]> git.p6c8.net - policy-templates.git/blob - docs/index.md
3cbb1737f2d6a2490d30e1242d1ca9f38e946911
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
21 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
22 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
23 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
24 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
25 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
26 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
27 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
28 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
29 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
30 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
31 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
32 | **[`Certificates`](#certificates)** |
33 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
34 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
35 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
36 | **[`Cookies`](#cookies)** | Configure cookie preferences.
37 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
38 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
39 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
40 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
41 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
42 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
43 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
44 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
45 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
46 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
47 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
48 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
49 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
50 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
51 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
52 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
53 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
54 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
55 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
56 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
57 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
58 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
59 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
60 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
61 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
62 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
63 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
64 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
65 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
66 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
67 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
68 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
69 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
70 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
71 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
72 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
73 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
74 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
75 | **[`Handlers`](#handlers)** | Configure default application handlers.
76 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
77 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
78 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
79 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
80 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
81 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
82 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
83 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
84 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
85 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
86 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
87 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
88 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
89 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
90 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
91 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
92 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
93 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
94 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
95 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
96 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
97 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
98 | **[`Preferences`](#preferences)** | Set and lock preferences.
99 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
100 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
101 | **[`Proxy`](#proxy)** | Configure proxy settings.
102 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
103 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
104 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
105 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
106 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
107 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
108 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
109 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
110 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
111 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
112 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
113 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
114 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
115 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
116 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
117 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
118 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
119 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
120 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
121 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
122
123 ### 3rdparty
124
125 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
126
127 For GPO and Intune, the extension developer should provide an ADMX file.
128
129 **Compatibility:** Firefox 68\
130 **CCK2 Equivalent:** N/A\
131 **Preferences Affected:** N/A
132
133 #### macOS
134 ```
135 <dict>
136 <key>3rdparty</key>
137 <dict>
138 <key>Extensions</key>
139 <dict>
140 <key>uBlock0@raymondhill.net</key>
141 <dict>
142 <key>adminSettings</key>
143 <dict>
144 <key>selectedFilterLists</key>
145 <array>
146 <string>ublock-privacy</string>
147 <string>ublock-badware</string>
148 <string>ublock-filters</string>
149 <string>user-filters</string>
150 </array>
151 </dict>
152 </dict>
153 </dict>
154 </dict>
155 </dict>
156 ```
157 #### policies.json
158 ```
159 {
160 "policies": {
161 "3rdparty": {
162 "Extensions": {
163 "uBlock0@raymondhill.net": {
164 "adminSettings": {
165 "selectedFilterLists": [
166 "ublock-privacy",
167 "ublock-badware",
168 "ublock-filters",
169 "user-filters"
170 ]
171 }
172 }
173 }
174 }
175 }
176 }
177 ```
178
179 ### AllowedDomainsForApps
180
181 Define domains allowed to access Google Workspace.
182
183 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
184
185 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
186
187 **Compatibility:** Firefox 89, Firefox ESR 78.11\
188 **CCK2 Equivalent:** N/A\
189 **Preferences Affected:** N/A
190
191 #### Windows (GPO)
192 ```
193 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
194 ```
195 #### Windows (Intune)
196 OMA-URI:
197 ```
198 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
199 ```
200 Value (string):
201 ```
202 <enabled/>
203 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
204 ```
205 #### macOS
206 ```
207 <dict>
208 <key>AllowedDomainsForApps</key>
209 <string>managedfirefox.com,example.com</string>
210 </dict>
211 ```
212 #### policies.json
213 ```
214 {
215 "policies": {
216 "AllowedDomainsForApps": "managedfirefox.com,example.com"
217 }
218 }
219 ```
220 ### AppAutoUpdate
221
222 Enable or disable **automatic** application update.
223
224 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
225
226 If set to false, application updates are downloaded but the user can choose when to install the update.
227
228 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
229
230 **Compatibility:** Firefox 75, Firefox ESR 68.7\
231 **CCK2 Equivalent:** N/A\
232 **Preferences Affected:** `app.update.auto`
233
234 #### Windows (GPO)
235 ```
236 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
237 ```
238 #### Windows (Intune)
239 OMA-URI:
240 ```
241 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
242 ```
243 Value (string):
244 ```
245 <enabled/> or <disabled/>
246 ```
247 #### macOS
248 ```
249 <dict>
250 <key>AppAutoUpdate</key>
251 <true/> | <false/>
252 </dict>
253 ```
254 #### policies.json
255 ```
256 {
257 "policies": {
258 "AppAutoUpdate": true | false
259 }
260 }
261 ```
262 ### AppUpdatePin
263
264 Prevent Firefox from being updated beyond the specified version.
265
266 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
267
268 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
269
270 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
271
272 **Compatibility:** Firefox 102,\
273 **CCK2 Equivalent:** N/A\
274 **Preferences Affected:** N/A
275
276 #### Windows (GPO)
277 ```
278 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
279 ```
280 #### Windows (Intune)
281 OMA-URI:
282 ```
283 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
284 ```
285 Value (string):
286 ```
287 <enabled/>
288 <data id="AppUpdatePin" value="106."/>
289 ```
290 #### macOS
291 ```
292 <dict>
293 <key>AppUpdatePin</key>
294 <string>106.</string>
295 </dict>
296 ```
297 #### policies.json
298 ```
299 {
300 "policies": {
301 "AppUpdatePin": "106."
302 }
303 }
304 ```
305 ### AppUpdateURL
306
307 Change the URL for application update if you are providing Firefox updates from a custom update server.
308
309 **Compatibility:** Firefox 62, Firefox ESR 60.2\
310 **CCK2 Equivalent:** N/A\
311 **Preferences Affected:** `app.update.url`
312
313 #### Windows (GPO)
314 ```
315 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
316 ```
317 #### Windows (Intune)
318 OMA-URI:
319 ```
320 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
321 ```
322 Value (string):
323 ```
324 <enabled/>
325 <data id="AppUpdateURL" value="https://yoursite.com"/>
326 ```
327 #### macOS
328 ```
329 <dict>
330 <key>AppUpdateURL</key>
331 <string>https://yoursite.com</string>
332 </dict>
333 ```
334 #### policies.json
335 ```
336 {
337 "policies": {
338 "AppUpdateURL": "https://yoursite.com"
339 }
340 }
341 ```
342 ### Authentication
343
344 Configure sites that support integrated authentication.
345
346 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
347
348 `PrivateBrowsing` enables integrated authentication in private browsing.
349
350 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
351 **CCK2 Equivalent:** N/A\
352 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
353
354 #### Windows (GPO)
355 ```
356 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
357 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
358 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
359 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
360 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
361 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
362 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
363 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
364 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
365 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
366 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
367 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
368 ```
369 #### Windows (Intune)
370 OMA-URI:
371 ```
372 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
373 ```
374 Value (string):
375 ```
376 <enabled/>
377 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
378 ```
379 OMA-URI:
380 ```
381 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
382 ```
383 Value (string):
384 ```
385 <enabled/>
386 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
387 ```
388 OMA-URI:
389 ```
390 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
391 ```
392 Value (string):
393 ```
394 <enabled/>
395 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
396 ```
397 OMA-URI:
398 ```
399 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
400 ```
401 Value (string):
402 ```
403 <enabled/>
404 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
405 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
406 ```
407 OMA-URI:
408 ```
409 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
410 ```
411 Value (string):
412 ```
413 <enabled/> or <disabled/>
414 ```
415 OMA-URI:
416 ```
417 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
418 ```
419 Value (string):
420 ```
421 <enabled/> or <disabled/>
422 ```
423 #### macOS
424 ```
425 <dict>
426 <key>Authentication</key>
427 <dict>
428 <key>SPNEGO</key>
429 <array>
430 <string>mydomain.com</string>
431 <string>https://myotherdomain.com</string>
432 </array>
433 <key>Delegated</key>
434 <array>
435 <string>mydomain.com</string>
436 <string>https://myotherdomain.com</string>
437 </array>
438 <key>NTLM</key>
439 <array>
440 <string>mydomain.com</string>
441 <string>https://myotherdomain.com</string>
442 </array>
443 <key>AllowNonFQDN</key>
444 <dict>
445 <key>SPNEGO</key>
446 <true/> | <false/>
447 <key>NTLM</key>
448 <true/> | <false/>
449 </dict>
450 <key>AllowProxies</key>
451 <dict>
452 <key>SPNEGO</key>
453 <true/> | <false/>
454 <key>NTLM</key>
455 <true/> | <false/>
456 </dict>
457 <key>Locked</key>
458 <true/> | <false/>
459 <key>PrivateBrowsing</key>
460 <true/> | <false/>
461 </dict>
462 </dict>
463 ```
464 #### policies.json
465 ```
466 {
467 "policies": {
468 "Authentication": {
469 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
470 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
471 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
472 "AllowNonFQDN": {
473 "SPNEGO": true | false,
474 "NTLM": true | false
475 },
476 "AllowProxies": {
477 "SPNEGO": true | false,
478 "NTLM": true | false
479 },
480 "Locked": true | false,
481 "PrivateBrowsing": true | false
482 }
483 }
484 }
485 ```
486 ### AutoLaunchProtocolsFromOrigins
487 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
488
489 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
490
491 The schema is:
492 ```
493 {
494 "items": {
495 "properties": {
496 "allowed_origins": {
497 "items": {
498 "type": "string"
499 },
500 "type": "array"
501 },
502 "protocol": {
503 "type": "string"
504 }
505 },
506 "required": [
507 "protocol",
508 "allowed_origins"
509 ],
510 "type": "object"
511 },
512 "type": "array"
513 }
514 ```
515 **Compatibility:** Firefox 90, Firefox ESR 78.12\
516 **CCK2 Equivalent:** N/A\
517 **Preferences Affected:** N/A
518
519 #### Windows (GPO)
520 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
521 ```
522 [
523 {
524 "protocol": "zoommtg",
525 "allowed_origins": [
526 "https://somesite.zoom.us"
527 ]
528 }
529 ]
530 ```
531 #### Windows (Intune)
532 OMA-URI:
533 ```
534 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
535 ```
536 Value (string):
537 ```
538 <enabled/>
539 <data id="JSON" value='
540 [
541 {
542 "protocol": "zoommtg",
543 "allowed_origins": [
544 "https://somesite.zoom.us"
545 ]
546 }
547 ]'/>
548 ```
549 #### macOS
550 ```
551 <dict>
552 <key>AutoLaunchProtocolsFromOrigins</key>
553 <array>
554 <dict>
555 <key>protocol</key>
556 <string>zoommtg</string>
557 <key>allowed_origins</key>
558 <array>
559 <string>https://somesite.zoom.us</string>
560 </array>
561 </dict>
562 </array>
563 </dict>
564 ```
565 #### policies.json
566 ```
567 {
568 "policies": {
569 "AutoLaunchProtocolsFromOrigins": [{
570 "protocol": "zoommtg",
571 "allowed_origins": [
572 "https://somesite.zoom.us"
573 ]
574 }]
575 }
576 }
577 ```
578 ### BackgroundAppUpdate
579
580 Enable or disable **automatic** application update **in the background**, when the application is not running.
581
582 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
583
584 If set to false, the application will not try to install updates when the application is not running.
585
586 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
587
588 **Compatibility:** Firefox 90 (Windows only)\
589 **CCK2 Equivalent:** N/A\
590 **Preferences Affected:** `app.update.background.enabled`
591
592 #### Windows (GPO)
593 ```
594 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
595 ```
596 #### Windows (Intune)
597 OMA-URI:
598 ```
599 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
600 ```
601 Value (string):
602 ```
603 <enabled/> or <disabled/>
604 ```
605 #### macOS
606 ```
607 <dict>
608 <key>BackgroundAppUpdate</key>
609 <true/> | <false/>
610 </dict>
611 ```
612 #### policies.json
613 ```
614 {
615 "policies": {
616 "BackgroundAppUpdate": true | false
617 }
618 }
619 ```
620 ### BlockAboutAddons
621
622 Block access to the Add-ons Manager (about:addons).
623
624 **Compatibility:** Firefox 60, Firefox ESR 60\
625 **CCK2 Equivalent:** `disableAddonsManager`\
626 **Preferences Affected:** N/A
627
628 #### Windows (GPO)
629 ```
630 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
631 ```
632 #### Windows (Intune)
633 OMA-URI:
634 ```
635 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
636 ```
637 Value (string):
638 ```
639 <enabled/> or <disabled/>
640 ```
641 #### macOS
642 ```
643 <dict>
644 <key>BlockAboutAddons</key>
645 <true/> | <false/>
646 </dict>
647 ```
648 #### policies.json
649 ```
650 {
651 "policies": {
652 "BlockAboutAddons": true | false
653 }
654 }
655 ```
656 ### BlockAboutConfig
657
658 Block access to about:config.
659
660 **Compatibility:** Firefox 60, Firefox ESR 60\
661 **CCK2 Equivalent:** `disableAboutConfig`\
662 **Preferences Affected:** N/A
663
664 #### Windows (GPO)
665 ```
666 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
667 ```
668 #### Windows (Intune)
669 OMA-URI:
670 ```
671 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
672 ```
673 Value (string):
674 ```
675 <enabled/> or <disabled/>
676 ```
677 #### macOS
678 ```
679 <dict>
680 <key>BlockAboutConfig</key>
681 <true/> | <false/>
682 </dict>
683 ```
684 #### policies.json
685 ```
686 {
687 "policies": {
688 "BlockAboutConfig": true | false
689 }
690 }
691 ```
692 ### BlockAboutProfiles
693
694 Block access to About Profiles (about:profiles).
695
696 **Compatibility:** Firefox 60, Firefox ESR 60\
697 **CCK2 Equivalent:** `disableAboutProfiles`\
698 **Preferences Affected:** N/A
699
700 #### Windows (GPO)
701 ```
702 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
703 ```
704 #### Windows (Intune)
705 OMA-URI:
706 ```
707 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
708 ```
709 Value (string):
710 ```
711 <enabled/> or <disabled/>
712 ```
713 #### macOS
714 ```
715 <dict>
716 <key>BlockAboutProfiles</key>
717 <true/> | <false/>
718 </dict>
719 ```
720 #### policies.json
721 ```
722 {
723 "policies": {
724 "BlockAboutProfiles": true | false
725 }
726 }
727 ```
728 ### BlockAboutSupport
729
730 Block access to Troubleshooting Information (about:support).
731
732 **Compatibility:** Firefox 60, Firefox ESR 60\
733 **CCK2 Equivalent:** `disableAboutSupport`\
734 **Preferences Affected:** N/A
735
736 #### Windows (GPO)
737 ```
738 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
739 ```
740 #### Windows (Intune)
741 OMA-URI:
742 ```
743 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
744 ```
745 Value (string):
746 ```
747 <enabled/> or <disabled/>
748 ```
749 #### macOS
750 ```
751 <dict>
752 <key>BlockAboutSupport</key>
753 <true/> | <false/>
754 </dict>
755 ```
756 #### policies.json
757 ```
758 {
759 "policies": {
760 "BlockAboutSupport": true | false
761 }
762 }
763 ```
764 ### Bookmarks
765
766 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
767
768 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
769
770 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
771
772 **Compatibility:** Firefox 60, Firefox ESR 60\
773 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
774 **Preferences Affected:** N/A
775
776 #### Windows (GPO)
777 ```
778 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
779 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
780 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
781 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
782 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
783
784 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
785 ```
786 []
787 ```
788
789 ```
790 #### Windows (Intune)
791 OMA-URI:
792 ```
793 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
794 ```
795 Value (string):
796 ```
797 <enabled/>
798 <data id="BookmarkTitle" value="Example"/>
799 <data id="BookmarkURL" value="https://example.com"/>
800 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
801 <data id="BookmarkPlacement" value="toolbar | menu"/>
802 <data id="BookmarkFolder" value="FolderName"/>
803 ```
804 OMA-URI:
805 ```
806 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
807 ```
808 Value (string):
809 ```
810 <enabled/>
811 <data id="JSON" value='[]'/>
812 ```
813 #### macOS
814 ```
815 <dict>
816 <key>Bookmarks</key>
817 <array>
818 <dict>
819 <key>Title</key>
820 <string>Example</string>
821 <key>URL</key>
822 <string>https://example.com</string>
823 <key>Favicon</key>
824 <string>https://example.com/favicon.ico</string>
825 <key>Placement</key>
826 <string>toolbar | menu</string>
827 <key>Folder</key>
828 <string>FolderName</string>
829 </dict>
830 </array>
831 </dict>
832 ```
833 #### policies.json
834 ```
835 {
836 "policies": {
837 "Bookmarks": [
838 {
839 "Title": "Example",
840 "URL": "https://example.com",
841 "Favicon": "https://example.com/favicon.ico",
842 "Placement": "toolbar" | "menu",
843 "Folder": "FolderName"
844 }
845 ]
