla\Firefox\ManualAppUpdateOnly = 0x1 | 0x0
3885 ```
3886 #### Windows (Intune)
3887 OMA-URI:
3888 ```
3889 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManualAppUpdateOnly
3890 ```
3891 Value (string):
3892 ```
3893 <enabled/> or <disabled/>
3894 ```
3895 #### macOS
3896 ```
3897 <dict>
3898 <key>ManualAppUpdateOnly</key>
3899 <true/> | <false/>
3900 </dict>
3901 ```
3902 #### policies.json
3903 ```
3904 {
3905 "policies": {
3906 "ManualAppUpdateOnly": true | false
3907 }
3908 }
3909 ```
3910 ### NetworkPrediction
3911 Enable or disable network prediction (DNS prefetching).
3912
3913 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3914 **CCK2 Equivalent:** N/A\
3915 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3916
3917 #### Windows (GPO)
3918 ```
3919 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3920 ```
3921 #### Windows (Intune)
3922 OMA-URI:
3923 ```
3924 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3925 ```
3926 Value (string):
3927 ```
3928 <enabled/> or <disabled/>
3929 ```
3930 #### macOS
3931 ```
3932 <dict>
3933 <key>NetworkPrediction</key>
3934 <true/> | <false/>
3935 </dict>
3936 ```
3937 #### policies.json
3938 ```
3939 {
3940 "policies": {
3941 "NetworkPrediction": true | false
3942 }
3943 ```
3944 ### NewTabPage
3945 Enable or disable the New Tab page.
3946
3947 **Compatibility:** Firefox 68, Firefox ESR 68\
3948 **CCK2 Equivalent:** N/A\
3949 **Preferences Affected:** `browser.newtabpage.enabled`
3950
3951 #### Windows (GPO)
3952 ```
3953 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3954 ```
3955 #### Windows (Intune)
3956 OMA-URI:
3957 ```
3958 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3959 ```
3960 Value (string):
3961 ```
3962 <enabled/> or <disabled/>
3963 ```
3964 #### macOS
3965 ```
3966 <dict>
3967 <key>NewTabPage</key>
3968 <true/> | <false/>
3969 </dict>
3970 ```
3971 #### policies.json
3972 ```
3973 {
3974 "policies": {
3975 "NewTabPage": true | false
3976 }
3977 ```
3978 ### NoDefaultBookmarks
3979 Disable the creation of default bookmarks.
3980
3981 This policy is only effective if the user profile has not been created yet.
3982
3983 **Compatibility:** Firefox 60, Firefox ESR 60\
3984 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3985 **Preferences Affected:** N/A
3986
3987 #### Windows (GPO)
3988 ```
3989 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3990 ```
3991 #### Windows (Intune)
3992 OMA-URI:
3993 ```
3994 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3995 ```
3996 Value (string):
3997 ```
3998 <enabled/> or <disabled/>
3999 ```
4000 #### macOS
4001 ```
4002 <dict>
4003 <key>NoDefaultBookmarks</key>
4004 <true/> | <false/>
4005 </dict>
4006 ```
4007 #### policies.json
4008 ```
4009 {
4010 "policies": {
4011 "NoDefaultBookmarks": true | false
4012 }
4013 }
4014 ```
4015 ### OfferToSaveLogins
4016 Control whether or not Firefox offers to save passwords.
4017
4018 **Compatibility:** Firefox 60, Firefox ESR 60\
4019 **CCK2 Equivalent:** `dontRememberPasswords`\
4020 **Preferences Affected:** `signon.rememberSignons`
4021
4022 #### Windows (GPO)
4023 ```
4024 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
4025 ```
4026 #### Windows (Intune)
4027 OMA-URI:
4028 ```
4029 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
4030 ```
4031 Value (string):
4032 ```
4033 <enabled/> or <disabled/>
4034 ```
4035 #### macOS
4036 ```
4037 <dict>
4038 <key>OfferToSaveLogins</key>
4039 <true/> | <false/>
4040 </dict>
4041 ```
4042 #### policies.json
4043 ```
4044 {
4045 "policies": {
4046 "OfferToSaveLogins": true | false
4047 }
4048 }
4049 ```
4050 ### OfferToSaveLoginsDefault
4051 Sets the default value of signon.rememberSignons without locking it.
4052
4053 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4054 **CCK2 Equivalent:** `dontRememberPasswords`\
4055 **Preferences Affected:** `signon.rememberSignons`
4056
4057 #### Windows (GPO)
4058 ```
4059 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4060 ```
4061 #### Windows (Intune)
4062 OMA-URI:
4063 ```
4064 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4065 ```
4066 Value (string):
4067 ```
4068 <enabled/> or <disabled/>
4069 ```
4070 #### macOS
4071 ```
4072 <dict>
4073 <key>OfferToSaveLoginsDefault</key>
4074 <true/> | <false/>
4075 </dict>
4076 ```
4077 #### policies.json
4078 ```
4079 {
4080 "policies": {
4081 "OfferToSaveLoginsDefault": true | false
4082 }
4083 }
4084 ```
4085 ### OverrideFirstRunPage
4086 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4087
4088 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4089
4090 **Compatibility:** Firefox 60, Firefox ESR 60\
4091 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4092 **Preferences Affected:** `startup.homepage_welcome_url`
4093
4094 #### Windows (GPO)
4095 ```
4096 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4097 ```
4098 #### Windows (Intune)
4099 OMA-URI:
4100 ```
4101 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4102 ```
4103 Value (string):
4104 ```
4105 <enabled/>
4106 <data id="OverridePage" value="https://example.com"/>
4107 ```
4108 #### macOS
4109 ```
4110 <dict>
4111 <key>OverrideFirstRunPage</key>
4112 <string>http://example.org</string>
4113 </dict>
4114 ```
4115 #### policies.json
4116 ```
4117 {
4118 "policies": {
4119 "OverrideFirstRunPage": "http://example.org"
4120 }
4121 }
4122 ```
4123 ### OverridePostUpdatePage
4124 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4125
4126 **Compatibility:** Firefox 60, Firefox ESR 60\
4127 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4128 **Preferences Affected:** `startup.homepage_override_url`
4129
4130 #### Windows (GPO)
4131 ```
4132 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4133 ```
4134 #### Windows (Intune)
4135 OMA-URI:
4136 ```
4137 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4138 ```
4139 Value (string):
4140 ```
4141 <enabled/>
4142 <data id="OverridePage" value="https://example.com"/>
4143 ```
4144 #### macOS
4145 ```
4146 <dict>
4147 <key>OverridePostUpdatePage</key>
4148 <string>http://example.org</string>
4149 </dict>
4150 ```
4151 #### policies.json
4152 ```
4153 {
4154 "policies": {
4155 "OverridePostUpdatePage": "http://example.org"
4156 }
4157 }
4158 ```
4159 ### PasswordManagerEnabled
4160 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4161
4162 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4163 **CCK2 Equivalent:** N/A\
4164 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4165
4166 #### Windows (GPO)
4167 ```
4168 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4169 ```
4170 #### Windows (Intune)