846 }
847 }
848 ```
849 ### CaptivePortal
850 Enable or disable the detection of captive portals.
851
852 **Compatibility:** Firefox 67, Firefox ESR 60.7\
853 **CCK2 Equivalent:** N/A\
854 **Preferences Affected:** `network.captive-portal-service.enabled`
855
856 #### Windows (GPO)
857 ```
858 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
859 ```
860 #### Windows (Intune)
861 OMA-URI:
862 ```
863 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
864 ```
865 Value (string):
866 ```
867 <enabled/> or <disabled/>
868 ```
869 #### macOS
870 ```
871 <dict>
872 <key>CaptivePortal</key>
873 <true/> | <false/>
874 </dict>
875 ```
876 #### policies.json
877 ```
878 {
879 "policies": {
880 "CaptivePortal": true | false
881 }
882 }
883 ```
884 ### Certificates
885
886 ### Certificates | ImportEnterpriseRoots
887
888 Trust certificates that have been added to the operating system certificate store by a user or administrator.
889
890 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
891
892 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
893
894 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
895 **CCK2 Equivalent:** N/A\
896 **Preferences Affected:** `security.enterprise_roots.enabled`
897
898 #### Windows (GPO)
899 ```
900 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
901 ```
902 #### Windows (Intune)
903 OMA-URI:
904 ```
905 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
906 ```
907 Value (string):
908 ```
909 <enabled/> or <disabled/>
910 ```
911 #### macOS
912 ```
913 <dict>
914 <key>Certificates</key>
915 <dict>
916 <key>ImportEnterpriseRoots</key>
917 <true/> | <false/>
918 </dict>
919 </dict>
920 ```
921 #### policies.json
922 ```
923 {
924 "policies": {
925 "Certificates": {
926 "ImportEnterpriseRoots": true | false
927 }
928 }
929 }
930 ```
931 ### Certificates | Install
932
933 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
934
935 - Windows
936 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
937 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
938 - macOS
939 - /Library/Application Support/Mozilla/Certificates
940 - ~/Library/Application Support/Mozilla/Certificates
941 - Linux
942 - /usr/lib/mozilla/certificates
943 - /usr/lib64/mozilla/certificates
944 - ~/.mozilla/certificates
945
946 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
947
948 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
949
950 Certificates are installed using the trust string `CT,CT,`.
951
952 Binary (DER) and ASCII (PEM) certificates are both supported.
953
954 **Compatibility:** Firefox 64, Firefox ESR 64\
955 **CCK2 Equivalent:** `certs.ca`\
956 **Preferences Affected:** N/A
957
958 #### Windows (GPO)
959 ```
960 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
961 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
962 ```
963 #### Windows (Intune)
964 OMA-URI:
965 ```
966 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
967 ```
968 Value (string):
969 ```
970 <enabled/>
971 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
972 ```
973 #### macOS
974 ```
975 <dict>
976 <key>Certificates</key>
977 <dict>
978 <key>Install</key>
979 <array>
980 <string>cert1.der</string>
981 <string>/Users/username/cert2.pem</string>
982 </array>
983 </dict>
984 </dict>
985 ```
986 #### policies.json
987 ```
988 {
989 "policies": {
990 "Certificates": {
991 "Install": ["cert1.der", "/home/username/cert2.pem"]
992 }
993 }
994 }
995 ```
996 ### Containers
997 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
998
999 Currently you can set the initial set of containers.
1000
1001 For each container, you can specify the name, icon, and color.
1002
1003 | Name | Description |
1004 | --- | --- |
1005 | `name`| Name of container
1006 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1007 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1008
1009 **Compatibility:** Firefox 113\
1010 **CCK2 Equivalent:** N/A\
1011 **Preferences Affected:** N/A
1012
1013 #### Windows (GPO)
1014 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1015 ```
1016 {
1017 "Default": [
1018 {
1019 "name": "My container",
1020 "icon": "pet",
1021 "color": "turquoise"
1022 }
1023 ]
1024 }
1025 ```
1026 #### Windows (Intune)
1027 OMA-URI:
1028 ```
1029 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1030 ```
1031 Value (string):
1032 ```
1033 <enabled/>
1034 <data id="JSON" value='
1035 {
1036 "Default": [
1037 {
1038 "name": "My container",
1039 "icon": "pet",
1040 "color": "turquoise"
1041 }
1042 ]
1043 }
1044 '/>
1045 ```
1046 #### macOS
1047 ```
1048 <dict>
1049 <key>Default</key>
1050 <dict>
1051 <key>Containers</key>
1052 <array>
1053 <dict>
1054 <key>name</key>
1055 <string>My container</string>
1056 <key>icon</key>
1057 <string>pet</string>
1058 <key>color</key>
1059 <string>turquoise</string>
1060 </dict>
1061 </array>
1062 </dict>
1063 </dict>
1064 ```
1065 #### policies.json
1066 ```
1067 {
1068 "policies": {
1069 "Containers": {
1070 "Default": [
1071 {
1072 "name": "My container",
1073 "icon": "pet",
1074 "color": "turquoise"
1075 }
1076 ]
1077 }
1078 }
1079 }
1080 ```
1081 ### Cookies
1082 Configure cookie preferences.
1083
1084 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1085
1086 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1087
1088 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1089
1090 `Behavior` sets the default behavior for cookies based on the values below.
1091
1092 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1093
1094 | Value | Description
1095 | --- | --- |
1096 | accept | Accept all cookies
1097 | reject-foreign | Reject third party cookies
1098 | reject | Reject all cookies
1099 | limit-foreign | Reject third party cookies for sites you haven't visited
1100 | reject-tracker | Reject cookies for known trackers (default)
1101 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1102
1103 `Locked` prevents the user from changing cookie preferences.
1104
1105 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1106 **CCK2 Equivalent:** N/A\
1107 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1108
1109 #### Windows (GPO)
1110 ```
1111 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1112 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1113 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1114 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1115 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1116 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1117 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1118 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1119 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1120 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1121 ```
1122 #### Windows (Intune)
1123 OMA-URI:
1124 ```
1125 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1126 ```
1127 Value (string):
1128 ```
1129 <enabled/>
1130 <data id="Permissions" value="1&#xF000;https://example.com"/>
1131 ```
1132 OMA-URI:
1133 ```
1134 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1135 ```
1136 Value (string):
1137 ```
1138 <enabled/>
1139 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1140 ```
1141 OMA-URI:
1142 ```
1143 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1144 ```
1145 Value (string):
1146 ```
1147 <enabled/>
1148 <data id="Permissions" value="1&#xF000;https://example.org"/>
1149 ```
1150 OMA-URI:
1151 ```
1152 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1153 ```
1154 Value (string):
1155 ```
1156 <enabled/> or <disabled/>
1157 ```
1158 OMA-URI:
1159 ```
1160 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1161 ```
1162 Value (string):
1163 ```
1164 <enabled/>
1165 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1166 ```
1167 OMA-URI:
1168 ```
1169 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1170 ```
1171 Value (string):
1172 ```
1173 <enabled/> or <disabled/>
1174 ```
1175 OMA-URI:
1176 ```
1177 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1178 ```
1179 Value (string):
1180 ```
1181 <enabled/> or <disabled/>
1182 ```
1183 OMA-URI:
1184 ```
1185 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1186 ```
1187 Value (string):
1188 ```
1189 <enabled/> or <disabled/>
1190 ```
1191 OMA-URI:
1192 ```
1193 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1194 ```
1195 Value (string):
1196 ```
1197 <enabled/>
1198 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1199 ```
1200 OMA-URI:
1201 ```
1202 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1203 ```
1204 Value (string):
1205 ```
1206 <enabled/>
1207 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1208 ```
1209 #### macOS
1210 ```
1211 <dict>
1212 <key>Cookies</key>
1213 <dict>
1214 <key>Allow</key>
1215 <array>
1216 <string>http://example.com</string>
1217 </array>
1218 <key>AllowSession</key>
1219 <array>
1220 <string>http://example.edu</string>
1221 </array>
1222 <key>Block</key>
1223 <array>
1224 <string>http://example.org</string>
1225 </array>
1226 <key>Default</key>
1227 <true/> | <false/>
1228 <key>AcceptThirdParty</key>
1229 <string>always | never | from-visited</string>
1230 <key>ExpireAtSessionEnd</key>
1231 <true/> | <false/>
1232 <key>RejectTracker</key>
1233 <true/> | <false/>
1234 <key>Locked</key>
1235 <true/> | <false/>
1236 <key>Behavior</key>
1237 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1238 <key>BehaviorPrivateBrowsing</key>
1239 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1240 </dict>
1241 </dict>
1242 ```
1243 #### policies.json
1244 ```
1245 {
1246 "policies": {
1247 "Cookies": {
1248 "Allow": ["http://example.org/"],
1249 "AllowSession": ["http://example.edu/"],
1250 "Block": ["http://example.edu/"],
1251 "Default": true | false,
1252 "AcceptThirdParty": "always" | "never" | "from-visited",
1253 "ExpireAtSessionEnd": true | false,
1254 "RejectTracker": true | false,
1255 "Locked": true | false,
1256 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1257 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1258 }
1259 }
1260 }
1261 ```
1262 ### DefaultDownloadDirectory
1263 Set the default download directory.
1264
1265 You can use ${home} for the native home directory.
1266
1267 **Compatibility:** Firefox 68, Firefox ESR 68\
1268 **CCK2 Equivalent:** N/A\
1269 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1270
1271 #### Windows (GPO)
1272 ```
1273 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1274 ```
1275 #### Windows (Intune)
1276 OMA-URI:
1277 ```
1278 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1279 ```
1280 Value (string):
1281 ```
1282 <enabled/>
1283 <data id="Preferences_String" value="${home}\Downloads"/>
1284 ```
1285 #### macOS
1286 ```
1287 <dict>
1288 <key>DefaultDownloadDirectory</key>
1289 <string>${home}/Downloads</string>
1290 </dict>
1291 ```
1292 #### policies.json (macOS and Linux)
1293 ```
1294 {
1295 "policies": {
1296 "DefaultDownloadDirectory": "${home}/Downloads"
1297 }
1298 }
1299 ```
1300 #### policies.json (Windows)
1301 ```
1302 {
1303 "policies": {
1304 "DefaultDownloadDirectory": "${home}\\Downloads"
1305 }
1306 }
1307 ```
1308 ### DisableAppUpdate
1309 Turn off application updates within Firefox.
1310
1311 **Compatibility:** Firefox 60, Firefox ESR 60\
1312 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1313 **Preferences Affected:** N/A
1314
1315 #### Windows (GPO)
1316 ```
1317 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1318 ```
1319 #### Windows (Intune)
1320 OMA-URI:
1321 ```
1322 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1323 ```
1324 Value (string):
1325 ```
1326 <enabled/> or <disabled/>
1327 ```
1328 #### macOS
1329 ```
1330 <dict>
1331 <key>DisableAppUpdate</key>
1332 <true/> | <false/>
1333 </dict>
1334 ```
1335 #### policies.json
1336 ```
1337 {
1338 "policies": {
1339 "DisableAppUpdate": true | false
1340 }
1341 }
1342 ```
1343 ### DisableBuiltinPDFViewer
1344 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1345
1346 **Compatibility:** Firefox 60, Firefox ESR 60\
1347 **CCK2 Equivalent:** `disablePDFjs`\
1348 **Preferences Affected:** `pdfjs.disabled`
1349
1350 #### Windows (GPO)
1351 ```
1352 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1353 ```
1354 #### Windows (Intune)
1355 OMA-URI:
1356 ```
1357 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1358 ```
1359 Value (string):
1360 ```
1361 <enabled/> or <disabled/>
1362 ```
1363 #### macOS
1364 ```
1365 <dict>
1366 <key>DisableBuiltinPDFViewer</key>
1367 <true/> | <false/>
1368 </dict>
1369 ```
1370 #### policies.json
1371 ```
1372 {
1373 "policies": {
1374 "DisableBuiltinPDFViewer": true | false
1375 }
1376 }
1377 ```
1378 ### DisabledCiphers
1379 Disable specific cryptographic ciphers, listed below.
1380
1381 ```
1382 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1383 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1385 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1386 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1387 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1388 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1389 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1390 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1391 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1392 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1393 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1394 TLS_RSA_WITH_AES_128_GCM_SHA256
1395 TLS_RSA_WITH_AES_256_GCM_SHA384
1396 TLS_RSA_WITH_AES_128_CBC_SHA
1397 TLS_RSA_WITH_AES_256_CBC_SHA
1398 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1399 ```
1400
1401 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1402
1403 ---
1404 **Note:**
1405
1406 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1407
1408 ---
1409 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1410 **CCK2 Equivalent:** N/A\
1411 **Preferences Affected:** N/A
1412
1413 #### Windows (GPO)
1414 ```
1415 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1416 ```
1417 #### Windows (Intune)
1418 OMA-URI:
1419 ```
1420 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1421
1422 ```
1423 Value (string):
1424 ```
1425 <enabled/> or <disabled/>
1426 ```
1427 #### macOS
1428 ```
1429 <dict>
1430 <key>DisabledCiphers</key>
1431 <dict>
1432 <key>CIPHER_NAME</key>
1433 <true/> | <false/>
1434 </dict>
1435 </dict>
1436 ```
1437 #### policies.json
1438 ```
1439 {
1440 "policies": {
1441 "DisabledCiphers": {
1442 "CIPHER_NAME": true | false,
1443 }
1444 }
1445 }
1446 ```
1447 ### DisableDefaultBrowserAgent
1448 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1449
1450 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1451
1452 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1453 **CCK2 Equivalent:** N/A\
1454 **Preferences Affected:** N/A
1455
1456 #### Windows (GPO)
1457 ```
1458 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1459 ```
1460 #### Windows (Intune)
1461 OMA-URI:
1462 ```
1463 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1464 ```
1465 Value (string):
1466 ```
1467 <enabled/> or <disabled/>
1468 ```
1469 #### policies.json
1470 ```
1471 {
1472 "policies": {
1473 "DisableDefaultBrowserAgent": true | false
1474 }
1475 }
1476 ```
1477 ### DisableDeveloperTools
1478 Remove access to all developer tools.
1479
1480 **Compatibility:** Firefox 60, Firefox ESR 60\
1481 **CCK2 Equivalent:** `removeDeveloperTools`\
1482 **Preferences Affected:** `devtools.policy.disabled`
1483
1484 #### Windows (GPO)
1485 ```
1486 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1487 ```
1488 #### Windows (Intune)
1489 OMA-URI:
1490 ```
1491 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1492 ```
1493 Value (string):
1494 ```
1495 <enabled/> or <disabled/>
1496 ```
1497 #### macOS
1498 ```
1499 <dict>
1500 <key>DisableDeveloperTools</key>
1501 <true/> | <false/>
1502 </dict>
1503 ```
1504 #### policies.json
1505 ```
1506 {
1507 "policies": {
1508 "DisableDeveloperTools": true | false
1509 }
1510 }
1511 ```
1512 ### DisableFeedbackCommands
1513 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1514
1515 **Compatibility:** Firefox 60, Firefox ESR 60\
1516 **CCK2 Equivalent:** N/A\
1517 **Preferences Affected:** N/A
1518
1519 #### Windows (GPO)
1520 ```
1521 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1522 ```
1523 #### Windows (Intune)
1524 OMA-URI:
1525 ```
1526 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1527 ```
1528 Value (string):
1529 ```
1530 <enabled/> or <disabled/>
1531 ```
1532 #### macOS
1533 ```
1534 <dict>
1535 <key>DisableFeedbackCommands</key>
1536 <true/> | <false/>
1537 </dict>
1538 ```
1539 #### policies.json
1540 ```
1541 {
1542 "policies": {
1543 "DisableFeedbackCommands": true | false
1544 }
1545 }
1546 ```
1547 ### DisableFirefoxAccounts
1548 Disable Firefox Accounts integration (Sync).
1549
1550 **Compatibility:** Firefox 60, Firefox ESR 60\
1551 **CCK2 Equivalent:** `disableSync`\
1552 **Preferences Affected:** `identity.fxaccounts.enabled`
1553
1554 #### Windows (GPO)
1555 ```
1556 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1557 ```
1558 #### Windows (Intune)
1559 OMA-URI:
1560 ```
1561 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1562 ```
1563 Value (string):
1564 ```
1565 <enabled/> or <disabled/>
1566 ```
1567 #### macOS
1568 ```
1569 <dict>
1570 <key>DisableFirefoxAccounts</key>
1571 <true/> | <false/>
1572 </dict>
1573 ```
1574 #### policies.json
1575 ```
1576 {
1577 "policies": {
1578 "DisableFirefoxAccounts": true | false
1579 }
1580 }
1581 ```
1582 ### DisableFirefoxScreenshots
1583 Remove access to Firefox Screenshots.
1584
1585 **Compatibility:** Firefox 60, Firefox ESR 60\
1586 **CCK2 Equivalent:** N/A\
1587 **Preferences Affected:** `extensions.screenshots.disabled`
1588
1589 #### Windows (GPO)
1590 ```
1591 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1592 ```
1593 #### Windows (Intune)
1594 OMA-URI:
1595 ```
1596 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1597 ```
1598 Value (string):
1599 ```
1600 <enabled/> or <disabled/>
1601 ```
1602 #### macOS
1603 ```
1604 <dict>
1605 <key>DisableFirefoxScreenshots</key>
1606 <true/> | <false/>
1607 </dict>
1608 ```
1609 #### policies.json
1610 ```
1611 {
1612 "policies": {
1613 "DisableFirefoxScreenshots": true | false
1614 }
1615 }
1616 ```
1617 ### DisableFirefoxStudies
1618 Disable Firefox studies (Shield).
1619
1620 **Compatibility:** Firefox 60, Firefox ESR 60\
1621 **CCK2 Equivalent:** N/A\
1622 **Preferences Affected:** N/A
1623
1624 #### Windows (GPO)
1625 ```
1626 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1627 ```
1628 #### Windows (Intune)
1629 OMA-URI:
1630 ```
1631 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1632 ```
1633 Value (string):
1634 ```
1635 <enabled/> or <disabled/>
1636 ```
1637 #### macOS
1638 ```
1639 <dict>
1640 <key>DisableFirefoxStudies</key>
1641 <true/> | <false/>
1642 </dict>
1643 ```
1644 #### policies.json
1645 ```
1646 {
1647 "policies": {
1648 "DisableFirefoxStudies": true | false
1649 }
1650 }
1651 ```
1652 ### DisableForgetButton
1653 Disable the "Forget" button.
1654
1655 **Compatibility:** Firefox 60, Firefox ESR 60\
1656 **CCK2 Equivalent:** `disableForget`\
1657 **Preferences Affected:** N/A
1658
1659 #### Windows (GPO)
1660 ```
1661 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1662 ```
1663 #### Windows (Intune)
1664 OMA-URI:
1665 ```
1666 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1667 ```
1668 Value (string):
1669 ```
1670 <enabled/> or <disabled/>
1671 ```
1672 #### macOS
1673 ```
1674 <dict>
1675 <key>DisableForgetButton</key>
1676 <true/> | <false/>
1677 </dict>
1678 ```
1679 #### policies.json
1680 ```
1681 {
1682 "policies": {
1683 "DisableForgetButton": true | false
1684 }
1685 }
1686 ```
1687 ### DisableFormHistory
1688 Turn off saving information on web forms and the search bar.
1689
1690 **Compatibility:** Firefox 60, Firefox ESR 60\
1691 **CCK2 Equivalent:** `disableFormFill`\
1692 **Preferences Affected:** `browser.formfill.enable`
1693
1694 #### Windows (GPO)
1695 ```
1696 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1697 ```
1698 #### Windows (Intune)
1699 OMA-URI:
1700 ```
1701 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1702 ```
1703 Value (string):
1704 ```
1705 <enabled/> or <disabled/>
1706 ```
1707 #### macOS
1708 ```
1709 <dict>
1710 <key>DisableFormHistory</key>
1711 <true/> | <false/>
1712 </dict>
1713 ```
1714 #### policies.json
1715 ```
1716 {
1717 "policies": {
1718 "DisableFormHistory": true | false
1719 }
1720 }
1721 ```
1722 ### DisableMasterPasswordCreation
1723 Remove the master password functionality.
1724
1725 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1726
1727 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1728
1729 **Compatibility:** Firefox 60, Firefox ESR 60\
1730 **CCK2 Equivalent:** `noMasterPassword`\
1731 **Preferences Affected:** N/A
1732
1733 #### Windows (GPO)
1734 ```
1735 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1736 ```
1737 #### Windows (Intune)
1738 OMA-URI:
1739 ```
1740 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1741 ```
1742 Value (string):
1743 ```
1744 <enabled/> or <disabled/>
1745 ```
1746 #### macOS
1747 ```
1748 <dict>
1749 <key>DisableMasterPasswordCreation</key>
1750 <true/> | <false/>
1751 </dict>
1752 ```
1753 #### policies.json
1754 ```
1755 {
1756 "policies": {
1757 "DisableMasterPasswordCreation": true | false
1758 }
1759 }
1760 ```
1761 ### DisablePasswordReveal
1762 Do not allow passwords to be shown in saved logins
1763
1764 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1765 **CCK2 Equivalent:** N/A
1766 **Preferences Affected:** N/A
1767
1768 #### Windows (GPO)
1769 ```
1770 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1771 ```
1772 #### Windows (Intune)
1773 OMA-URI:
1774 ```
1775 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1776 ```
1777 Value (string):
1778 ```
1779 <enabled/> or <disabled/>
1780 ```
1781 #### macOS
1782 ```
1783 <dict>
1784 <key>DisablePasswordReveal</key>
1785 <true/> | <false/>
1786 </dict>
1787 ```
1788 #### policies.json
1789 ```
1790 {
1791 "policies": {
1792 "DisablePasswordReveal": true | false
1793 }
1794 }
1795 ```
1796 ### DisablePocket
1797 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1798
1799 **Compatibility:** Firefox 60, Firefox ESR 60\
1800 **CCK2 Equivalent:** `disablePocket`\
1801 **Preferences Affected:** `extensions.pocket.enabled`
1802
1803 #### Windows (GPO)
1804 ```
1805 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1806 ```
1807 #### Windows (Intune)
1808 OMA-URI:
1809 ```
1810 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1811 ```
1812 Value (string):
1813 ```
1814 <enabled/> or <disabled/>
1815 ```
1816 #### macOS
1817 ```
1818 <dict>
1819 <key>DisablePocket</key>
1820 <true/> | <false/>
1821 </dict>
1822 ```
1823 #### policies.json
1824 ```
1825 {
1826 "policies": {
1827 "DisablePocket": true | false
1828 }
1829 }
1830 ```
1831 ### DisablePrivateBrowsing
1832 Remove access to private browsing.
1833
1834 **Compatibility:** Firefox 60, Firefox ESR 60\
1835 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1836 **Preferences Affected:** N/A
1837
1838 #### Windows (GPO)
1839 ```
1840 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1841 ```
1842 #### Windows (Intune)
1843 OMA-URI:
1844 ```
1845 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1846 ```
1847 Value (string):
1848 ```
1849 <enabled/> or <disabled/>
1850 ```
1851 #### macOS
1852 ```
1853 <dict>
1854 <key>DisablePrivateBrowsing</key>
1855 <true/> | <false/>
1856 </dict>
1857 ```
1858 #### policies.json
1859 ```
1860 {
1861 "policies": {
1862 "DisablePrivateBrowsing": true | false
1863 }
1864 }
1865 ```
1866 ### DisableProfileImport
1867 Disables the "Import data from another browser" option in the bookmarks window.
1868
1869 **Compatibility:** Firefox 60, Firefox ESR 60\
1870 **CCK2 Equivalent:** N/A\
1871 **Preferences Affected:** N/A
1872
1873 #### Windows (GPO)
1874 ```
1875 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1876 ```
1877 #### Windows (Intune)
1878 OMA-URI:
1879 ```
1880 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1881 ```
1882 Value (string):
1883 ```
1884 <enabled/> or <disabled/>
1885 ```
1886 #### macOS
1887 ```
1888 <dict>
1889 <key>DisableProfileImport</key>
1890 <true/> | <false/>
1891 </dict>
1892 ```
1893 #### policies.json
1894 ```
1895 {
1896 "policies": {
1897 "DisableProfileImport": true | false
1898 }
1899 }
1900 ```
1901 ### DisableProfileRefresh
1902 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1903
1904 **Compatibility:** Firefox 60, Firefox ESR 60\
1905 **CCK2 Equivalent:** `disableResetFirefox`\
1906 **Preferences Affected:** `browser.disableResetPrompt`
1907
1908 #### Windows (GPO)
1909 ```
1910 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1911 ```
1912 #### Windows (Intune)
1913 OMA-URI:
1914 ```
1915 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1916 ```
1917 Value (string):
1918 ```
1919 <enabled/> or <disabled/>
1920 ```
1921 #### macOS
1922 ```
1923 <dict>
1924 <key>DisableProfileRefresh</key>
1925 <true/> | <false/>
1926 </dict>
1927 ```
1928 #### policies.json
1929 ```
1930 {
1931 "policies": {
1932 "DisableProfileRefresh": true | false
1933 }
1934 }
1935 ```
1936 ### DisableSafeMode
1937 Disable safe mode within the browser.
1938
1939 On Windows, this disables safe mode via the command line as well.
1940
1941 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1942 **CCK2 Equivalent:** `disableSafeMode`\
1943 **Preferences Affected:** N/A
1944
1945 #### Windows (GPO)
1946 ```
1947 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1948 ```
1949 #### Windows (Intune)
1950 OMA-URI:
1951 ```
1952 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1953 ```
1954 Value (string):
1955 ```
1956 <enabled/> or <disabled/>
1957 ```
1958 #### macOS
1959 ```
1960 <dict>
1961 <key>DisableSafeMode</key>
1962 <true/> | <false/>
1963 </dict>
1964 ```
1965 #### policies.json
1966 ```
1967 {
1968 "policies": {
1969 "DisableSafeMode": true | false
1970 }
1971 }
1972 ```
1973 ### DisableSecurityBypass
1974 Prevent the user from bypassing security in certain cases.
1975
1976 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1977
1978 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1979
1980 **Compatibility:** Firefox 60, Firefox ESR 60\
1981 **CCK2 Equivalent:** N/A\
1982 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
1983
1984 #### Windows (GPO)
1985 ```
1986 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
1987 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
1988 ```
1989 #### Windows (Intune)
1990 OMA-URI:
1991 ```
1992 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
1993 ```
1994 Value (string):
1995 ```
1996 <enabled/> or <disabled/>
1997 ```
1998 OMA-URI:
1999 ```
2000 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2001 ```
2002 Value (string):
2003 ```
2004 <enabled/> or <disabled/>
2005 ```
2006
2007 #### macOS
2008 ```
2009 <dict>
2010 <key>DisableSecurityBypass</key>
2011 <dict>
2012 <key>InvalidCertificate</key>
2013 <true/> | <false/>
2014 <key>SafeBrowsing</key>
2015 <true/> | <false/>
2016 </dict>
2017 </dict>
2018 ```
2019 #### policies.json
2020 ```
2021 {
2022 "policies": {
2023 "DisableSecurityBypass": {
2024 "InvalidCertificate": true | false,
2025 "SafeBrowsing": true | false
2026 }
2027 }
2028 }
2029 ```
2030 ### DisableSetDesktopBackground
2031 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2032
2033 **Compatibility:** Firefox 60, Firefox ESR 60\
2034 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2035 **Preferences Affected:** N/A
2036
2037 #### Windows (GPO)
2038 ```
2039 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2040 ```
2041 #### Windows (Intune)
2042 OMA-URI:
2043 ```
2044 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2045 ```
2046 Value (string):
2047 ```
2048 <enabled/> or <disabled/>
2049 ```
2050 #### macOS
2051 ```
2052 <dict>
2053 <key>DisableSetDesktopBackground</key>
2054 <true/> | <false/>
2055 </dict>
2056 ```
2057 #### policies.json
2058 ```
2059 {
2060 "policies": {
2061 "DisableSetDesktopBackground": true | false
2062 }
2063 }
2064 ```
2065 ### DisableSystemAddonUpdate
2066 Prevent system add-ons from being installed or updated.
2067
2068 **Compatibility:** Firefox 60, Firefox ESR 60\
2069 **CCK2 Equivalent:** N/A\
2070 **Preferences Affected:** N/A
2071
2072 #### Windows (GPO)
2073 ```
2074 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2075 ```
2076 #### Windows (Intune)
2077 OMA-URI:
2078 ```
2079 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2080 ```
2081 Value (string):
2082 ```
2083 <enabled/> or <disabled/>
2084 ```
2085 #### macOS
2086 ```
2087 <dict>
2088 <key>DisableSystemAddonUpdate</key>
2089 <true/> | <false/>
2090 </dict>
2091 ```
2092 #### policies.json
2093 ```
2094 {
2095 "policies": {
2096 "DisableSystemAddonUpdate": true | false
2097 }
2098 }
2099 ```
2100 ### DisableTelemetry
2101 Prevent the upload of telemetry data.
2102
2103 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2104
2105 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2106
2107 **Compatibility:** Firefox 60, Firefox ESR 60\
2108 **CCK2 Equivalent:** `disableTelemetry`\
2109 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2110
2111 #### Windows (GPO)
2112 ```
2113 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2114 ```
2115 #### Windows (Intune)
2116 OMA-URI:
2117 ```
2118 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2119 ```
2120 Value (string):
2121 ```
2122 <enabled/> or <disabled/>
2123 ```
2124 #### macOS
2125 ```
2126 <dict>
2127 <key>DisableTelemetry</key>
2128 <true/> | <false/>
2129 </dict>
2130 ```
2131 #### policies.json
2132 ```
2133 {
2134 "policies": {
2135 "DisableTelemetry": true | false
2136 }
2137 }
2138 ```
2139 ### DisableThirdPartyModuleBlocking
2140 Do not allow blocking third-party modules from the `about:third-party` page.
2141
2142 This policy only works on Windows through GPO (not policies.json).
2143
2144 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2145 **CCK2 Equivalent:** N/A\
2146 **Preferences Affected:** N/A
2147
2148 #### Windows (GPO)
2149 ```
2150 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2151 ```
2152 #### Windows (Intune)
2153 OMA-URI:
2154 ```
2155 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2156 ```
2157 Value (string):
2158 ```
2159 <enabled/> or <disabled/>
2160 ```
2161 ### DisplayBookmarksToolbar
2162 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2163
2164 `always` means the bookmarks toolbar is always shown.
2165
2166 `never` means the bookmarks toolbar is not shown.