4171 OMA-URI:
4172 ```
4173 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4174 ```
4175 Value (string):
4176 ```
4177 <enabled/> or <disabled/>
4178 ```
4179 #### macOS
4180 ```
4181 <dict>
4182 <key>PasswordManagerEnabled</key>
4183 <true/> | <false/>
4184 </dict>
4185 ```
4186 #### policies.json
4187 ```
4188 {
4189 "policies": {
4190 "PasswordManagerEnabled": true | false
4191 }
4192 }
4193 ```
4194 ### PasswordManagerExceptions
4195 Prevent Firefox from saving passwords for specific sites.
4196
4197 The sites are specified as a list of origins.
4198
4199 **Compatibility:** Firefox 101\
4200 **CCK2 Equivalent:** N/A\
4201 **Preferences Affected:** N/A
4202
4203 #### Windows (GPO)
4204 ```
4205 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4206 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4207 ```
4208 #### Windows (Intune)
4209 OMA-URI:
4210 ```
4211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4212 ```
4213 Value (string):
4214 ```
4215 <enabled/>
4216 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4217 ```
4218 #### macOS
4219 ```
4220 <dict>
4221 <key>PasswordManagerExceptions</key>
4222 <array>
4223 <string>https://example.org</string>
4224 <string>https://example.edu</string>
4225 </array>
4226 </dict>
4227 ```
4228 #### policies.json
4229 ```
4230 {
4231 "policies": {
4232 "PasswordManagerExceptions": ["https://example.org",
4233 "https://example.edu"]
4234 }
4235 }
4236 ```
4237
4238 ### PDFjs
4239 Disable or configure PDF.js, the built-in PDF viewer.
4240
4241 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4242
4243 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4244
4245 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4246
4247 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4248 **CCK2 Equivalent:** N/A\
4249 **Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
4250
4251 #### Windows (GPO)
4252 ```
4253 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4254 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4255 ```
4256 #### Windows (Intune)
4257 OMA-URI:
4258 ```
4259 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4260 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4261 ```
4262 Value (string):
4263 ```
4264 <enabled/>or <disabled/>
4265 ```
4266 #### macOS
4267 ```
4268 <dict>
4269 <key>PDFjs</key>
4270 <dict>
4271 <key>Enabled</key>
4272 <true/> | <false/>
4273 <key>EnablePermissions</key>
4274 <true/> | <false/>
4275 </dict>
4276 </dict>
4277 ```
4278 #### policies.json
4279 ```
4280 {
4281 "policies": {
4282 "PDFjs": {
4283 "Enabled": true | false,
4284 "EnablePermissions": true | false
4285 }
4286 }
4287 }
4288 ```
4289 ### Permissions
4290 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4291
4292 `Allow` is a list of origins where the feature is allowed.
4293
4294 `Block` is a list of origins where the feature is not allowed.
4295
4296 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4297
4298 `Locked` prevents the user from changing preferences for the feature.
4299
4300 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4301
4302 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4303 **CCK2 Equivalent:** N/A\
4304 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4305
4306 #### Windows (GPO)
4307 ```
4308 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4309 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4310 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4311 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4312 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4313 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4314 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4315 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4316 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4317 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4318 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4319 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4320 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4321 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4322 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4323 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4324 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4325 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4326 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4327 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4328 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4329 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4330 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4331 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4332 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4333 ```
4334 #### Windows (Intune)
4335 OMA-URI:
4336 ```
4337 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4338 ```
4339 Value (string):
4340 ```
4341 <enabled/> or <disabled/>
4342 ```
4343 OMA-URI:
4344 ```
4345 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4346 ```
4347 Value (string):
4348 ```
4349 <enabled/> or <disabled/>
4350 ```
4351 OMA-URI:
4352 ```
4353 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4354 ```
4355 Value (string):
4356 ```
4357 <enabled/>
4358 <data id="Permissions" value="1&#xF000;https://example.org"/>
4359 ```
4360 OMA-URI:
4361 ```
4362 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4363 ```
4364 Value (string):
4365 ```
4366 <enabled/> or <disabled/>
4367 ```
4368 OMA-URI:
4369 ```
4370 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4371 ```
4372 Value (string):
4373 ```
4374 <enabled/> or <disabled/>
4375 ```
4376 OMA-URI:
4377 ```
4378 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4379 ```
4380 Value (string):
4381 ```
4382 <enabled/>
4383 <data id="Permissions" value="1&#xF000;https://example.org"/>
4384 ```
4385 OMA-URI:
4386 ```
4387 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4388 ```
4389 Value (string):
4390 ```
4391 <enabled/>
4392 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4393 ```
4394 OMA-URI:
4395 ```
4396 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4397 ```
4398 Value (string):
4399 ```
4400 <enabled/>
4401 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4402 ```
4403 OMA-URI:
4404 ```
4405 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4406 ```
4407 Value (string):
4408 ```
4409 <enabled/> or <disabled/>
4410 ```
4411 OMA-URI:
4412 ```
4413 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4414 ```
4415 Value (string):
4416 ```
4417 <enabled/>
4418 <data id="Permissions" value="1&#xF000;https://example.org"/>
4419 ```
4420 OMA-URI:
4421 ```
4422 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4423 ```
4424 Value (string):
4425 ```
4426 <enabled/>
4427 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4428 ```
4429 OMA-URI:
4430 ```
4431 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4432 ```
4433 Value (string):
4434 ```
4435 <enabled/> or <disabled/>
4436 ```
4437 OMA-URI:
4438 ```
4439 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4440 ```
4441 Value (string):
4442 ```
4443 <enabled/> or <disabled/>
4444 ```
4445 #### macOS
4446 ```
4447 <dict>
4448 <key>Permissions</key>
4449 <dict>
4450 <key>Camera</key>
4451 <dict>
4452 <key>Allow</key>
4453 <array>
4454 <string>https://example.org</string>
4455 <string>https://example.org:1234</string>
4456 </array>
4457 <key>Block</key>
4458 <array>
4459 <string>https://example.edu</string>
4460 </array>
4461 <key>BlockNewRequests</key>
4462 <true/> | <false/>
4463 <key>Locked</key>
4464 <true/> | <false/>
4465 </dict>
4466 <key>Microphone</key>
4467 <dict>
4468 <key>Allow</key>
4469 <array>
4470 <string>https://example.org</string>
4471 </array>
4472 <key>Block</key>
4473 <array>
4474 <string>https://example.edu</string>
4475 </array>
4476 <key>BlockNewRequests</key>
4477 <true/> | <false/>
4478 <key>Locked</key>
4479 <true/> | <false/>
4480 </dict>
4481 <key>Location</key>
4482 <dict>
4483 <key>Allow</key>
4484 <array>
4485 <string>https://example.org</string>
4486 </array>
4487 <key>Block</key>
4488 <array>