2167
2168 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2169
2170 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2171 **CCK2 Equivalent:** N/A\
2172 **Preferences Affected:** N/A
2173
2174 #### Windows (GPO)
2175 ```
2176 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2177 ```
2178 #### Windows (Intune)
2179 OMA-URI:
2180 ```
2181 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2182 ```
2183 Value (string):
2184 ```
2185 <enabled/>
2186 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2187 ```
2188 #### macOS
2189 ```
2190 <dict>
2191 <key>DisplayBookmarksToolbar</key>
2192 <string>always | never | newtab</string>
2193 </dict>
2194 ```
2195 #### policies.json
2196 ```
2197 {
2198 "policies": {
2199 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2200 }
2201 }
2202 ```
2203 ### DisplayMenuBar
2204 Set the state of the menubar.
2205
2206 `always` means the menubar is shown and cannot be hidden.
2207
2208 `never` means the menubar is hidden and cannot be shown.
2209
2210 `default-on` means the menubar is on by default but can be hidden.
2211
2212 `default-off` means the menubar is off by default but can be shown.
2213
2214 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2215 **CCK2 Equivalent:** `displayMenuBar`\
2216 **Preferences Affected:** N/A
2217
2218 #### Windows (GPO)
2219 ```
2220 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2221 ```
2222 #### Windows (Intune)
2223 OMA-URI:
2224 ```
2225 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2226 ```
2227 Value (string):
2228 ```
2229 <enabled/>
2230 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2231 ```
2232 #### macOS
2233 ```
2234 <dict>
2235 <key>DisplayMenuBar</key>
2236 <string>always | never | default-on | default-off</string>
2237 </dict>
2238 ```
2239 #### policies.json
2240 ```
2241 {
2242 "policies": {
2243 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2244 }
2245 }
2246 ```
2247 ### DNSOverHTTPS
2248 Configure DNS over HTTPS.
2249
2250 `Enabled` determines whether DNS over HTTPS is enabled
2251
2252 `ProviderURL` is a URL to another provider.
2253
2254 `Locked` prevents the user from changing DNS over HTTPS preferences.
2255
2256 `ExcludedDomains` excludes domains from DNS over HTTPS.
2257
2258 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
2259 **CCK2 Equivalent:** N/A\
2260 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2261
2262 #### Windows (GPO)
2263 ```
2264 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2265 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2266 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2267 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2268 ```
2269 #### Windows (Intune)
2270 OMA-URI:
2271 ```
2272 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2273 ```
2274 Value (string):
2275 ```
2276 <enabled/> or <disabled/>
2277 ```
2278 OMA-URI:
2279 ```
2280 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2281 ```
2282 Value (string):
2283 ```
2284 <enabled/>
2285 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2286 ```
2287 OMA-URI:
2288 ```
2289 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2290 ```
2291 Value (string):
2292 ```
2293 <enabled/> or <disabled/>
2294 ```
2295 OMA-URI:
2296 ```
2297 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2298 ```
2299 Value (string):
2300 ```
2301 <enabled/>
2302 <data id="List" value="1&#xF000;example.com"/>
2303 ```
2304 #### macOS
2305 ```
2306 <dict>
2307 <key>DNSOverHTTPS</key>
2308 <dict>
2309 <key>Enabled</key>
2310 <true/> | <false/>
2311 <key>ProviderURL</key>
2312 <string>URL_TO_ALTERNATE_PROVIDER</string>
2313 <key>Locked</key>
2314 <true/> | <false/>
2315 <key>ExcludedDomains</key>
2316 <array>
2317 <string>example.com</string>
2318 </array>
2319 </dict>
2320 </dict>
2321 ```
2322 #### policies.json
2323 ```
2324 {
2325 "policies": {
2326 "DNSOverHTTPS": {
2327 "Enabled": true | false,
2328 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2329 "Locked": true | false,
2330 "ExcludedDomains": ["example.com"]
2331 }
2332 }
2333 }
2334 ```
2335 ### DontCheckDefaultBrowser
2336 Don't check if Firefox is the default browser at startup.
2337
2338 **Compatibility:** Firefox 60, Firefox ESR 60\
2339 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2340 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2341
2342 #### Windows (GPO)
2343 ```
2344 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2345 ```
2346 #### Windows (Intune)
2347 OMA-URI:
2348 ```
2349 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2350 ```
2351 Value (string):
2352 ```
2353 <enabled/> or <disabled/>
2354 ```
2355 #### macOS
2356 ```
2357 <dict>
2358 <key>DontCheckDefaultBrowser</key>
2359 <true/> | <false/>
2360 </dict>
2361 ```
2362 #### policies.json
2363 ```
2364 {
2365 "policies": {
2366 "DontCheckDefaultBrowser": true | false
2367 }
2368 }
2369 ```
2370 ### DownloadDirectory
2371 Set and lock the download directory.
2372
2373 You can use ${home} for the native home directory.
2374
2375 **Compatibility:** Firefox 68, Firefox ESR 68\
2376 **CCK2 Equivalent:** N/A\
2377 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2378
2379 #### Windows (GPO)
2380 ```
2381 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2382 ```
2383 #### Windows (Intune)
2384 OMA-URI:
2385 ```
2386 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2387 ```
2388 Value (string):
2389 ```
2390 <enabled/>
2391 <data id="Preferences_String" value="${home}\Downloads"/>
2392 ```
2393 #### macOS
2394 ```
2395 <dict>
2396 <key>DownloadDirectory</key>
2397 <string>${home}/Downloads</string>
2398 </dict>
2399 ```
2400 #### policies.json (macOS and Linux)
2401 ```
2402 {
2403 "policies": {
2404 "DownloadDirectory": "${home}/Downloads"
2405 }
2406 ```
2407 #### policies.json (Windows)
2408 ```
2409 {
2410 "policies": {
2411 "DownloadDirectory": "${home}\\Downloads"
2412 }
2413 ```
2414 ### EnableTrackingProtection
2415 Configure tracking protection.
2416
2417 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2418
2419 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2420
2421 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2422
2423 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2424
2425 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2426
2427 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2428
2429 `Exceptions` are origins for which tracking protection is not enabled.
2430
2431 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2432 **CCK2 Equivalent:** N/A\
2433 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2434
2435 #### Windows (GPO)
2436 ```
2437 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2438 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2439 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2440 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2441 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2442 ```
2443 #### Windows (Intune)
2444 OMA-URI:
2445 ```
2446 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2447 ```
2448 Value (string):
2449 ```
2450 <enabled/> or <disabled/>
2451 ```
2452 OMA-URI:
2453 ```
2454 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2455 ```
2456 Value (string):
2457 ```
2458 <enabled/> or <disabled/>
2459 ```
2460 OMA-URI:
2461 ```
2462 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2463 ```
2464 Value (string):
2465 ```
2466 <enabled/> or <disabled/>
2467 ```
2468 OMA-URI:
2469 ```
2470 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2471 ```
2472 Value (string):
2473 ```
2474 <enabled/>
2475 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2476 ```
2477 OMA-URI:
2478 ```
2479 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2480 ```
2481 Value (string):
2482 ```
2483 <enabled/> or <disabled/>
2484 ```
2485 #### macOS
2486 ```
2487 <dict>
2488 <key>EnableTrackingProtection</key>
2489 <dict>
2490 <key>Value</key>
2491 <true/> | <false/>
2492 <key>Locked</key>
2493 <true/> | <false/>
2494 <key>Cryptomining</key>
2495 <true/> | <false/>
2496 <key>Fingerprinting</key>
2497 <true/> | <false/>
2498 <key>Exceptions</key>
2499 <array>
2500 <string>https://example.com</string>
2501 </array>
2502 </dict>
2503 </dict>
2504 ```
2505 #### policies.json
2506 ```
2507 {
2508 "policies": {
2509 "EnableTrackingProtection": {
2510 "Value": true | false,
2511 "Locked": true | false,
2512 "Cryptomining": true | false,
2513 "Fingerprinting": true | false,
2514 "Exceptions": ["https://example.com"]
2515 }
2516 }
2517 }
2518 ```
2519 ### EncryptedMediaExtensions
2520 Enable or disable Encrypted Media Extensions and optionally lock it.
2521
2522 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2523
2524 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2525
2526 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2527 **CCK2 Equivalent:** N/A\
2528 **Preferences Affected:** `media.eme.enabled`
2529
2530 #### Windows (GPO)
2531 ```
2532 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2533 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2534 ```
2535 #### Windows (Intune)
2536 OMA-URI:
2537 ```
2538 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2539 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2540 ```
2541 Value (string):
2542 ```
2543 <enabled/>or <disabled/>
2544 ```
2545 #### macOS
2546 ```
2547 <dict>
2548 <key>EncryptedMediaExtensions</key>
2549 <dict>
2550 <key>Enabled</key>
2551 <true/> | <false/>
2552 <key>Locked</key>
2553 <true/> | <false/>
2554 </dict>
2555 </dict>
2556 ```
2557 #### policies.json
2558 ```
2559 {
2560 "policies": {
2561 "EncryptedMediaExtensions": {
2562 "Enabled": true | false,
2563 "Locked": true | false
2564 }
2565 }
2566 }
2567 ```
2568 ### EnterprisePoliciesEnabled
2569 Enable policy support on macOS.
2570
2571 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2572 **CCK2 Equivalent:** N/A\
2573 **Preferences Affected:** N/A
2574
2575 #### macOS
2576 ```
2577 <dict>
2578 <key>EnterprisePoliciesEnabled</key>
2579 <true/>
2580 </dict>
2581 ```
2582 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2583
2584 Disable warnings based on file extension for specific file types on domains.
2585
2586 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2587
2588 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2589
2590 **Compatibility:** Firefox 102\
2591 **CCK2 Equivalent:** N/A\
2592 **Preferences Affected:** N/A
2593
2594 #### Windows (GPO)
2595 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2596 ```
2597 [
2598 {
2599 "file_extension": "jnlp",
2600 "domains": ["example.com"]
2601 }
2602 ]
2603 ```
2604 #### Windows (Intune)
2605 OMA-URI:
2606 ```
2607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2608 ```
2609 Value (string):
2610 ```
2611 <enabled/>
2612 <data id="JSON" value='
2613 [
2614 {
2615 "file_extension": "jnlp",
2616 "domains": ["example.com"]
2617 }
2618 ]
2619 '/>
2620 ```
2621 #### macOS
2622 ```
2623 <dict>
2624 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2625 <array>
2626 <dict>
2627 <key>file_extension</key>
2628 <string>jnlp</string>
2629 <key>domains</key>
2630 <array>
2631 <string>example.com</string>
2632 </array>
2633 </dict>
2634 </array>
2635 </dict>
2636 ```
2637 #### policies.json
2638 ```
2639 {
2640 "policies": {
2641 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2642 "file_extension": "jnlp",
2643 "domains": ["example.com"]
2644 }]
2645 }
2646 }
2647 ```
2648 ### Extensions
2649 Control the installation, uninstallation and locking of extensions.
2650
2651 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2652
2653 `Install` is a list of URLs or native paths for extensions to be installed.
2654
2655 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2656
2657 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2658
2659 **Compatibility:** Firefox 60, Firefox ESR 60\
2660 **CCK2 Equivalent:** `addons`\
2661 **Preferences Affected:** N/A
2662
2663 #### Windows (GPO)
2664 ```
2665 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2666 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2667 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2668 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2669 ```
2670 #### Windows (Intune)
2671 OMA-URI:
2672 ```
2673 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2674 ```
2675 Value (string):
2676 ```
2677 <enabled/>
2678 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2679 ```
2680 OMA-URI:
2681 ```
2682 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2683 ```
2684 Value (string):
2685 ```
2686 <enabled/>
2687 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2688 ```
2689 OMA-URI:
2690 ```
2691 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2692 ```
2693 Value (string):
2694 ```
2695 <enabled/>
2696 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2697 ```
2698 #### macOS
2699 ```
2700 <dict>
2701 <key>Extensions</key>
2702 <dict>
2703 <key>Install</key>
2704 <array>
2705 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2706 <string>//path/to/xpi</string>
2707 </array>
2708 <key>Uninstall</key>
2709 <array>
2710 <string>bad_addon_id@mozilla.org</string>
2711 </array>
2712 <key>Locked</key>
2713 <array>
2714 <string>addon_id@mozilla.org</string>
2715 </array>
2716 </dict>
2717 </dict>
2718 ```
2719 #### policies.json
2720 ```
2721 {
2722 "policies": {
2723 "Extensions": {
2724 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2725 "Uninstall": ["bad_addon_id@mozilla.org"],
2726 "Locked": ["addon_id@mozilla.org"]
2727 }
2728 }
2729 }
2730 ```
2731 ### ExtensionSettings
2732 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2733
2734 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2735
2736 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2737
2738 The configuration for each extension is another dictionary that can contain the fields documented below.
2739
2740 | Name | Description |
2741 | --- | --- |
2742 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2743 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2744 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2745 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2746 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2747 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2748 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2749 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2750 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2751 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2752 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2753 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2754
2755 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2756 **CCK2 Equivalent:** N/A\
2757 **Preferences Affected:** N/A
2758
2759 #### Windows (GPO)
2760 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2761 ```
2762 {
2763 "*": {
2764 "blocked_install_message": "Custom error message.",
2765 "install_sources": ["https://yourwebsite.com/*"],
2766 "installation_mode": "blocked",
2767 "allowed_types": ["extension"]
2768 },
2769 "uBlock0@raymondhill.net": {
2770 "installation_mode": "force_installed",
2771 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2772 },
2773 "https-everywhere@eff.org": {
2774 "installation_mode": "allowed"
2775 }
2776 }
2777 ```
2778 #### Windows (Intune)
2779 OMA-URI:
2780 ```
2781 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2782 ```
2783 Value (string):
2784 ```
2785 <enabled/>
2786 <data id="ExtensionSettings" value='
2787 {
2788 "*": {
2789 "blocked_install_message": "Custom error message.",
2790 "install_sources": ["https://yourwebsite.com/*"],
2791 "installation_mode": "blocked",
2792 "allowed_types": ["extension"]
2793 },
2794 "uBlock0@raymondhill.net": {
2795 "installation_mode": "force_installed",
2796 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2797 },
2798 "https-everywhere@eff.org": {
2799 "installation_mode": "allowed"
2800 }
2801 }'/>
2802 ```
2803 #### macOS
2804 ```
2805 <dict>
2806 <key>ExtensionSettings</key>
2807 <dict>
2808 <key>*</key>
2809 <dict>
2810 <key>blocked_install_message</key>
2811 <string>Custom error message.</string>
2812 <key>install_sources</key>
2813 <array>
2814 <string>"https://yourwebsite.com/*"</string>
2815 </array>
2816 <key>installation_mode</key>
2817 <string>blocked</string>
2818 <key>allowed_types</key>
2819 <array>
2820 <string>extension</string>
2821 </array>
2822 </dict>
2823 <key>uBlock0@raymondhill.net</key>
2824 <dict>
2825 <key>installation_mode</key>
2826 <string>force_installed</string>
2827 <key>install_url</key>
2828 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2829 </dict>
2830 <key>https-everywhere@eff.org</key>
2831 <dict>
2832 <key>installation_mode</key>
2833 <string>allowed</string>
2834 </dict>
2835 </dict>
2836 </dict>
2837 ```
2838 #### policies.json
2839 ```
2840 {
2841 "policies": {
2842 "ExtensionSettings": {
2843 "*": {
2844 "blocked_install_message": "Custom error message.",
2845 "install_sources": ["https://yourwebsite.com/*"],
2846 "installation_mode": "blocked",
2847 "allowed_types": ["extension"]
2848 },
2849 "uBlock0@raymondhill.net": {
2850 "installation_mode": "force_installed",
2851 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2852 },
2853 "https-everywhere@eff.org": {
2854 "installation_mode": "allowed"