4489 <string>https://example.edu</string>
4490 </array>
4491 <key>BlockNewRequests</key>
4492 <true/> | <false/>
4493 <key>Locked</key>
4494 <true/> | <false/>
4495 </dict>
4496 <key>Notifications</key>
4497 <dict>
4498 <key>Allow</key>
4499 <array>
4500 <string>https://example.org</string>
4501 </array>
4502 <key>Block</key>
4503 <array>
4504 <string>https://example.edu</string>
4505 </array>
4506 <key>BlockNewRequests</key>
4507 <true/>
4508 <key>Locked</key>
4509 <true/>
4510 </dict>
4511 <key>Autoplay</key>
4512 <dict>
4513 <key>Allow</key>
4514 <array>
4515 <string>https://example.org</string>
4516 </array>
4517 <key>Block</key>
4518 <array>
4519 <string>https://example.edu</string>
4520 </array>
4521 <key>Default</key>
4522 <string>allow-audio-video | block-audio | block-audio-video</string>
4523 <key>Locked</key>
4524 <true/> | <false/>
4525 </dict>
4526 </dict>
4527 </dict>
4528 ```
4529 #### policies.json
4530 ```
4531 {
4532 "policies": {
4533 "Permissions": {
4534 "Camera": {
4535 "Allow": ["https://example.org","https://example.org:1234"],
4536 "Block": ["https://example.edu"],
4537 "BlockNewRequests": true | false,
4538 "Locked": true | false
4539 },
4540 "Microphone": {
4541 "Allow": ["https://example.org"],
4542 "Block": ["https://example.edu"],
4543 "BlockNewRequests": true | false,
4544 "Locked": true | false
4545 },
4546 "Location": {
4547 "Allow": ["https://example.org"],
4548 "Block": ["https://example.edu"],
4549 "BlockNewRequests": true | false,
4550 "Locked": true | false
4551 },
4552 "Notifications": {
4553 "Allow": ["https://example.org"],
4554 "Block": ["https://example.edu"],
4555 "BlockNewRequests": true | false,
4556 "Locked": true | false
4557 },
4558 "Autoplay": {
4559 "Allow": ["https://example.org"],
4560 "Block": ["https://example.edu"],
4561 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4562 "Locked": true | false
4563 }
4564 }
4565 }
4566 }
4567 ```
4568 ### PictureInPicture
4569
4570 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4571
4572 **Compatibility:** Firefox 78, Firefox ESR 78\
4573 **CCK2 Equivalent:** N/A\
4574 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4575
4576 #### Windows (GPO)
4577 ```
4578 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4579 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4580
4581 ```
4582 #### Windows (Intune)
4583 OMA-URI:
4584 ```
4585 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4586 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4587 ```
4588 Value (string):
4589 ```
4590 <enabled/> or <disabled/>
4591 ```
4592 #### macOS
4593 ```
4594 <dict>
4595 <key>PictureInPicture</key>
4596 <dict>
4597 <key>Enabled</key>
4598 <true/> | <false/>
4599 <key>Locked</key>
4600 <true/> | <false/>
4601 </dict>
4602 </dict>
4603 ```
4604 #### policies.json
4605 ```
4606 {
4607 "policies": {
4608 "PictureInPicture": {
4609 "Enabled": true | false,
4610 "Locked": true | false
4611 }
4612 }
4613 }
4614 ```
4615 ### PopupBlocking
4616 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4617
4618 `Allow` is a list of origins where popup-windows are allowed.
4619
4620 `Default` determines whether or not pop-up windows are allowed by default.
4621
4622 `Locked` prevents the user from changing pop-up preferences.
4623
4624 **Compatibility:** Firefox 60, Firefox ESR 60\
4625 **CCK2 Equivalent:** `permissions.popup`\
4626 **Preferences Affected:** `dom.disable_open_during_load`
4627
4628 #### Windows (GPO)
4629 ```
4630 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4631 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4632 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4633 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4634 ```
4635 #### Windows (Intune)
4636 OMA-URI:
4637 ```
4638 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4639 ```
4640 Value (string):
4641 ```
4642 <enabled/>
4643 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4644 ```
4645 OMA-URI:
4646 ```
4647 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4648 ```
4649 Value (string):
4650 ```
4651 <enabled/> or <disabled/>
4652 ```
4653 OMA-URI:
4654 ```
4655 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4656 ```
4657 Value (string):
4658 ```
4659 <enabled/> or <disabled/>
4660 ```
4661 #### macOS
4662 ```
4663 <dict>
4664 <key>PopupBlocking</key>
4665 <dict>
4666 <key>Allow</key>
4667 <array>
4668 <string>http://example.org</string>
4669 <string>http://example.edu</string>
4670 </array>
4671 <key>Default</key>
4672 <true/> | <false/>
4673 <key>Locked</key>
4674 <true/> | <false/>
4675 </dict>
4676 </dict>
4677 ```
4678 #### policies.json
4679 ```
4680 {
4681 "policies": {
4682 "PopupBlocking": {
4683 "Allow": ["http://example.org/",
4684 "http://example.edu/"],
4685 "Default": true | false,
4686 "Locked": true | false
4687 }
4688 }
4689 }
4690 ```
4691 ### Preferences
4692 Set and lock preferences.
4693
4694 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4695
4696 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4697
4698 Preferences that start with the following prefixes are supported:
4699 ```
4700 accessibility.
4701 alerts.* (Firefox 122, Firefox ESR 115.7)
4702 app.update.* (Firefox 86, Firefox ESR 78.8)
4703 browser.
4704 datareporting.policy.
4705 dom.
4706 extensions.
4707 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4708 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4709 geo.
4710 gfx.
4711 intl.
4712 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4713 layers.
4714 layout.
4715 media.
4716 network.
4717 pdfjs. (Firefox 84, Firefox ESR 78.6)
4718 places.
4719 pref.
4720 print.
4721 privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11)
4722 privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11)
4723 signon. (Firefox 83, Firefox ESR 78.5)
4724 spellchecker. (Firefox 84, Firefox ESR 78.6)
4725 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4726 ui.
4727 widget.
4728 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4729 xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
4730 ```
4731 as well as the following security preferences:
4732
4733 | Preference | Type | Default
4734 | --- | --- | --- |
4735 | security.default_personal_cert | string | Ask Every Time
4736 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4737 | security.disable_button.openCertManager | string | N/A
4738 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4739 | security.disable_button.openDeviceManager | string | N/A
4740 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4741 | security.insecure_connection_text.enabled | bool | false
4742 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4743 | security.insecure_connection_text.pbmode.enabled | bool | false
4744 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4745 | security.mixed_content.block_active_content | boolean | true
4746 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4747 | security.osclientcerts.autoload | boolean | false
4748 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4749 | security.OCSP.enabled | integer | 1
4750 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4751 | security.OCSP.require | boolean | false
4752 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4753 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4754 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4755 | security.ssl.enable_ocsp_stapling | boolean | true
4756 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4757 | security.ssl.errorReporting.enabled | boolean | true
4758 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4759 | security.ssl.require_safe_negotiation | boolean | false
4760 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4761 | security.tls.enable_0rtt_data | boolean | true
4762 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4763 | security.tls.hello_downgrade_check | boolean | true
4764 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4765 | security.tls.version.enable-deprecated | boolean | false
4766 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4767 | security.warn_submit_secure_to_insecure | boolean | true
4768 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4769
4770 Using the preference as the key, set the `Value` to the corresponding preference value.
4771
4772 `Status` can be "default", "locked", "user" or "clear"
4773
4774 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4775 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4776 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4777 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4778
4779 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4780
4781 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4782
4783 You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.
4784
4785 See the examples below for more detail.
4786
4787 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4788
4789 Status
4790 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4791 **CCK2 Equivalent:** `preferences`\
4792 **Preferences Affected:** Many
4793
4794 #### Windows (GPO)
4795 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4796 ```
4797 {
4798 "accessibility.force_disabled": {
4799 "Value": 1,
4800 "Status": "default",
4801 "Type": "number"
4802
4803 },
4804 "browser.cache.disk.parent_directory": {
4805 "Value": "SOME_NATIVE_PATH",
4806 "Status": "user"
4807 },
4808 "browser.tabs.warnOnClose": {
4809 "Value": false,
4810 "Status": "locked"
4811 }
4812 }
4813 ```
4814 #### Windows (Intune)
4815 OMA-URI:
4816 ```
4817 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4818 ```
4819 Value (string):
4820 ```
4821 <enabled/>
4822 <data id="JSON" value='
4823 {
4824 "accessibility.force_disabled": {
4825 "Value": 1,
4826 "Status": "default",
4827 "Type": "number"
4828 },
4829 "browser.cache.disk.parent_directory": {
4830 "Value": "SOME_NATIVE_PATH",
4831 "Status": "user"
4832 },
4833 "browser.tabs.warnOnClose": {
4834 "Value": false,
4835 "Status": "locked"
4836 }
4837 }'/>
4838 ```
4839 #### macOS
4840 ```
4841 <dict>
4842 <key>Preferences</key>
4843 <dict>
4844 <key>accessibility.force_disabled</key>
4845 <dict>
4846 <key>Value</key>
4847 <integer>1</integer>
4848 <key>Status</key>
4849 <string>default</string>
4850 <key>Type</key>
4851 <string>number</string>
4852 </dict>
4853 <key>browser.cache.disk.parent_directory</key>
4854 <dict>
4855 <key>Value</key>
4856 <string>SOME_NATIVE_PATH</string>
4857 <key>Status</key>
4858 <string>user</string>
4859 </dict>
4860 <key>browser.tabs.warnOnClose</key>
4861 <dict>
4862 <key>Value</key>
4863 <false/>
4864 <key>Status</key>
4865 <string>locked</string>
4866 </dict>
4867 </dict>
4868 </dict>
4869 ```
4870 #### policies.json
4871 ```
4872 {
4873 "policies": {
4874 "Preferences": {
4875 "accessibility.force_disabled": {
4876 "Value": 1,
4877 "Status": "default"
4878 "Type": "number"
4879 },
4880 "browser.cache.disk.parent_directory": {
4881 "Value": "SOME_NATIVE_PATH",
4882 "Status": "user"
4883 },
4884 "browser.tabs.warnOnClose": {
4885 "Value": false,
4886 "Status": "locked"
4887 }
4888 }
4889 }
4890 }
4891 ```
4892 ### PrimaryPassword
4893 Require or prevent using a primary (formerly master) password.
4894
4895 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4896
4897 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4898
4899 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4900 **CCK2 Equivalent:** `noMasterPassword`\
4901 **Preferences Affected:** N/A
4902
4903 #### Windows (GPO)
4904 ```
4905 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4906 ```
4907 #### Windows (Intune)
4908 OMA-URI:
4909 ```
4910 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4911 ```
4912 Value (string):
4913 ```
4914 <enabled/> or <disabled/>
4915 ```
4916 #### macOS
4917 ```
4918 <dict>
4919 <key>PrimaryPassword</key>
4920 <true/> | <false/>
4921 </dict>
4922 ```
4923 #### policies.json
4924 ```
4925 {
4926 "policies": {
4927 "PrimaryPassword": true | false
4928 }
4929 }
4930 ```
4931 ### PrintingEnabled
4932 Enable or disable printing.
4933
4934 **Compatibility:** Firefox 120, Firefox ESR 115.5\
4935 **CCK2 Equivalent:** N/A\
4936 **Preferences Affected:** `print.enabled`
4937
4938 #### Windows (GPO)
4939 ```
4940 Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
4941 ```
4942 #### Windows (Intune)
4943 OMA-URI:
4944 ```
4945 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
4946 ```
4947 Value (string):
4948 ```
4949 <enabled/> or <disabled/>
4950 ```
4951 #### macOS
4952 ```
4953 <dict>
4954 <key>PrintingEnabled</key>
4955 <true/> | <false/>
4956 </dict>
4957 ```
4958 #### policies.json
4959 ```
4960 {
4961 "policies": {
4962 "PrintingEnabled": true | false
4963 }
4964 }
4965 ```
4966 ### PromptForDownloadLocation
4967 Ask where to save each file before downloading.
4968
4969 **Compatibility:** Firefox 68, Firefox ESR 68\
4970 **CCK2 Equivalent:** N/A\
4971 **Preferences Affected:** `browser.download.useDownloadDir`
4972
4973 #### Windows (GPO)
4974 ```
4975 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4976 ```
4977 #### Windows (Intune)
4978 OMA-URI:
4979 ```
4980 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4981 ```
4982 Value (string):
4983 ```
4984 <enabled/> or <disabled/>
4985 ```
4986 #### macOS
4987 ```
4988 <dict>
4989 <key>PromptForDownloadLocation</key>
4990 <true/> | <false/>
4991 </dict>
4992 ```
4993 #### policies.json
4994 ```
4995 {
4996 "policies": {
4997 "PromptForDownloadLocation": true | false
4998 }
4999 }
5000 ```
5001 ### Proxy
5002 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5003 To specify ports, append them to the hostnames with a colon (:).
5004
5005 Unless you lock this policy, changes the user already has in place will take effect.
5006
5007 `Mode` is the proxy method being used.
5008
5009 `Locked` is whether or not proxy settings can be changed.
5010
5011 `HTTPProxy` is the HTTP proxy server.
5012
5013 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5014
5015 `SSLProxy` is the SSL proxy server.
5016
5017 `FTPProxy` is the FTP proxy server.
5018
5019 `SOCKSProxy` is the SOCKS proxy server
5020
5021 `SOCKSVersion` is the SOCKS version (4 or 5)
5022
5023 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5024
5025 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5026
5027 `AutoLogin` means do not prompt for authentication if password is saved.