2855 }
2856 }
2857 }
2858 }
2859 ```
2860 ### ExtensionUpdate
2861 Control extension updates.
2862
2863 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2864 **CCK2 Equivalent:** N/A\
2865 **Preferences Affected:** `extensions.update.enabled`
2866
2867 #### Windows (GPO)
2868 ```
2869 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2870 ```
2871 #### Windows (Intune)
2872 OMA-URI:
2873 ```
2874 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2875 ```
2876 Value (string):
2877 ```
2878 <enabled/> or <disabled/>
2879 ```
2880 #### macOS
2881 ```
2882 <dict>
2883 <key>ExtensionUpdate</key>
2884 <true/> | <false/>
2885 </dict>
2886 ```
2887 #### policies.json
2888 ```
2889 {
2890 "policies": {
2891 "ExtensionUpdate": true | false
2892 }
2893 }
2894 ```
2895 ### FirefoxHome
2896 Customize the Firefox Home page.
2897
2898 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
2899 **CCK2 Equivalent:** N/A\
2900 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
2901
2902 #### Windows (GPO)
2903 ```
2904 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2905 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2906 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
2907 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2908 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2909 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
2910 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2911 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2912 ```
2913 #### Windows (Intune)
2914 OMA-URI:
2915 ```
2916 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2917 ```
2918 Value (string):
2919 ```
2920 <enabled/>
2921 <data id="FirefoxHome_Search" value="true | false"/>
2922 <data id="FirefoxHome_TopSites" value="true | false"/>
2923 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
2924 <data id="FirefoxHome_Highlights" value="true | false"/>
2925 <data id="FirefoxHome_Pocket" value="true | false"/>
2926 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
2927 <data id="FirefoxHome_Snippets" value="true | false"/>
2928 <data id="FirefoxHome_Locked" value="true | false"/>
2929 ```
2930 #### macOS
2931 ```
2932 <dict>
2933 <key>FirefoxHome</key>
2934 <dict>
2935 <key>Search</key>
2936 <true/> | <false/>
2937 <key>TopSites</key>
2938 <true/> | <false/>
2939 <key>SponsoredTopSites</key>
2940 <true/> | <false/>
2941 <key>Highlights</key>
2942 <true/> | <false/>
2943 <key>Pocket</key>
2944 <true/> | <false/>
2945 <key>SponsoredPocket</key>
2946 <true/> | <false/>
2947 <key>Snippets</key>
2948 <true/> | <false/>
2949 <key>Locked</key>
2950 <true/> | <false/>
2951 </dict>
2952 </dict>
2953 ```
2954 #### policies.json
2955 ```
2956 {
2957 "policies": {
2958 "FirefoxHome": {
2959 "Search": true | false,
2960 "TopSites": true | false,
2961 "SponsoredTopSites": true | false,
2962 "Highlights": true | false,
2963 "Pocket": true | false,
2964 "SponsoredPocket": true | false,
2965 "Snippets": true | false,
2966 "Locked": true | false
2967 }
2968 }
2969 }
2970 ```
2971 ### GoToIntranetSiteForSingleWordEntryInAddressBar
2972 Whether to always go through the DNS server before sending a single word search string to a search engine.
2973
2974 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
2975
2976 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
2977
2978 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
2979
2980 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
2981
2982 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
2983
2984 **Compatibility:** Firefox 104, Firefox ESR 102.2\
2985 **CCK2 Equivalent:** `N/A`\
2986 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
2987
2988 #### Windows (GPO)
2989 ```
2990 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
2991 ```
2992 #### Windows (Intune)
2993 OMA-URI:
2994 ```
2995 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
2996 ```
2997 Value (string):
2998 ```
2999 <enabled/> or <disabled/>
3000 ```
3001 #### macOS
3002 ```
3003 <dict>
3004 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3005 <true/> | <false/>
3006 </dict>
3007 ```
3008 #### policies.json
3009 ```
3010 {
3011 "policies": {
3012 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3013 }
3014 }
3015 ```
3016 ### Handlers
3017 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3018
3019 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3020
3021 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3022
3023 | Name | Description |
3024 | --- | --- |
3025 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3026 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3027 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3028 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3029 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3030 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3031
3032 **Compatibility:** Firefox 78, Firefox ESR 78\
3033 **CCK2 Equivalent:** N/A\
3034 **Preferences Affected:** N/A
3035
3036 #### Windows (GPO)
3037 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3038 ```
3039 {
3040 "mimeTypes": {
3041 "application/msword": {
3042 "action": "useSystemDefault",
3043 "ask": true | false
3044 }
3045 },
3046 "schemes": {
3047 "mailto": {
3048 "action": "useHelperApp",
3049 "ask": true | false,
3050 "handlers": [{
3051 "name": "Gmail",
3052 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3053 }]
3054 }
3055 },
3056 "extensions": {
3057 "pdf": {
3058 "action": "useHelperApp",
3059 "ask": true | false,
3060 "handlers": [{
3061 "name": "Adobe Acrobat",
3062 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3063 }]
3064 }
3065 }
3066 }
3067 ```
3068 #### Windows (Intune)
3069 OMA-URI:
3070 ```
3071 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3072 ```
3073 Value (string):
3074 ```
3075 <enabled/>
3076 <data id="Handlers" value='
3077 {
3078 "mimeTypes": {
3079 "application/msword": {
3080 "action": "useSystemDefault",
3081 "ask": true | false
3082 }
3083 },
3084 "schemes": {
3085 "mailto": {
3086 "action": "useHelperApp",
3087 "ask": true | false,
3088 "handlers": [{
3089 "name": "Gmail",
3090 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3091 }]
3092 }
3093 },
3094 "extensions": {
3095 "pdf": {
3096 "action": "useHelperApp",
3097 "ask": true | false,
3098 "handlers": [{
3099 "name": "Adobe Acrobat",
3100 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3101 }]
3102 }
3103 }
3104 }
3105 '/>
3106 ```
3107 #### macOS
3108 ```
3109 <dict>
3110 <key>Handlers</key>
3111 <dict>
3112 <key>mimeTypes</key>
3113 <dict>
3114 <key>application/msword</key>
3115 <dict>
3116 <key>action</key>
3117 <string>useSystemDefault</string>
3118 <key>ask</key>
3119 <true/> | <false/>
3120 </dict>
3121 </dict>
3122 <key>schemes</key>
3123 <dict>
3124 <key>mailto</key>
3125 <dict>
3126 <key>action</key>
3127 <string>useHelperApp</string>
3128 <key>ask</key>
3129 <true/> | <false/>
3130 <key>handlers</key>
3131 <array>
3132 <dict>
3133 <key>name</key>
3134 <string>Gmail</string>
3135 <key>uriTemplate</key>
3136 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3137 </dict>
3138 </array>
3139 </dict>
3140 </dict>
3141 <key>extensions</key>
3142 <dict>
3143 <key>pdf</key>
3144 <dict>
3145 <key>action</key>
3146 <string>useHelperApp</string>
3147 <key>ask</key>
3148 <true/> | <false/>
3149 <key>handlers</key>
3150 <array>
3151 <dict>
3152 <key>name</key>
3153 <string>Adobe Acrobat</string>
3154 <key>path</key>
3155 <string>/System/Applications/Preview.app</string>
3156 </dict>
3157 </array>
3158 </dict>
3159 </dict>
3160 </dict>
3161 </dict>
3162 ```
3163 #### policies.json
3164 ```
3165 {
3166 "policies": {
3167 "Handlers": {
3168 "mimeTypes": {
3169 "application/msword": {
3170 "action": "useSystemDefault",
3171 "ask": false
3172 }
3173 },
3174 "schemes": {
3175 "mailto": {
3176 "action": "useHelperApp",
3177 "ask": true | false,
3178 "handlers": [{
3179 "name": "Gmail",
3180 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3181 }]
3182 }
3183 },
3184 "extensions": {
3185 "pdf": {
3186 "action": "useHelperApp",
3187 "ask": true | false,
3188 "handlers": [{
3189 "name": "Adobe Acrobat",
3190 "path": "/usr/bin/acroread"
3191 }]
3192 }
3193 }
3194 }
3195 }
3196 }
3197 ```
3198 ### HardwareAcceleration
3199 Control hardware acceleration.
3200
3201 **Compatibility:** Firefox 60, Firefox ESR 60\
3202 **CCK2 Equivalent:** N/A\
3203 **Preferences Affected:** `layers.acceleration.disabled`
3204
3205 #### Windows (GPO)
3206 ```
3207 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3208 ```
3209 #### Windows (Intune)
3210 OMA-URI:
3211 ```
3212 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3213 ```
3214 Value (string):
3215 ```
3216 <enabled/> or <disabled/>
3217 ```
3218 #### macOS
3219 ```
3220 <dict>
3221 <key>HardwareAcceleration</key>
3222 <true/> | <false/>
3223 </dict>
3224 ```
3225 #### policies.json
3226 ```
3227 {
3228 "policies": {
3229 "HardwareAcceleration": true | false
3230 }
3231 }
3232 ```
3233 ### Homepage
3234 Configure the default homepage and how Firefox starts.
3235
3236 `URL` is the default homepage.
3237
3238 `Locked` prevents the user from changing homepage preferences.
3239
3240 `Additional` allows for more than one homepage.
3241
3242 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3243
3244 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3245
3246 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3247 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3248 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3249
3250 #### Windows (GPO)
3251 ```
3252 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3253 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3254 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3255 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3256 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3257 ```
3258 #### Windows (Intune)
3259 OMA-URI:
3260 ```
3261 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3262 ```
3263 Value (string):
3264 ```
3265 <enabled/>
3266
3267 <data id="HomepageURL" value="https://example.com"/>
3268 <data id="HomepageLocked" value="true | false"/>
3269 ```
3270 OMA-URI:
3271 ```
3272 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3273 ```
3274 Value (string):
3275 ```
3276 <enabled/>
3277
3278 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3279 ```
3280 OMA-URI:
3281 ```
3282 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3283 ```
3284 Value (string):
3285 ```
3286 <enabled/>
3287
3288 <data id="StartPage" value="none | homepage | previous-session"/>
3289 ```
3290 #### macOS
3291 ```
3292 <dict>
3293 <key>Homepage</key>
3294 <dict>
3295 <key>URL</key>
3296 <string>http://example.com</string>
3297 <key>Locked</key>
3298 <true/> | <false/>
3299 <key>Additional</key>
3300 <array>
3301 <string>http://example.org</string>
3302 <string>http://example.edu</string>
3303 </array>
3304 <key>StartPage</key>
3305 <string>none | homepage | previous-session | homepage-locked</string>
3306 </dict>
3307 </dict>
3308 ```
3309 #### policies.json
3310 ```
3311 {
3312 "policies": {
3313 "Homepage": {
3314 "URL": "http://example.com/",
3315 "Locked": true | false,
3316 "Additional": ["http://example.org/",
3317 "http://example.edu/"],
3318 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3319 }
3320 }
3321 }
3322 ```
3323 ### InstallAddonsPermission
3324 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3325
3326 `Allow` is a list of origins where extension installs are allowed.
3327
3328 `Default` determines whether or not extension installs are allowed by default.
3329
3330 **Compatibility:** Firefox 60, Firefox ESR 60\
3331 **CCK2 Equivalent:** `permissions.install`\
3332 **Preferences Affected:** `xpinstall.enabled`
3333
3334 #### Windows (GPO)
3335 ```
3336 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3337 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3338 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3339 ```
3340 #### Windows (Intune)
3341 OMA-URI:
3342 ```
3343 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3344 ```
3345 Value (string):
3346 ```
3347 <enabled/>
3348 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3349 ```
3350 OMA-URI:
3351 ```
3352 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3353 ```
3354 Value (string):
3355 ```
3356 <enabled/>
3357 ```
3358 #### macOS
3359 ```
3360 <dict>
3361 <key>InstallAddonsPermission</key>
3362 <dict>
3363 <key>Allow</key>
3364 <array>
3365 <string>http://example.org</string>
3366 <string>http://example.edu</string>
3367 </array>
3368 <key>Default</key>
3369 <true/> | <false/>
3370 </dict>
3371 </dict>
3372 ```
3373 #### policies.json
3374 ```
3375 {
3376 "policies": {
3377 "InstallAddonsPermission": {
3378 "Allow": ["http://example.org/",
3379 "http://example.edu/"],
3380 "Default": true | false
3381 }
3382 }
3383 }
3384 ```
3385 ### LegacyProfiles
3386 Disable the feature enforcing a separate profile for each installation.
3387
3388 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3389
3390 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3391
3392 This policy only work on Windows via GPO (not policies.json).
3393
3394 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3395 **CCK2 Equivalent:** N/A\
3396 **Preferences Affected:** N/A
3397
3398 #### Windows (GPO)
3399 ```
3400 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3401 ```
3402 #### Windows (Intune)
3403 OMA-URI:
3404 ```
3405 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3406 ```
3407 Value (string):
3408 ```
3409 <enabled/> or <disabled/>
3410 ```
3411 ### LegacySameSiteCookieBehaviorEnabled
3412 Enable default legacy SameSite cookie behavior setting.
3413
3414 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3415
3416 **Compatibility:** Firefox 96\
3417 **CCK2 Equivalent:** N/A\
3418 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3419
3420 #### Windows (GPO)
3421 ```
3422 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3423 ```
3424 #### Windows (Intune)
3425 OMA-URI:
3426 ```
3427 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3428 ```
3429 Value (string):
3430 ```
3431 <enabled/> or <disabled/>
3432 ```
3433 #### macOS
3434 ```
3435 <dict>
3436 <key>LegacySameSiteCookieBehaviorEnabled</key>
3437 <true/> | <false/>
3438 </dict>
3439 ```
3440 #### policies.json
3441 ```
3442 {
3443 "policies": {
3444 "LegacySameSiteCookieBehaviorEnabled": true | false
3445 }
3446 ```
3447 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3448 Revert to legacy SameSite behavior for cookies on specified sites.