5028
5029 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5030
5031 **Compatibility:** Firefox 60, Firefox ESR 60\
5032 **CCK2 Equivalent:** `networkProxy*`\
5033 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5034
5035 #### Windows (GPO)
5036 ```
5037 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5038 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5039 Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
5040 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5041 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5042 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5043 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5044 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5045 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5046 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5047 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5048 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5049 ```
5050 #### Windows (Intune)
5051 **Note**
5052 These setttings were moved to a category to make them easier to configure via Intune.
5053
5054 OMA-URI:
5055 ```
5056 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5057 ```
5058 Value (string):
5059 ```
5060 <enabled/> or <disabled/>
5061 ```
5062 OMA-URI:
5063 ```
5064 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5065 ```
5066 Value (string):
5067 ```
5068 <enabled/>
5069 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5070 ```
5071 OMA-URI:
5072 ```
5073 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5074 ```
5075 Value (string):
5076 ```
5077 <enabled/>
5078 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5079 ```
5080 OMA-URI:
5081 ```
5082 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5083 ```
5084 Value (string):
5085 ```
5086 <enabled/> or <disabled/>
5087 ```
5088 OMA-URI:
5089 ```
5090 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5091 ```
5092 Value (string):
5093 ```
5094 <enabled/>
5095 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5096 ```
5097 OMA-URI:
5098 ```
5099 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5100 ```
5101 Value (string):
5102 ```
5103 <enabled/>
5104 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5105 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5106 ```
5107 OMA-URI:
5108 ```
5109 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5110 ```
5111 Value (string):
5112 ```
5113 <enabled/>
5114 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5115 ```
5116 OMA-URI:
5117 ```
5118 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5119 ```
5120 Value (string):
5121 ```
5122 <enabled/>
5123 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5124 ```
5125 OMA-URI:
5126 ```
5127 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5128 ```
5129 Value (string):
5130 ```
5131 <enabled/> or <disabled/>
5132 ```
5133 OMA-URI:
5134 ```
5135 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5136 ```
5137 Value (string):
5138 ```
5139 <enabled/> or <disabled/>
5140 ```
5141 OMA-URI (Old way):
5142 ```
5143 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5144 ```
5145 Value (string):
5146 ```
5147 <enabled/>
5148 <data id="ProxyLocked" value="true | false"/>
5149 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5150 <data id="HTTPProxy" value="httpproxy.example.com"/>
5151 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5152 <data id="SSLProxy" value="sslproxy.example.com"/>
5153 <data id="FTPProxy" value="ftpproxy.example.com"/>
5154 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5155 <data id="SOCKSVersion" value="4 | 5"/>
5156 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5157 <data id="Passthrough" value="<local>"/>
5158 <data id="AutoLogin" value="true | false"/>
5159 <data id="UseProxyForDNS" value="true | false"/>
5160 ```
5161 #### macOS
5162 ```
5163 <dict>
5164 <key>Proxy</key>
5165 <dict>
5166 <key>Mode</key>
5167 <string>none | system | manual | autoDetect | autoConfig</string>
5168 <key>Locked</key>
5169 <true> | </false>
5170 <key>HTTPProxy</key>
5171 <string>https://httpproxy.example.com</string>
5172 <key>UseHTTPProxyForAllProtocols</key>
5173 <true> | </false>
5174 <key>SSLProxy</key>
5175 <string>https://sslproxy.example.com</string>
5176 <key>FTPProxy</key>
5177 <string>https://ftpproxy.example.com</string>
5178 <key>SOCKSProxy</key>
5179 <string>https://socksproxy.example.com</string>
5180 <key>SOCKSVersion</key>
5181 <string>4 | 5</string>
5182 <key>Passthrough</key>
5183 <string>&lt;local>&gt;</string>
5184 <key>AutoConfigURL</key>
5185 <string>URL_TO_AUTOCONFIG</string>
5186 <key>AutoLogin</key>
5187 <true> | </false>
5188 <key>UseProxyForDNS</key>
5189 <true> | </false>
5190 </dict>
5191 </dict>
5192 ```
5193 #### policies.json
5194 ```
5195 {
5196 "policies": {
5197 "Proxy": {
5198 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5199 "Locked": true | false,
5200 "HTTPProxy": "hostname",
5201 "UseHTTPProxyForAllProtocols": true | false,
5202 "SSLProxy": "hostname",
5203 "FTPProxy": "hostname",
5204 "SOCKSProxy": "hostname",
5205 "SOCKSVersion": 4 | 5,
5206 "Passthrough": "<local>",
5207 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5208 "AutoLogin": true | false,
5209 "UseProxyForDNS": true | false
5210 }
5211 }
5212 }
5213 ```
5214 ### RequestedLocales
5215 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5216
5217 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5218
5219 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5220 **CCK2 Equivalent:** N/A\
5221 **Preferences Affected:** N/A
5222 #### Windows (GPO)
5223 ```
5224 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5225 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5226
5227 or
5228
5229 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5230 ```
5231 #### Windows (Intune)
5232 OMA-URI:
5233 ```
5234 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5235 ```
5236 Value (string):
5237 ```
5238 <enabled/>
5239 <data id="Preferences_String" value="de,en-US"/>
5240 ```
5241 #### macOS
5242 ```
5243 <dict>
5244 <key>RequestedLocales</key>
5245 <array>
5246 <string>de</string>
5247 <string>en-US</string>
5248 </array>
5249 </dict>
5250
5251 or
5252
5253 <dict>
5254 <key>RequestedLocales</key>
5255 <string>de,en-US</string>
5256 </dict>
5257
5258 ```
5259 #### policies.json
5260 ```
5261 {
5262 "policies": {
5263 "RequestedLocales": ["de", "en-US"]
5264 }
5265 }
5266
5267 or
5268
5269 {
5270 "policies": {
5271 "RequestedLocales": "de,en-US"
5272 }
5273 }
5274 ```
5275 <a name="SanitizeOnShutdown"></a>
5276
5277 ### SanitizeOnShutdown (Selective)
5278 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5279
5280 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5281
5282 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5283 **CCK2 Equivalent:** N/A\
5284 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5285 #### Windows (GPO)
5286 ```
5287 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5288 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5289 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5290 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5291 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5292 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5293 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5294 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5295 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5296 ```
5297 #### Windows (Intune)
5298 OMA-URI:
5299 ```
5300 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5301 ```
5302 Value (string):
5303 ```
5304 <enabled/> or <disabled/>
5305 ```
5306 OMA-URI:
5307 ```
5308 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5309 ```
5310 Value (string):
5311 ```
5312 <enabled/> or <disabled/>
5313 ```
5314 OMA-URI:
5315 ```
5316 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5317 ```
5318 Value (string):
5319 ```
5320 <enabled/> or <disabled/>
5321 ```
5322 OMA-URI:
5323 ```
5324 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5325 ```
5326 Value (string):
5327 ```
5328 <enabled/> or <disabled/>
5329 ```
5330 OMA-URI:
5331 ```
5332 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5333 ```
5334 Value (string):
5335 ```
5336 <enabled/> or <disabled/>
5337 ```
5338 OMA-URI:
5339 ```
5340 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5341 ```
5342 Value (string):
5343 ```
5344 <enabled/> or <disabled/>
5345 ```
5346 OMA-URI:
5347 ```
5348 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5349 ```
5350 Value (string):
5351 ```
5352 <enabled/> or <disabled/>
5353 ```
5354 OMA-URI:
5355 ```
5356 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5357 ```
5358 Value (string):
5359 ```
5360 <enabled/> or <disabled/>
5361 ```
5362 OMA-URI:
5363 ```
5364 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5365 ```
5366 Value (string):
5367 ```
5368 <enabled/> or <disabled/>
5369 ```
5370 #### macOS
5371 ```
5372 <dict>
5373 <key>SanitizeOnShutdown</key>
5374 <dict>
5375 <key>Cache</key>
5376 <true/> | <false/>
5377 <key>Cookies</key>
5378 <true/> | <false/>
5379 <key>Downloads</key>
5380 <true/> | <false/>
5381 <key>FormData</key>
5382 <true/> | <false/>
5383 <key>History</key>
5384 <true/> | <false/>
5385 <key>Sessions</key>
5386 <true/> | <false/>
5387 <key>SiteSettings</key>
5388 <true/> | <false/>
5389 <key>OfflineApps</key>
5390 <true/> | <false/>
5391 <key>Locked</key>
5392 <true/> | <false/>
5393 </dict>
5394 </dict>
5395 ```
5396 #### policies.json
5397 ```
5398 {
5399 "policies": {
5400 "SanitizeOnShutdown": {
5401 "Cache": true | false,
5402 "Cookies": true | false,
5403 "Downloads": true | false,
5404 "FormData": true | false,
5405 "History": true | false,
5406 "Sessions": true | false,
5407 "SiteSettings": true | false,
5408 "OfflineApps": true | false,
5409 "Locked": true | false
5410 }
5411 }
5412 }
5413 ```
5414 ### SanitizeOnShutdown (All)
5415 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5416
5417 **Compatibility:** Firefox 60, Firefox ESR 60\
5418 **CCK2 Equivalent:** N/A\
5419 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5420 #### Windows (GPO)
5421 ```
5422 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5423 ```
5424 #### Windows (Intune)
5425 OMA-URI:
5426 ```
5427 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5428 ```
5429 Value (string):
5430 ```
5431 <enabled/> or <disabled/>
5432 ```
5433 #### macOS
5434 ```
5435 <dict>
5436 <key>SanitizeOnShutdown</key>
5437 <true/> | <false/>
5438 </dict>
5439 ```
5440 #### policies.json
5441 ```
5442 {
5443 "policies": {
5444 "SanitizeOnShutdown": true | false
5445 }
5446 }
5447 ```
5448 ### SearchBar
5449 Set whether or not search bar is displayed.
5450
5451 **Compatibility:** Firefox 60, Firefox ESR 60\
5452 **CCK2 Equivalent:** `showSearchBar`\
5453 **Preferences Affected:** N/A
5454
5455 #### Windows (GPO)
5456 ```
5457 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5458 ```
5459
5460 #### Windows (Intune)
5461 OMA-URI:
5462 ```
5463 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5464 ```
5465 Value (string):
5466 ```
5467 <enabled/>
5468 <data id="SearchBar" value="unified | separate"/>
5469 ```
5470 #### macOS
5471 ```
5472 <dict>
5473 <key>SearchBar</key>
5474 <string>unified | separate</string>
5475 </dict>
5476 ```
5477 #### policies.json
5478 ```
5479 {
5480 "policies": {
5481 "SearchBar": "unified" | "separate"
5482 }
5483 }
5484 ```
5485 <a name="SearchEngines"></a>
5486
5487 ### SearchEngines (This policy is only available on the ESR.)
5488
5489 ### SearchEngines | Add
5490
5491 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5492
5493 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5494
5495 `Name` is the name of the search engine.
5496
5497 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5498
5499 `Method` is either GET or POST
5500
5501 `IconURL` is a URL for the icon to use.
5502
5503 `Alias` is a keyword to use for the engine.
5504
5505 `Description` is a description of the search engine.
5506
5507 `PostData` is the POST data as name value pairs separated by &.
5508
5509 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5510
5511 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5512
5513 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5514 **CCK2 Equivalent:** `searchplugins`\
5515 **Preferences Affected:** N/A
5516
5517 #### Windows (GPO)
5518 ```
5519 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5520 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5521 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5522 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5523 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5524 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5525 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5526 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5527 ```
5528 #### Windows (Intune)
5529 OMA-URI:
5530 ```
5531 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5532 ```
5533 Value (string):
5534 ```
5535 <enabled/>
5536 <data id="SearchEngine_Name" value="Example1"/>
5537 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5538 <data id="SearchEngine_Method" value="GET | POST"/>
5539 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5540 <data id="SearchEngine_Alias" value="example"/>
5541 <data id="SearchEngine_Description" value="Example Description"/>
5542 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5543 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5544 ```
5545 #### macOS
5546 ```
5547 <dict>
5548 <key>SearchEngines</key>
5549 <dict>
5550 <key>Add</key>
5551 <array>
5552 <dict>
5553 <key>Name</key>
5554 <string>Example1</string>
5555 <key>URLTemplate</key>
5556 <string>https://www.example.org/q={searchTerms}</string>
5557 <key>Method</key>
5558 <string>GET | POST </string>
5559 <key>IconURL</key>
5560 <string>https://www.example.org/favicon.ico</string>
5561 <key>Alias</key>
5562 <string>example</string>
5563 <key>Description</key>
5564 <string>Example Description</string>
5565 <key>SuggestURLTemplate</key>
5566 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5567 <key>PostData</key>
5568 <string>name=value&q={searchTerms}</string>
5569 </dict>
5570 <array>
5571 </dict>
5572 </dict>
5573 ```
5574 #### policies.json
5575 ```
5576 {
5577 "policies": {
5578 "SearchEngines": {
5579 "Add": [
5580 {
5581 "Name": "Example1",
5582 "URLTemplate": "https://www.example.org/q={searchTerms}",
5583 "Method": "GET" | "POST",
5584 "IconURL": "https://www.example.org/favicon.ico",
5585 "Alias": "example",
5586 "Description": "Description",
5587 "PostData": "name=value&q={searchTerms}",
5588 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5589 }
5590 ]
5591 }
5592 }
5593 }
5594 ```
5595 ### SearchEngines | Default
5596
5597 Set the default search engine. This policy is only available on the ESR.
5598
5599 **Compatibility:** Firefox ESR 60\
5600 **CCK2 Equivalent:** `defaultSearchEngine`\
5601 **Preferences Affected:** N/A
5602
5603 #### Windows (GPO)
5604 ```
5605 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5606 ```
5607 #### Windows (Intune)
5608 OMA-URI:
5609 ```
5610 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5611 ```
5612 Value (string):
5613 ```
5614 <enabled/>
5615 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5616 ```
5617 #### macOS
5618 ```
5619 <dict>
5620 <key>SearchEngines</key>
5621 <dict>
5622 <key>Default</key>
5623 <string>NAME_OF_SEARCH_ENGINE</string>
5624 </dict>
5625 </dict>
5626 ```
5627 #### policies.json
5628 ```
5629 {
5630 "policies": {
5631 "SearchEngines": {
5632 "Default": "NAME_OF_SEARCH_ENGINE"