3449
3450 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3451
3452 **Compatibility:** Firefox 96\
3453 **CCK2 Equivalent:** N/A\
3454 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3455
3456 #### Windows (GPO)
3457 ```
3458 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3459 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3460 ```
3461 #### Windows (Intune)
3462 OMA-URI:
3463 ```
3464 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3465 ```
3466 Value (string):
3467 ```
3468 <enabled/>
3469 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3470 ```
3471 #### macOS
3472 ```
3473 <dict>
3474 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3475 <array>
3476 <string>example.org</string>
3477 <string>example.edu</string>
3478 </array>
3479 </dict>
3480 ```
3481 #### policies.json
3482 ```
3483 {
3484 "policies": {
3485 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3486 "example.edu"]
3487 }
3488 }
3489 ```
3490 ### LocalFileLinks
3491 Enable linking to local files by origin.
3492
3493 **Compatibility:** Firefox 68, Firefox ESR 68\
3494 **CCK2 Equivalent:** N/A\
3495 **Preferences Affected:** `capability.policy.localfilelinks.*`
3496
3497 #### Windows (GPO)
3498 ```
3499 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3500 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3501 ```
3502 #### Windows (Intune)
3503 OMA-URI:
3504 ```
3505 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3506 ```
3507 Value (string):
3508 ```
3509 <enabled/>
3510 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3511 ```
3512 #### macOS
3513 ```
3514 <dict>
3515 <key>LocalFileLinks</key>
3516 <array>
3517 <string>http://example.org</string>
3518 <string>http://example.edu</string>
3519 </array>
3520 </dict>
3521 ```
3522 #### policies.json
3523 ```
3524 {
3525 "policies": {
3526 "LocalFileLinks": ["http://example.org/",
3527 "http://example.edu/"]
3528 }
3529 }
3530 ```
3531 ### ManagedBookmarks
3532 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3533
3534 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3535
3536 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3537 ```
3538 {
3539 "items": {
3540 "id": "BookmarkType",
3541 "properties": {
3542 "children": {
3543 "items": {
3544 "$ref": "BookmarkType"
3545 },
3546 "type": "array"
3547 },
3548 "name": {
3549 "type": "string"
3550 },
3551 "toplevel_name": {
3552 "type": "string"
3553 },
3554 "url": {
3555 "type": "string"
3556 }
3557 },
3558 "type": "object"
3559 },
3560 "type": "array"
3561 }
3562 ```
3563 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3564 **CCK2 Equivalent:** N/A\
3565 **Preferences Affected:** N/A
3566
3567 #### Windows (GPO)
3568 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3569 ```
3570 [
3571 {
3572 "toplevel_name": "My managed bookmarks folder"
3573 },
3574 {
3575 "url": "example.com",
3576 "name": "Example"
3577 },
3578 {
3579 "name": "Mozilla links",
3580 "children": [
3581 {
3582 "url": "https://mozilla.org",
3583 "name": "Mozilla.org"
3584 },
3585 {
3586 "url": "https://support.mozilla.org/",
3587 "name": "SUMO"
3588 }
3589 ]
3590 }
3591 ]
3592 ```
3593 #### Windows (Intune)
3594 OMA-URI:
3595 ```
3596 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3597 ```
3598 Value (string):
3599 ```
3600 <enabled/>
3601 <data id="JSON" value='
3602 [
3603 {
3604 "toplevel_name": "My managed bookmarks folder"
3605 },
3606 {
3607 "url": "example.com",
3608 "name": "Example"
3609 },
3610 {
3611 "name": "Mozilla links",
3612 "children": [
3613 {
3614 "url": "https://mozilla.org",
3615 "name": "Mozilla.org"
3616 },
3617 {
3618 "url": "https://support.mozilla.org/",
3619 "name": "SUMO"
3620 }
3621 ]
3622 }
3623 ]'/>
3624 ```
3625 #### macOS
3626 ```
3627 <dict>
3628 <key>ManagedBookmarks</key>
3629 <array>
3630 <dict>
3631 <key>toplevel_name</key>
3632 <string>My managed bookmarks folder</string>
3633 <dict>
3634 <key>url</key>
3635 <string>example.com</string>
3636 <key>name</key>
3637 <string>Example</string>
3638 </dict>
3639 <dict>
3640 <key>name</key>
3641 <string>Mozilla links</string>
3642 <key>children</key>
3643 <array>
3644 <dict>
3645 <key>url</key>
3646 <string>https://mozilla.org</string>
3647 <key>name</key>
3648 <string>Mozilla</string>
3649 </dict>
3650 <dict>
3651 <key>url</key>
3652 <string>https://support.mozilla.org/</string>
3653 <key>name</key>
3654 <string>SUMO</string>
3655 </dict>
3656 </array>
3657 </dict>
3658 </array>
3659 </dict>
3660 ```
3661 #### policies.json
3662 ```
3663 {
3664 "policies": {
3665 "ManagedBookmarks": [
3666 {
3667 "toplevel_name": "My managed bookmarks folder"
3668 },
3669 {
3670 "url": "example.com",
3671 "name": "Example"
3672 },
3673 {
3674 "name": "Mozilla links",
3675 "children": [
3676 {
3677 "url": "https://mozilla.org",
3678 "name": "Mozilla.org"
3679 },
3680 {
3681 "url": "https://support.mozilla.org/",
3682 "name": "SUMO"
3683 }
3684 ]
3685 }
3686 ]
3687 }
3688 }
3689 ```
3690 ### ManualAppUpdateOnly
3691
3692 Switch to manual updates only.
3693
3694 If this policy is enabled:
3695 1. The user will never be prompted to install updates
3696 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3697 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3698
3699 This policy is primarily intended for advanced end users, not for enterprises.
3700
3701 **Compatibility:** Firefox 87\
3702 **CCK2 Equivalent:** N/A\
3703 **Preferences Affected:** N/A
3704
3705 #### policies.json
3706 ```
3707 {
3708 "policies": {
3709 "ManualAppUpdateOnly": true | false
3710 }
3711 }
3712 ```
3713 ### NetworkPrediction
3714 Enable or disable network prediction (DNS prefetching).
3715
3716 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3717 **CCK2 Equivalent:** N/A\
3718 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3719
3720 #### Windows (GPO)
3721 ```
3722 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3723 ```
3724 #### Windows (Intune)
3725 OMA-URI:
3726 ```
3727 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3728 ```
3729 Value (string):
3730 ```
3731 <enabled/> or <disabled/>
3732 ```
3733 #### macOS
3734 ```
3735 <dict>
3736 <key>NetworkPrediction</key>
3737 <true/> | <false/>
3738 </dict>
3739 ```
3740 #### policies.json
3741 ```
3742 {
3743 "policies": {
3744 "NetworkPrediction": true | false
3745 }
3746 ```
3747 ### NewTabPage
3748 Enable or disable the New Tab page.
3749
3750 **Compatibility:** Firefox 68, Firefox ESR 68\
3751 **CCK2 Equivalent:** N/A\
3752 **Preferences Affected:** `browser.newtabpage.enabled`
3753
3754 #### Windows (GPO)
3755 ```
3756 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3757 ```
3758 #### Windows (Intune)
3759 OMA-URI:
3760 ```
3761 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3762 ```
3763 Value (string):
3764 ```
3765 <enabled/> or <disabled/>
3766 ```
3767 #### macOS
3768 ```
3769 <dict>
3770 <key>NewTabPage</key>
3771 <true/> | <false/>
3772 </dict>
3773 ```
3774 #### policies.json
3775 ```
3776 {
3777 "policies": {
3778 "NewTabPage": true | false
3779 }
3780 ```
3781 ### NoDefaultBookmarks
3782 Disable the creation of default bookmarks.
3783
3784 This policy is only effective if the user profile has not been created yet.
3785
3786 **Compatibility:** Firefox 60, Firefox ESR 60\
3787 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3788 **Preferences Affected:** N/A
3789
3790 #### Windows (GPO)
3791 ```
3792 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3793 ```
3794 #### Windows (Intune)
3795 OMA-URI:
3796 ```
3797 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3798 ```
3799 Value (string):
3800 ```
3801 <enabled/> or <disabled/>
3802 ```
3803 #### macOS
3804 ```
3805 <dict>
3806 <key>NoDefaultBookmarks</key>
3807 <true/> | <false/>
3808 </dict>
3809 ```
3810 #### policies.json
3811 ```
3812 {
3813 "policies": {
3814 "NoDefaultBookmarks": true | false
3815 }
3816 }
3817 ```
3818 ### OfferToSaveLogins
3819 Control whether or not Firefox offers to save passwords.
3820
3821 **Compatibility:** Firefox 60, Firefox ESR 60\
3822 **CCK2 Equivalent:** `dontRememberPasswords`\
3823 **Preferences Affected:** `signon.rememberSignons`
3824
3825 #### Windows (GPO)
3826 ```
3827 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3828 ```
3829 #### Windows (Intune)
3830 OMA-URI:
3831 ```
3832 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3833 ```
3834 Value (string):
3835 ```
3836 <enabled/> or <disabled/>
3837 ```
3838 #### macOS
3839 ```
3840 <dict>
3841 <key>OfferToSaveLogins</key>
3842 <true/> | <false/>
3843 </dict>
3844 ```
3845 #### policies.json
3846 ```
3847 {
3848 "policies": {
3849 "OfferToSaveLogins": true | false
3850 }
3851 }
3852 ```
3853 ### OfferToSaveLoginsDefault
3854 Sets the default value of signon.rememberSignons without locking it.
3855
3856 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3857 **CCK2 Equivalent:** `dontRememberPasswords`\
3858 **Preferences Affected:** `signon.rememberSignons`
3859
3860 #### Windows (GPO)
3861 ```
3862 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
3863 ```
3864 #### Windows (Intune)
3865 OMA-URI:
3866 ```
3867 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
3868 ```
3869 Value (string):
3870 ```
3871 <enabled/> or <disabled/>
3872 ```
3873 #### macOS
3874 ```
3875 <dict>
3876 <key>OfferToSaveLoginsDefault</key>
3877 <true/> | <false/>
3878 </dict>
3879 ```
3880 #### policies.json
3881 ```
3882 {
3883 "policies": {
3884 "OfferToSaveLoginsDefault": true | false
3885 }
3886 }
3887 ```
3888 ### OverrideFirstRunPage
3889 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
3890
3891 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
3892
3893 **Compatibility:** Firefox 60, Firefox ESR 60\
3894 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
3895 **Preferences Affected:** `startup.homepage_welcome_url`
3896
3897 #### Windows (GPO)
3898 ```
3899 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
3900 ```
3901 #### Windows (Intune)
3902 OMA-URI:
3903 ```
3904 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
3905 ```
3906 Value (string):
3907 ```
3908 <enabled/>
3909 <data id="OverridePage" value="https://example.com"/>
3910 ```
3911 #### macOS
3912 ```
3913 <dict>
3914 <key>OverrideFirstRunPage</key>
3915 <string>http://example.org</string>
3916 </dict>
3917 ```
3918 #### policies.json
3919 ```
3920 {
3921 "policies": {
3922 "OverrideFirstRunPage": "http://example.org"
3923 }
3924 }
3925 ```
3926 ### OverridePostUpdatePage
3927 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
3928
3929 **Compatibility:** Firefox 60, Firefox ESR 60\
3930 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
3931 **Preferences Affected:** `startup.homepage_override_url`
3932
3933 #### Windows (GPO)
3934 ```
3935 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
3936 ```
3937 #### Windows (Intune)
3938 OMA-URI:
3939 ```
3940 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
3941 ```
3942 Value (string):
3943 ```
3944 <enabled/>
3945 <data id="OverridePage" value="https://example.com"/>
3946 ```
3947 #### macOS
3948 ```
3949 <dict>
3950 <key>OverridePostUpdatePage</key>
3951 <string>http://example.org</string>
3952 </dict>
3953 ```
3954 #### policies.json
3955 ```
3956 {
3957 "policies": {
3958 "OverridePostUpdatePage": "http://example.org"
3959 }
3960 }
3961 ```
3962 ### PasswordManagerEnabled
3963 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
3964
3965 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3966 **CCK2 Equivalent:** N/A\
3967 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
3968
3969 #### Windows (GPO)
3970 ```
3971 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
3972 ```
3973 #### Windows (Intune)
3974 OMA-URI:
3975 ```
3976 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
3977 ```
3978 Value (string):
3979 ```
3980 <enabled/> or <disabled/>
3981 ```
3982 #### macOS
3983 ```
3984 <dict>
3985 <key>PasswordManagerEnabled</key>
3986 <true/> | <false/>
3987 </dict>
3988 ```
3989 #### policies.json
3990 ```
3991 {
3992 "policies": {
3993 "PasswordManagerEnabled": true | false
3994 }
3995 }
3996 ```
3997 ### PasswordManagerExceptions
3998 Prevent Firefox from saving passwords for specific sites.
3999
4000 The sites are specified as a list of origins.
4001
4002 **Compatibility:** Firefox 101\
4003 **CCK2 Equivalent:** N/A\
4004 **Preferences Affected:** N/A
4005
4006 #### Windows (GPO)
4007 ```
4008 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4009 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4010 ```
4011 #### Windows (Intune)
4012 OMA-URI:
4013 ```
4014 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4015 ```
4016 Value (string):
4017 ```
4018 <enabled/>
4019 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4020 ```
4021 #### macOS
4022 ```
4023 <dict>
4024 <key>PasswordManagerExceptions</key>
4025 <array>
4026 <string>https://example.org</string>
4027 <string>https://example.edu</string>
4028 </array>
4029 </dict>
4030 ```
4031 #### policies.json
4032 ```
4033 {
4034 "policies": {
4035 "PasswordManagerExceptions": ["https://example.org",
4036 "https://example.edu"]
4037 }
4038 }
4039 ```
4040
4041 ### PDFjs
4042 Disable or configure PDF.js, the built-in PDF viewer.
4043
4044 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4045
4046 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4047
4048 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4049
4050 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4051 **CCK2 Equivalent:** N/A\
4052 **Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
4053
4054 #### Windows (GPO)
4055 ```
4056 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4057 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4058 ```
4059 #### Windows (Intune)
4060 OMA-URI:
4061 ```
4062 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4063 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4064 ```
4065 Value (string):
4066 ```
4067 <enabled/>or <disabled/>
4068 ```
4069 #### macOS
4070 ```
4071 <dict>
4072 <key>PDFjs</key>
4073 <dict>
4074 <key>Enabled</key>
4075 <true/> | <false/>
4076 <key>EnablePermissions</key>
4077 <true/> | <false/>
4078 </dict>
4079 </dict>
4080 ```
4081 #### policies.json
4082 ```
4083 {
4084 "policies": {
4085 "PDFjs": {
4086 "Enabled": true | false,
4087 "EnablePermissions": true | false
4088 }
4089 }
4090 }
4091 ```
4092 ### Permissions
4093 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4094
4095 `Allow` is a list of origins where the feature is allowed.
4096
4097 `Block` is a list of origins where the feature is not allowed.
4098
4099 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4100
4101 `Locked` prevents the user from changing preferences for the feature.