5633 }
5634 }
5635 }
5636 ```
5637 ### SearchEngines | PreventInstalls
5638
5639 Prevent installing search engines from webpages.
5640
5641 **Compatibility:** Firefox ESR 60\
5642 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5643 **Preferences Affected:** N/A
5644
5645 #### Windows (GPO)
5646 ```
5647 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5648 ```
5649 #### Windows (Intune)
5650 OMA-URI:
5651 ```
5652 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5653 ```
5654 Value (string):
5655 ```
5656 <enabled/> or <disabled/>
5657 ```
5658 #### macOS
5659 ```
5660 <dict>
5661 <key>SearchEngines</key>
5662 <dict>
5663 <key>PreventInstalls</key>
5664 <true/> | <false/>
5665 </dict>
5666 </dict>
5667 ```
5668 #### policies.json
5669 ```
5670 {
5671 "policies": {
5672 "SearchEngines": {
5673 "PreventInstalls": true | false
5674 }
5675 }
5676 }
5677 ```
5678 ### SearchEngines | Remove
5679
5680 Hide built-in search engines. This policy is only available on the ESR.
5681
5682 **Compatibility:** Firefox ESR 60.2\
5683 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5684 **Preferences Affected:** N/A
5685
5686 #### Windows (GPO)
5687 ```
5688 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5689 ```
5690 #### Windows (Intune)
5691 OMA-URI:
5692 ```
5693 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5694 ```
5695 Value (string):
5696 ```
5697 <enabled/>
5698 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5699 ```
5700 #### macOS
5701 ```
5702 <dict>
5703 <key>SearchEngines</key>
5704 <dict>
5705 <key>Remove</key>
5706 <array>
5707 <string>NAME_OF_SEARCH_ENGINE</string>
5708 </array>
5709 </dict>
5710 </dict>
5711 ```
5712 #### policies.json
5713 ```
5714 {
5715 "policies": {
5716 "SearchEngines": {
5717 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5718 }
5719 }
5720 }
5721 ```
5722 ### SearchSuggestEnabled
5723
5724 Enable search suggestions.
5725
5726 **Compatibility:** Firefox 68, Firefox ESR 68\
5727 **CCK2 Equivalent:** N/A\
5728 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5729
5730 #### Windows (GPO)
5731 ```
5732 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5733 ```
5734 #### Windows (Intune)
5735 OMA-URI:
5736 ```
5737 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5738 ```
5739 Value (string):
5740 ```
5741 <enabled/> or <disabled/>
5742 ```
5743 #### macOS
5744 ```
5745 <dict>
5746 <key>SearchSuggestEnabled</key>
5747 <true/> | <false/>
5748 </dict>
5749 ```
5750 #### policies.json
5751 ```
5752 {
5753 "policies": {
5754 "SearchSuggestEnabled": true | false
5755 }
5756 }
5757 ```
5758 ### SecurityDevices
5759
5760 Add or delete PKCS #11 modules.
5761
5762 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5763 **CCK2 Equivalent:** N/A\
5764 **Preferences Affected:** N/A
5765
5766 #### Windows (GPO)
5767 ```
5768 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5769 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5770 ```
5771 #### Windows (Intune)
5772 OMA-URI:
5773 ```
5774 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5775 ```
5776 Value (string):
5777 ```
5778 <enabled/>
5779 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5780 ```
5781 OMA-URI:
5782 ```
5783 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5784 ```
5785 Value (string):
5786 ```
5787 <enabled/>
5788 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5789 ```
5790 #### macOS
5791 ```
5792 <dict>
5793 <key>SecurityDevices</key>
5794 <dict>
5795 <key>Add<key>
5796 <dict>
5797 <key>NAME_OF_DEVICE_TO_ADD</key>
5798 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5799 </dict>
5800 <key>Delete</add>
5801 <array>
5802 <string>NAME_OF_DEVICE_TO_DELETE</string>
5803 </array>
5804 </dict>
5805 </dict>
5806 ```
5807 #### policies.json
5808 ```
5809 {
5810 "policies": {
5811 "SecurityDevices": {
5812 "Add": {
5813 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5814 },
5815 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5816 }
5817 }
5818 }
5819 ```
5820 ### SecurityDevices (Deprecated)
5821
5822 Install PKCS #11 modules.
5823
5824 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5825 **CCK2 Equivalent:** `certs.devices`\
5826 **Preferences Affected:** N/A
5827
5828 #### Windows (GPO)
5829 ```
5830 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5831 ```
5832 #### Windows (Intune)
5833 OMA-URI:
5834 ```
5835 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5836 ```
5837 Value (string):
5838 ```
5839 <enabled/>
5840 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5841 ```
5842 #### macOS
5843 ```
5844 <dict>
5845 <key>SecurityDevices</key>
5846 <dict>
5847 <key>NAME_OF_DEVICE</key>
5848 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5849 </dict>
5850 </dict>
5851 ```
5852 #### policies.json
5853 ```
5854 {
5855 "policies": {
5856 "SecurityDevices": {
5857 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5858 }
5859 }
5860 }
5861 ```
5862 ### ShowHomeButton
5863 Show the home button on the toolbar.
5864
5865 Future versions of Firefox will not show the home button by default.
5866
5867 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5868 **CCK2 Equivalent:** N/A\
5869 **Preferences Affected:** N/A
5870
5871 #### Windows (GPO)
5872 ```
5873 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5874 ```
5875 #### Windows (Intune)
5876 OMA-URI:
5877 ```
5878 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5879 ```
5880 Value (string):
5881 ```
5882 <enabled/> or <disabled/>
5883 ```
5884 #### macOS
5885 ```
5886 <dict>
5887 <key>ShowHomeButton</key>
5888 <true/> | <false/>
5889 </dict>
5890 ```
5891 #### policies.json
5892 ```
5893 {
5894 "policies": {
5895 "ShowHomeButton": true | false
5896 }
5897 }
5898 ```
5899 ### SSLVersionMax
5900
5901 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5902
5903 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5904 **CCK2 Equivalent:** N/A\
5905 **Preferences Affected:** `security.tls.version.max`
5906
5907 #### Windows (GPO)
5908 ```
5909 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5910 ```
5911 #### Windows (Intune)
5912 OMA-URI:
5913 ```
5914 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5915 ```
5916 Value (string):
5917 ```
5918 <enabled/>
5919 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5920 ```
5921 #### macOS
5922 ```
5923 <dict>
5924 <key>SSLVersionMax</key>
5925 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5926 </dict>
5927 ```
5928
5929 #### policies.json
5930 ```
5931 {
5932 "policies": {
5933 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5934 }
5935 }
5936 ```
5937 ### SSLVersionMin
5938
5939 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5940
5941 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5942 **CCK2 Equivalent:** N/A\
5943 **Preferences Affected:** `security.tls.version.min`
5944
5945 #### Windows (GPO)
5946 ```
5947 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5948 ```
5949 #### Windows (Intune)