4102
4103 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4104
4105 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4106 **CCK2 Equivalent:** N/A\
4107 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4108
4109 #### Windows (GPO)
4110 ```
4111 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4112 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4113 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4114 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4115 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4116 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4117 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4118 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4119 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4120 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4121 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4122 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4123 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4124 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4125 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4126 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4127 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4128 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4129 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4130 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4131 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4132 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4133 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4134 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4135 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4136 ```
4137 #### Windows (Intune)
4138 OMA-URI:
4139 ```
4140 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4141 ```
4142 Value (string):
4143 ```
4144 <enabled/> or <disabled/>
4145 ```
4146 OMA-URI:
4147 ```
4148 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4149 ```
4150 Value (string):
4151 ```
4152 <enabled/> or <disabled/>
4153 ```
4154 OMA-URI:
4155 ```
4156 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4157 ```
4158 Value (string):
4159 ```
4160 <enabled/>
4161 <data id="Permissions" value="1&#xF000;https://example.org"/>
4162 ```
4163 OMA-URI:
4164 ```
4165 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4166 ```
4167 Value (string):
4168 ```
4169 <enabled/> or <disabled/>
4170 ```
4171 OMA-URI:
4172 ```
4173 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4174 ```
4175 Value (string):
4176 ```
4177 <enabled/> or <disabled/>
4178 ```
4179 OMA-URI:
4180 ```
4181 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4182 ```
4183 Value (string):
4184 ```
4185 <enabled/>
4186 <data id="Permissions" value="1&#xF000;https://example.org"/>
4187 ```
4188 OMA-URI:
4189 ```
4190 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4191 ```
4192 Value (string):
4193 ```
4194 <enabled/>
4195 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4196 ```
4197 OMA-URI:
4198 ```
4199 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4200 ```
4201 Value (string):
4202 ```
4203 <enabled/>
4204 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4205 ```
4206 OMA-URI:
4207 ```
4208 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4209 ```
4210 Value (string):
4211 ```
4212 <enabled/> or <disabled/>
4213 ```
4214 OMA-URI:
4215 ```
4216 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4217 ```
4218 Value (string):
4219 ```
4220 <enabled/>
4221 <data id="Permissions" value="1&#xF000;https://example.org"/>
4222 ```
4223 OMA-URI:
4224 ```
4225 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4226 ```
4227 Value (string):
4228 ```
4229 <enabled/>
4230 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4231 ```
4232 OMA-URI:
4233 ```
4234 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4235 ```
4236 Value (string):
4237 ```
4238 <enabled/> or <disabled/>
4239 ```
4240 OMA-URI:
4241 ```
4242 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4243 ```
4244 Value (string):
4245 ```
4246 <enabled/> or <disabled/>
4247 ```
4248 #### macOS
4249 ```
4250 <dict>
4251 <key>Permissions</key>
4252 <dict>
4253 <key>Camera</key>
4254 <dict>
4255 <key>Allow</key>
4256 <array>
4257 <string>https://example.org</string>
4258 <string>https://example.org:1234</string>
4259 </array>
4260 <key>Block</key>
4261 <array>
4262 <string>https://example.edu</string>
4263 </array>
4264 <key>BlockNewRequests</key>
4265 <true/> | <false/>
4266 <key>Locked</key>
4267 <true/> | <false/>
4268 </dict>
4269 <key>Microphone</key>
4270 <dict>
4271 <key>Allow</key>
4272 <array>
4273 <string>https://example.org</string>
4274 </array>
4275 <key>Block</key>
4276 <array>
4277 <string>https://example.edu</string>
4278 </array>
4279 <key>BlockNewRequests</key>
4280 <true/> | <false/>
4281 <key>Locked</key>
4282 <true/> | <false/>
4283 </dict>
4284 <key>Location</key>
4285 <dict>
4286 <key>Allow</key>
4287 <array>
4288 <string>https://example.org</string>
4289 </array>
4290 <key>Block</key>
4291 <array>
4292 <string>https://example.edu</string>
4293 </array>
4294 <key>BlockNewRequests</key>
4295 <true/> | <false/>
4296 <key>Locked</key>
4297 <true/> | <false/>
4298 </dict>
4299 <key>Notifications</key>
4300 <dict>
4301 <key>Allow</key>
4302 <array>
4303 <string>https://example.org</string>
4304 </array>
4305 <key>Block</key>
4306 <array>
4307 <string>https://example.edu</string>
4308 </array>
4309 <key>BlockNewRequests</key>
4310 <true/>
4311 <key>Locked</key>
4312 <true/>
4313 </dict>
4314 <key>Autoplay</key>
4315 <dict>
4316 <key>Allow</key>
4317 <array>
4318 <string>https://example.org</string>
4319 </array>
4320 <key>Block</key>
4321 <array>
4322 <string>https://example.edu</string>
4323 </array>
4324 <key>Default</key>
4325 <string>allow-audio-video | block-audio | block-audio-video</string>
4326 <key>Locked</key>
4327 <true/> | <false/>
4328 </dict>
4329 </dict>
4330 </dict>
4331 ```
4332 #### policies.json
4333 ```
4334 {
4335 "policies": {
4336 "Permissions": {
4337 "Camera": {
4338 "Allow": ["https://example.org","https://example.org:1234"],
4339 "Block": ["https://example.edu"],
4340 "BlockNewRequests": true | false,
4341 "Locked": true | false
4342 },
4343 "Microphone": {
4344 "Allow": ["https://example.org"],
4345 "Block": ["https://example.edu"],
4346 "BlockNewRequests": true | false,
4347 "Locked": true | false
4348 },
4349 "Location": {
4350 "Allow": ["https://example.org"],
4351 "Block": ["https://example.edu"],
4352 "BlockNewRequests": true | false,
4353 "Locked": true | false
4354 },
4355 "Notifications": {
4356 "Allow": ["https://example.org"],
4357 "Block": ["https://example.edu"],
4358 "BlockNewRequests": true | false,
4359 "Locked": true | false
4360 },
4361 "Autoplay": {
4362 "Allow": ["https://example.org"],
4363 "Block": ["https://example.edu"],
4364 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4365 "Locked": true | false
4366 }
4367 }
4368 }
4369 }
4370 ```
4371 ### PictureInPicture
4372
4373 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4374
4375 **Compatibility:** Firefox 78, Firefox ESR 78\
4376 **CCK2 Equivalent:** N/A\
4377 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4378
4379 #### Windows (GPO)
4380 ```
4381 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4382 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4383
4384 ```
4385 #### Windows (Intune)
4386 OMA-URI:
4387 ```
4388 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4389 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4390 ```
4391 Value (string):
4392 ```
4393 <enabled/> or <disabled/>
4394 ```
4395 #### macOS
4396 ```
4397 <dict>
4398 <key>PictureInPicture</key>
4399 <dict>
4400 <key>Enabled</key>
4401 <true/> | <false/>
4402 <key>Locked</key>
4403 <true/> | <false/>
4404 </dict>
4405 </dict>
4406 ```
4407 #### policies.json
4408 ```
4409 {
4410 "policies": {
4411 "PictureInPicture": {
4412 "Enabled": true | false,
4413 "Locked": true | false
4414 }
4415 }
4416 }
4417 ```
4418 ### PopupBlocking
4419 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4420
4421 `Allow` is a list of origins where popup-windows are allowed.
4422
4423 `Default` determines whether or not pop-up windows are allowed by default.
4424
4425 `Locked` prevents the user from changing pop-up preferences.
4426
4427 **Compatibility:** Firefox 60, Firefox ESR 60\
4428 **CCK2 Equivalent:** `permissions.popup`\
4429 **Preferences Affected:** `dom.disable_open_during_load`
4430
4431 #### Windows (GPO)
4432 ```
4433 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4434 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4435 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4436 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4437 ```
4438 #### Windows (Intune)
4439 OMA-URI:
4440 ```
4441 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4442 ```
4443 Value (string):
4444 ```
4445 <enabled/>
4446 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4447 ```
4448 OMA-URI:
4449 ```
4450 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4451 ```
4452 Value (string):
4453 ```
4454 <enabled/> or <disabled/>
4455 ```
4456 OMA-URI:
4457 ```
4458 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4459 ```
4460 Value (string):
4461 ```
4462 <enabled/> or <disabled/>
4463 ```
4464 #### macOS
4465 ```
4466 <dict>
4467 <key>PopupBlocking</key>
4468 <dict>
4469 <key>Allow</key>
4470 <array>
4471 <string>http://example.org</string>
4472 <string>http://example.edu</string>
4473 </array>
4474 <key>Default</key>
4475 <true/> | <false/>
4476 <key>Locked</key>
4477 <true/> | <false/>
4478 </dict>
4479 </dict>
4480 ```
4481 #### policies.json
4482 ```
4483 {
4484 "policies": {
4485 "PopupBlocking": {
4486 "Allow": ["http://example.org/",
4487 "http://example.edu/"],
4488 "Default": true | false,
4489 "Locked": true | false
4490 }
4491 }
4492 }
4493 ```
4494 ### Preferences
4495 Set and lock preferences.
4496
4497 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4498
4499 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4500
4501 Preferences that start with the following prefixes are supported:
4502 ```
4503 accessibility.
4504 app.update.* (Firefox 86, Firefox 78.8)
4505 browser.
4506 datareporting.policy.
4507 dom.
4508 extensions.
4509 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4510 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4511 geo.
4512 gfx.
4513 intl.
4514 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4515 layers.
4516 layout.
4517 media.
4518 network.
4519 pdfjs. (Firefox 84, Firefox ESR 78.6)
4520 places.
4521 print.
4522 signon. (Firefox 83, Firefox ESR 78.5)
4523 spellchecker. (Firefox 84, Firefox ESR 78.6)
4524 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4525 ui.
4526 widget.
4527 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4528 xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
4529 ```
4530 as well as the following security preferences:
4531
4532 | Preference | Type | Default
4533 | --- | --- | --- |
4534 | security.default_personal_cert | string | Ask Every Time
4535 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4536 | security.insecure_connection_text.enabled | bool | false
4537 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4538 | security.insecure_connection_text.pbmode.enabled | bool | false
4539 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4540 | security.mixed_content.block_active_content | boolean | true
4541 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4542 | security.osclientcerts.autoload | boolean | false
4543 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4544 | security.OCSP.enabled | integer | 1
4545 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4546 | security.OCSP.require | boolean | false
4547 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4548 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4549 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4550 | security.ssl.enable_ocsp_stapling | boolean | true
4551 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4552 | security.ssl.errorReporting.enabled | boolean | true
4553 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4554 | security.ssl.require_safe_negotiation | boolean | false
4555 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4556 | security.tls.enable_0rtt_data | boolean | true
4557 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4558 | security.tls.hello_downgrade_check | boolean | true
4559 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4560 | security.tls.version.enable-deprecated | boolean | false
4561 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4562 | security.warn_submit_secure_to_insecure | boolean | true
4563 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4564
4565 Using the preference as the key, set the `Value` to the corresponding preference value.
4566
4567 `Status` can be "default", "locked", "user" or "clear"
4568
4569 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4570 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4571 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4572 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4573
4574 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4575
4576 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4577
4578 See the examples below for more detail.
4579
4580 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4581
4582 Status
4583 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4584 **CCK2 Equivalent:** `preferences`\
4585 **Preferences Affected:** Many
4586
4587 #### Windows (GPO)
4588 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4589 ```
4590 {
4591 "accessibility.force_disabled": {
4592 "Value": 1,
4593 "Status": "default"
4594 },
4595 "browser.cache.disk.parent_directory": {
4596 "Value": "SOME_NATIVE_PATH",
4597 "Status": "user"
4598 },
4599 "browser.tabs.warnOnClose": {
4600 "Value": false,
4601 "Status": "locked"
4602 }
4603 }
4604 ```
4605 #### Windows (Intune)
4606 OMA-URI:
4607 ```
4608 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4609 ```
4610 Value (string):
4611 ```
4612 <enabled/>
4613 <data id="JSON" value='
4614 {
4615 "accessibility.force_disabled": {
4616 "Value": 1,
4617 "Status": "default"
4618 },
4619 "browser.cache.disk.parent_directory": {
4620 "Value": "SOME_NATIVE_PATH",
4621 "Status": "user"
4622 },
4623 "browser.tabs.warnOnClose": {
4624 "Value": false,
4625 "Status": "locked"
4626 }
4627 }'/>
4628 ```
4629 #### macOS
4630 ```
4631 <dict>
4632 <key>Preferences</key>
4633 <dict>
4634 <key>accessibility.force_disabled</key>
4635 <dict>
4636 <key>Value</key>
4637 <integer>1</integer>
4638 <key>Status</key>
4639 <string>default</string>
4640 </dict>
4641 <key>browser.cache.disk.parent_directory</key>
4642 <dict>
4643 <key>Value</key>
4644 <string>SOME_NATIVE_PATH</string>
4645 <key>Status</key>
4646 <string>user</string>
4647 </dict>
4648 <key>browser.tabs.warnOnClose</key>
4649 <dict>
4650 <key>Value</key>
4651 <false/>
4652 <key>Status</key>
4653 <string>locked</string>
4654 </dict>
4655 </dict>
4656 </dict>
4657 ```
4658 #### policies.json
4659 ```
4660 {
4661 "policies": {
4662 "Preferences": {
4663 "accessibility.force_disabled": {
4664 "Value": 1,
4665 "Status": "default"
4666 },
4667 "browser.cache.disk.parent_directory": {
4668 "Value": "SOME_NATIVE_PATH",
4669 "Status": "user"
4670 },
4671 "browser.tabs.warnOnClose": {
4672 "Value": false,
4673 "Status": "locked"
4674 }
4675 }
4676 }
4677 }
4678 ```
4679 ### PrimaryPassword
4680 Require or prevent using a primary (formerly master) password.
4681
4682 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4683
4684 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4685
4686 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4687 **CCK2 Equivalent:** `noMasterPassword`\
4688 **Preferences Affected:** N/A
4689
4690 #### Windows (GPO)
4691 ```
4692 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4693 ```
4694 #### Windows (Intune)
4695 OMA-URI:
4696 ```
4697 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4698 ```
4699 Value (string):
4700 ```
4701 <enabled/> or <disabled/>
4702 ```
4703 #### macOS
4704 ```
4705 <dict>
4706 <key>PrimaryPassword</key>
4707 <true/> | <false/>
4708 </dict>
4709 ```
4710 #### policies.json
4711 ```
4712 {
4713 "policies": {
4714 "PrimaryPassword": true | false
4715 }
4716 }
4717 ```
4718 ### PromptForDownloadLocation
4719 Ask where to save each file before downloading.
4720
4721 **Compatibility:** Firefox 68, Firefox ESR 68\
4722 **CCK2 Equivalent:** N/A\
4723 **Preferences Affected:** `browser.download.useDownloadDir`
4724
4725 #### Windows (GPO)
4726 ```
4727 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4728 ```
4729 #### Windows (Intune)
4730 OMA-URI:
4731 ```
4732 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4733 ```
4734 Value (string):
4735 ```
4736 <enabled/> or <disabled/>
4737 ```
4738 #### macOS
4739 ```
4740 <dict>
4741 <key>PromptForDownloadLocation</key>
4742 <true/> | <false/>
4743 </dict>
4744 ```
4745 #### policies.json
4746 ```
4747 {
4748 "policies": {
4749 "PromptForDownloadLocation": true | false
4750 }
4751 }
4752 ```
4753 ### Proxy
4754 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
4755 To specify ports, append them to the hostnames with a colon (:).
4756
4757 Unless you lock this policy, changes the user already has in place will take effect.
4758
4759 `Mode` is the proxy method being used.
4760
4761 `Locked` is whether or not proxy settings can be changed.
4762
4763 `HTTPProxy` is the HTTP proxy server.
4764
4765 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
4766
4767 `SSLProxy` is the SSL proxy server.
4768
4769 `FTPProxy` is the FTP proxy server.
4770
4771 `SOCKSProxy` is the SOCKS proxy server
4772
4773 `SOCKSVersion` is the SOCKS version (4 or 5)
4774
4775 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
4776
4777 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
4778
4779 `AutoLogin` means do not prompt for authentication if password is saved.
4780
4781 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
4782
4783 **Compatibility:** Firefox 60, Firefox ESR 60\
4784 **CCK2 Equivalent:** `networkProxy*`\
4785 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
4786
4787 #### Windows (GPO)
4788 ```
4789 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
4790 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
4791 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
4792 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
4793 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
4794 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
4795 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
4796 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
4797 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
4798 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
4799 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
4800 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
4801 ```
4802 #### Windows (Intune)