5950 OMA-URI:
5951 ```
5952 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5953 ```
5954 Value (string):
5955 ```
5956 <enabled/>
5957 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5958 ```
5959 #### macOS
5960 ```
5961 <dict>
5962 <key>SSLVersionMin</key>
5963 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5964 </dict>
5965 ```
5966
5967 #### policies.json
5968 ```
5969 {
5970 "policies": {
5971 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5972 }
5973 }
5974 ```
5975 ### SupportMenu
5976 Add a menuitem to the help menu for specifying support information.
5977
5978 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5979 **CCK2 Equivalent:** helpMenu\
5980 **Preferences Affected:** N/A
5981
5982 #### Windows (GPO)
5983 ```
5984 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5985 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5986 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5987 ```
5988 #### Windows (Intune)
5989 OMA-URI:
5990 ```
5991 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5992 ```
5993 Value (string):
5994 ```
5995 <enabled/>
5996 <data id="SupportMenuTitle" value="Support Menu"/>
5997 <data id="SupportMenuURL" value="http://example.com/support"/>
5998 <data id="SupportMenuAccessKey" value="S"/>
5999 ```
6000 #### macOS
6001 ```
6002 <dict>
6003 <key>SupportMenu</key>
6004 <dict>
6005 <key>Title</key>
6006 <string>SupportMenu</string>
6007 <key>URL</key>
6008 <string>http://example.com/support</string>
6009 <key>AccessKey</key>
6010 <string>S</string>
6011 </dict>
6012 </dict>
6013 ```
6014 #### policies.json
6015 ```
6016 {
6017 "policies": {
6018 "SupportMenu": {
6019 "Title": "Support Menu",
6020 "URL": "http://example.com/support",
6021 "AccessKey": "S"
6022 }
6023 }
6024 }
6025 ```
6026 ### StartDownloadsInTempDirectory
6027 Force downloads to start off in a local, temporary location rather than the default download directory.
6028
6029 **Compatibility:** Firefox 102\
6030 **CCK2 Equivalent:** N/A\
6031 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
6032
6033 #### Windows (GPO)
6034 ```
6035 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
6036 ```
6037 #### Windows (Intune)
6038 OMA-URI:
6039 ```
6040 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
6041 ```
6042 Value (string):
6043 ```
6044 <enabled/> or <disabled/>
6045 ```
6046 #### macOS
6047 ```
6048 <dict>
6049 <key>StartDownloadsInTempDirectory</key>
6050 <true/> | <false/>
6051 </dict>
6052 ```
6053 #### policies.json
6054 ```
6055 {
6056 "policies": {
6057 "StartDownloadsInTempDirectory": true | false
6058 }
6059 ```
6060 ### UserMessaging
6061
6062 Prevent Firefox from messaging the user in certain situations.
6063
6064 `WhatsNew` Remove the "What's New" icon and menuitem.
6065
6066 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6067
6068 `FeatureRecommendations` If false, don't recommend browser features.
6069
6070 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6071
6072 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6073
6074 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6075
6076 `Locked` prevents the user from changing user messaging preferences.
6077
6078 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6079 **CCK2 Equivalent:** N/A\
6080 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6081
6082 #### Windows (GPO)
6083 ```
6084 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
6085 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6086 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6087 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6088 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6089 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6090 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
6091 ```
6092 #### Windows (Intune)
6093 OMA-URI:
6094 ```
6095 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6096 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6097 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6098 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6099 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6100 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6101 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
6102 ```
6103 Value (string):
6104 ```
6105 <enabled/> or <disabled/>
6106 ```
6107 #### macOS
6108 ```
6109 <dict>
6110 <key>UserMessaging</key>
6111 <dict>
6112 <key>WhatsNew</key>
6113 <true/> | <false/>
6114 <key>ExtensionRecommendations</key>
6115 <true/> | <false/>
6116 <key>FeatureRecommendations</key>
6117 <true/> | <false/>
6118 <key>UrlbarInterventions</key>
6119 <true/> | <false/>
6120 <key>SkipOnboarding</key>
6121 <true/> | <false/>
6122 <key>MoreFromMozilla</key>
6123 <true/> | <false/>
6124 <key>Locked</key>
6125 <true/> | <false/>
6126 </dict>
6127 </dict>
6128 ```
6129 #### policies.json
6130 ```
6131 {
6132 "policies": {
6133 "UserMessaging": {
6134 "WhatsNew": true | false,
6135 "ExtensionRecommendations": true | false,
6136 "FeatureRecommendations": true | false,
6137 "UrlbarInterventions": true | false,
6138 "SkipOnboarding": true | false,
6139 "MoreFromMozilla": true | false,
6140 "Locked": true | false
6141 }
6142 }
6143 }
6144 ```
6145 ### UseSystemPrintDialog
6146 Use the system print dialog instead of the print preview window.
6147
6148 **Compatibility:** Firefox 102\
6149 **CCK2 Equivalent:** N/A\
6150 **Preferences Affected:** `print.prefer_system_dialog`
6151
6152 #### Windows (GPO)
6153 ```
6154 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6155 ```
6156 #### Windows (Intune)
6157 OMA-URI:
6158 ```
6159 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6160 ```
6161 Value (string):
6162 ```
6163 <enabled/> or <disabled/>
6164 ```
6165 #### macOS
6166 ```
6167 <dict>
6168 <key>UseSystemPrintDialog</key>
6169 <true/> | <false/>
6170 </dict>
6171 ```
6172 #### policies.json
6173 ```
6174 {
6175 "policies": {
6176 "UseSystemPrintDialog": true | false
6177 }
6178 }
6179 ```
6180 ### WebsiteFilter
6181 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6182 The arrays are limited to 1000 entries each.
6183
6184 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6185
6186 For specific protocols, use `https://*/*` or `http://*/*`.
6187
6188 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6189
6190 **Compatibility:** Firefox 60, Firefox ESR 60\
6191 **CCK2 Equivalent:** N/A\
6192 **Preferences Affected:** N/A
6193
6194 #### Windows (GPO)
6195 ```
6196 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6197 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6198 ```
6199 #### Windows (Intune)
6200 OMA-URI:
6201 ```
6202 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6203 ```
6204 Value (string):
6205 ```
6206 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6207 ```
6208 OMA-URI:
6209 ```
6210 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6211 ```
6212 Value (string):
6213 ```
6214 <enabled/>
6215 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6216 ```
6217 #### macOS
6218 ```
6219 <dict>
6220 <key>WebsiteFilter</key>
6221 <dict>
6222 <key>Block</key>
6223 <array>
6224 <string><all_urls></string>
6225 </array>
6226 <key>Exceptions</key>
6227 <array>
6228 <string>http://example.org/*</string>
6229 </array>
6230 </dict>
6231
6232 </dict>
6233 ```
6234 #### policies.json
6235 ```
6236 {
6237 "policies": {
6238 "WebsiteFilter": {
6239 "Block": ["<all_urls>"],
6240 "Exceptions": ["http://example.org/*"]
6241 }
6242 }
6243 }
6244 ```
6245 ### WindowsSSO
6246 Allow Windows single sign-on for Microsoft, work, and school accounts.
6247
6248 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6249
6250 **Compatibility:** Firefox 91\
6251 **CCK2 Equivalent:** N/A\
6252 **Preferences Affected:** `network.http.windows-sso.enabled`
6253
6254 #### Windows (GPO)
6255 ```
6256 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6257 ```
6258 #### Windows (Intune)
6259 OMA-URI:
6260 ```
6261 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6262 ```
6263 Value (string):
6264 ```
6265 <enabled/> or <disabled/>
6266 ```
6267 #### policies.json
6268 ```
6269 {
6270 "policies": {
6271 "WindowsSSO": true | false
6272 }
6273 }
6274 ```

patrick-canterino.de