4803 **Note**
4804 These setttings were moved to a category to make them easier to configure via Intune.
4805
4806 OMA-URI:
4807 ```
4808 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
4809 ```
4810 Value (string):
4811 ```
4812 <enabled/> or <disabled/>
4813 ```
4814 OMA-URI:
4815 ```
4816 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
4817 ```
4818 Value (string):
4819 ```
4820 <enabled/>
4821 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4822 ```
4823 OMA-URI:
4824 ```
4825 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
4826 ```
4827 Value (string):
4828 ```
4829 <enabled/>
4830 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
4831 ```
4832 OMA-URI:
4833 ```
4834 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
4835 ```
4836 Value (string):
4837 ```
4838 <enabled/> or <disabled/>
4839 ```
4840 OMA-URI:
4841 ```
4842 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
4843 ```
4844 Value (string):
4845 ```
4846 <enabled/>
4847 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
4848 ```
4849 OMA-URI:
4850 ```
4851 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
4852 ```
4853 Value (string):
4854 ```
4855 <enabled/>
4856 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
4857 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
4858 ```
4859 OMA-URI:
4860 ```
4861 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
4862 ```
4863 Value (string):
4864 ```
4865 <enabled/>
4866 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4867 ```
4868 OMA-URI:
4869 ```
4870 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
4871 ```
4872 Value (string):
4873 ```
4874 <enabled/>
4875 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
4876 ```
4877 OMA-URI:
4878 ```
4879 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
4880 ```
4881 Value (string):
4882 ```
4883 <enabled/> or <disabled/>
4884 ```
4885 OMA-URI:
4886 ```
4887 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
4888 ```
4889 Value (string):
4890 ```
4891 <enabled/> or <disabled/>
4892 ```
4893 OMA-URI (Old way):
4894 ```
4895 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
4896 ```
4897 Value (string):
4898 ```
4899 <enabled/>
4900 <data id="ProxyLocked" value="true | false"/>
4901 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4902 <data id="HTTPProxy" value="httpproxy.example.com"/>
4903 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
4904 <data id="SSLProxy" value="sslproxy.example.com"/>
4905 <data id="FTPProxy" value="ftpproxy.example.com"/>
4906 <data id="SOCKSProxy" value="socksproxy.example.com"/>
4907 <data id="SOCKSVersion" value="4 | 5"/>
4908 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4909 <data id="Passthrough" value="<local>"/>
4910 <data id="AutoLogin" value="true | false"/>
4911 <data id="UseProxyForDNS" value="true | false"/>
4912 ```
4913 #### macOS
4914 ```
4915 <dict>
4916 <key>Proxy</key>
4917 <dict>
4918 <key>Mode</key>
4919 <string>none | system | manual | autoDetect | autoConfig</string>
4920 <key>Locked</key>
4921 <true> | </false>
4922 <key>HTTPProxy</key>
4923 <string>https://httpproxy.example.com</string>
4924 <key>UseHTTPProxyForAllProtocols</key>
4925 <true> | </false>
4926 <key>SSLProxy</key>
4927 <string>https://sslproxy.example.com</string>
4928 <key>FTPProxy</key>
4929 <string>https://ftpproxy.example.com</string>
4930 <key>SOCKSProxy</key>
4931 <string>https://socksproxy.example.com</string>
4932 <key>SOCKSVersion</key>
4933 <string>4 | 5</string>
4934 <key>Passthrough</key>
4935 <string>&lt;local>&gt;</string>
4936 <key>AutoConfigURL</key>
4937 <string>URL_TO_AUTOCONFIG</string>
4938 <key>AutoLogin</key>
4939 <true> | </false>
4940 <key>UseProxyForDNS</key>
4941 <true> | </false>
4942 </dict>
4943 </dict>
4944 ```
4945 #### policies.json
4946 ```
4947 {
4948 "policies": {
4949 "Proxy": {
4950 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
4951 "Locked": true | false,
4952 "HTTPProxy": "hostname",
4953 "UseHTTPProxyForAllProtocols": true | false,
4954 "SSLProxy": "hostname",
4955 "FTPProxy": "hostname",
4956 "SOCKSProxy": "hostname",
4957 "SOCKSVersion": 4 | 5,
4958 "Passthrough": "<local>",
4959 "AutoConfigURL": "URL_TO_AUTOCONFIG",
4960 "AutoLogin": true | false,
4961 "UseProxyForDNS": true | false
4962 }
4963 }
4964 }
4965 ```
4966 ### RequestedLocales
4967 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
4968
4969 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
4970
4971 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
4972 **CCK2 Equivalent:** N/A\
4973 **Preferences Affected:** N/A
4974 #### Windows (GPO)
4975 ```
4976 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
4977 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
4978
4979 or
4980
4981 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
4982 ```
4983 #### Windows (Intune)
4984 OMA-URI:
4985 ```
4986 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
4987 ```
4988 Value (string):
4989 ```
4990 <enabled/>
4991 <data id="Preferences_String" value="de,en-US"/>
4992 ```
4993 #### macOS
4994 ```
4995 <dict>
4996 <key>RequestedLocales</key>
4997 <array>
4998 <string>de</string>
4999 <string>en-US</string>
5000 </array>
5001 </dict>
5002
5003 or
5004
5005 <dict>
5006 <key>RequestedLocales</key>
5007 <string>de,en-US</string>
5008 </dict>
5009
5010 ```
5011 #### policies.json
5012 ```
5013 {
5014 "policies": {
5015 "RequestedLocales": ["de", "en-US"]
5016 }
5017 }
5018
5019 or
5020
5021 {
5022 "policies": {
5023 "RequestedLocales": "de,en-US"
5024 }
5025 }
5026 ```
5027 <a name="SanitizeOnShutdown"></a>
5028
5029 ### SanitizeOnShutdown (Selective)
5030 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5031
5032 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5033
5034 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5035 **CCK2 Equivalent:** N/A\
5036 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5037 #### Windows (GPO)
5038 ```
5039 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5040 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5041 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5042 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5043 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5044 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5045 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5046 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5047 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5048 ```
5049 #### Windows (Intune)
5050 OMA-URI:
5051 ```
5052 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5053 ```
5054 Value (string):
5055 ```
5056 <enabled/> or <disabled/>
5057 ```
5058 OMA-URI:
5059 ```
5060 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5061 ```
5062 Value (string):
5063 ```
5064 <enabled/> or <disabled/>
5065 ```
5066 OMA-URI:
5067 ```
5068 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5069 ```
5070 Value (string):
5071 ```
5072 <enabled/> or <disabled/>
5073 ```
5074 OMA-URI:
5075 ```
5076 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5077 ```
5078 Value (string):
5079 ```
5080 <enabled/> or <disabled/>
5081 ```
5082 OMA-URI:
5083 ```
5084 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5085 ```
5086 Value (string):
5087 ```
5088 <enabled/> or <disabled/>
5089 ```
5090 OMA-URI:
5091 ```
5092 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5093 ```
5094 Value (string):
5095 ```
5096 <enabled/> or <disabled/>
5097 ```
5098 OMA-URI:
5099 ```
5100 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5101 ```
5102 Value (string):
5103 ```
5104 <enabled/> or <disabled/>
5105 ```
5106 OMA-URI:
5107 ```
5108 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5109 ```
5110 Value (string):
5111 ```
5112 <enabled/> or <disabled/>
5113 ```
5114 OMA-URI:
5115 ```
5116 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5117 ```
5118 Value (string):
5119 ```
5120 <enabled/> or <disabled/>
5121 ```
5122 #### macOS
5123 ```
5124 <dict>
5125 <key>SanitizeOnShutdown</key>
5126 <dict>
5127 <key>Cache</key>
5128 <true/> | <false/>
5129 <key>Cookies</key>
5130 <true/> | <false/>
5131 <key>Downloads</key>
5132 <true/> | <false/>
5133 <key>FormData</key>
5134 <true/> | <false/>
5135 <key>History</key>
5136 <true/> | <false/>
5137 <key>Sessions</key>
5138 <true/> | <false/>
5139 <key>SiteSettings</key>
5140 <true/> | <false/>
5141 <key>OfflineApps</key>
5142 <true/> | <false/>
5143 <key>Locked</key>
5144 <true/> | <false/>
5145 </dict>
5146 </dict>
5147 ```
5148 #### policies.json
5149 ```
5150 {
5151 "policies": {
5152 "SanitizeOnShutdown": {
5153 "Cache": true | false,
5154 "Cookies": true | false,
5155 "Downloads": true | false,
5156 "FormData": true | false,
5157 "History": true | false,
5158 "Sessions": true | false,
5159 "SiteSettings": true | false,
5160 "OfflineApps": true | false,
5161 "Locked": true | false
5162 }
5163 }
5164 }
5165 ```
5166 ### SanitizeOnShutdown (All)
5167 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5168
5169 **Compatibility:** Firefox 60, Firefox ESR 60\
5170 **CCK2 Equivalent:** N/A\
5171 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5172 #### Windows (GPO)
5173 ```
5174 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5175 ```
5176 #### Windows (Intune)
5177 OMA-URI:
5178 ```
5179 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5180 ```
5181 Value (string):
5182 ```
5183 <enabled/> or <disabled/>
5184 ```
5185 #### macOS
5186 ```
5187 <dict>
5188 <key>SanitizeOnShutdown</key>
5189 <true/> | <false/>
5190 </dict>
5191 ```
5192 #### policies.json
5193 ```
5194 {
5195 "policies": {
5196 "SanitizeOnShutdown": true | false
5197 }
5198 }
5199 ```
5200 ### SearchBar
5201 Set whether or not search bar is displayed.
5202
5203 **Compatibility:** Firefox 60, Firefox ESR 60\
5204 **CCK2 Equivalent:** `showSearchBar`\
5205 **Preferences Affected:** N/A
5206
5207 #### Windows (GPO)
5208 ```
5209 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5210 ```
5211
5212 #### Windows (Intune)
5213 OMA-URI:
5214 ```
5215 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5216 ```
5217 Value (string):
5218 ```
5219 <enabled/>
5220 <data id="SearchBar" value="unified | separate"/>
5221 ```
5222 #### macOS
5223 ```
5224 <dict>
5225 <key>SearchBar</key>
5226 <string>unified | separate</string>
5227 </dict>
5228 ```
5229 #### policies.json
5230 ```
5231 {
5232 "policies": {
5233 "SearchBar": "unified" | "separate"
5234 }
5235 }
5236 ```
5237 <a name="SearchEngines"></a>
5238
5239 ### SearchEngines (This policy is only available on the ESR.)
5240
5241 ### SearchEngines | Add
5242
5243 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5244
5245 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5246
5247 `Name` is the name of the search engine.
5248
5249 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5250
5251 `Method` is either GET or POST
5252
5253 `IconURL` is a URL for the icon to use.
5254
5255 `Alias` is a keyword to use for the engine.
5256
5257 `Description` is a description of the search engine.
5258
5259 `PostData` is the POST data as name value pairs separated by &.
5260
5261 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5262
5263 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5264
5265 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5266 **CCK2 Equivalent:** `searchplugins`\
5267 **Preferences Affected:** N/A
5268
5269 #### Windows (GPO)
5270 ```
5271 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5272 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5273 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5274 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5275 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5276 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5277 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5278 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5279 ```
5280 #### Windows (Intune)
5281 OMA-URI:
5282 ```
5283 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5284 ```
5285 Value (string):
5286 ```
5287 <enabled/>
5288 <data id="SearchEngine_Name" value="Example1"/>
5289 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5290 <data id="SearchEngine_Method" value="GET | POST"/>
5291 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5292 <data id="SearchEngine_Alias" value="example"/>
5293 <data id="SearchEngine_Description" value="Example Description"/>
5294 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5295 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5296 ```
5297 #### macOS
5298 ```
5299 <dict>
5300 <key>SearchEngines</key>
5301 <dict>
5302 <key>Add</key>
5303 <array>
5304 <dict>
5305 <key>Name</key>
5306 <string>Example1</string>
5307 <key>URLTemplate</key>
5308 <string>https://www.example.org/q={searchTerms}</string>
5309 <key>Method</key>
5310 <string>GET | POST </string>
5311 <key>IconURL</key>
5312 <string>https://www.example.org/favicon.ico</string>
5313 <key>Alias</key>
5314 <string>example</string>
5315 <key>Description</key>
5316 <string>Example Description</string>
5317 <key>SuggestURLTemplate</key>
5318 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5319 <key>PostData</key>
5320 <string>name=value&q={searchTerms}</string>
5321 </dict>
5322 <array>
5323 </dict>
5324 </dict>
5325 ```
5326 #### policies.json
5327 ```
5328 {
5329 "policies": {
5330 "SearchEngines": {
5331 "Add": [
5332 {
5333 "Name": "Example1",
5334 "URLTemplate": "https://www.example.org/q={searchTerms}",
5335 "Method": "GET" | "POST",
5336 "IconURL": "https://www.example.org/favicon.ico",
5337 "Alias": "example",
5338 "Description": "Description",
5339 "PostData": "name=value&q={searchTerms}",
5340 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5341 }
5342 ]
5343 }
5344 }
5345 }
5346 ```
5347 ### SearchEngines | Default
5348
5349 Set the default search engine. This policy is only available on the ESR.
5350
5351 **Compatibility:** Firefox ESR 60\
5352 **CCK2 Equivalent:** `defaultSearchEngine`\
5353 **Preferences Affected:** N/A
5354
5355 #### Windows (GPO)
5356 ```
5357 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5358 ```
5359 #### Windows (Intune)
5360 OMA-URI:
5361 ```
5362 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5363 ```
5364 Value (string):
5365 ```
5366 <enabled/>
5367 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5368 ```
5369 #### macOS
5370 ```
5371 <dict>
5372 <key>SearchEngines</key>
5373 <dict>
5374 <key>Default</key>
5375 <string>NAME_OF_SEARCH_ENGINE</string>
5376 </dict>
5377 </dict>
5378 ```
5379 #### policies.json
5380 ```
5381 {
5382 "policies": {
5383 "SearchEngines": {
5384 "Default": "NAME_OF_SEARCH_ENGINE"
5385 }
5386 }
5387 }
5388 ```
5389 ### SearchEngines | PreventInstalls
5390
5391 Prevent installing search engines from webpages.
5392
5393 **Compatibility:** Firefox ESR 60\
5394 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5395 **Preferences Affected:** N/A
5396
5397 #### Windows (GPO)
5398 ```
5399 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5400 ```
5401 #### Windows (Intune)
5402 OMA-URI:
5403 ```
5404 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5405 ```
5406 Value (string):
5407 ```
5408 <enabled/> or <disabled/>
5409 ```
5410 #### macOS
5411 ```
5412 <dict>
5413 <key>SearchEngines</key>
5414 <dict>
5415 <key>PreventInstalls</key>
5416 <true/> | <false/>
5417 </dict>
5418 </dict>
5419 ```
5420 #### policies.json
5421 ```
5422 {
5423 "policies": {
5424 "SearchEngines": {
5425 "PreventInstalls": true | false
5426 }
5427 }
5428 }
5429 ```
5430 ### SearchEngines | Remove
5431
5432 Hide built-in search engines. This policy is only available on the ESR.
5433
5434 **Compatibility:** Firefox ESR 60.2\
5435 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5436 **Preferences Affected:** N/A
5437
5438 #### Windows (GPO)
5439 ```
5440 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5441 ```
5442 #### Windows (Intune)
5443 OMA-URI:
5444 ```
5445 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5446 ```
5447 Value (string):
5448 ```
5449 <enabled/>
5450 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5451 ```
5452 #### macOS
5453 ```
5454 <dict>
5455 <key>SearchEngines</key>
5456 <dict>
5457 <key>Remove</key>
5458 <array>
5459 <string>NAME_OF_SEARCH_ENGINE</string>
5460 </array>
5461 </dict>
5462 </dict>
5463 ```
5464 #### policies.json
5465 ```
5466 {
5467 "policies": {
5468 "SearchEngines": {
5469 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5470 }
5471 }
5472 }
5473 ```
5474 ### SearchSuggestEnabled
5475
5476 Enable search suggestions.
5477
5478 **Compatibility:** Firefox 68, Firefox ESR 68\
5479 **CCK2 Equivalent:** N/A\
5480 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5481
5482 #### Windows (GPO)
5483 ```
5484 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5485 ```
5486 #### Windows (Intune)
5487 OMA-URI:
5488 ```
5489 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5490 ```
5491 Value (string):
5492 ```
5493 <enabled/> or <disabled/>
5494 ```
5495 #### macOS
5496 ```
5497 <dict>
5498 <key>SearchSuggestEnabled</key>
5499 <true/> | <false/>
5500 </dict>
5501 ```
5502 #### policies.json
5503 ```
5504 {
5505 "policies": {
5506 "SearchSuggestEnabled": true | false
5507 }
5508 }
5509 ```
5510 ### SecurityDevices
5511
5512 Add or delete PKCS #11 modules.
5513
5514 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5515 **CCK2 Equivalent:** N/A\
5516 **Preferences Affected:** N/A
5517
5518 #### Windows (GPO)
5519 ```
5520 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5521 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5522 ```
5523 #### Windows (Intune)
5524 OMA-URI:
5525 ```
5526 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5527 ```
5528 Value (string):
5529 ```
5530 <enabled/>
5531 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5532 ```
5533 OMA-URI:
5534 ```
5535 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5536 ```
5537 Value (string):
5538 ```
5539 <enabled/>
5540 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5541 ```
5542 #### macOS
5543 ```
5544 <dict>
5545 <key>SecurityDevices</key>
5546 <dict>
5547 <key>Add<key>
5548 <dict>
5549 <key>NAME_OF_DEVICE_TO_ADD</key>
5550 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5551 </dict>
5552 <key>Delete</add>
5553 <array>
5554 <string>NAME_OF_DEVICE_TO_DELETE</string>
5555 </array>
5556 </dict>
5557 </dict>
5558 ```
5559 #### policies.json
5560 ```
5561 {
5562 "policies": {
5563 "SecurityDevices": {
5564 "Add": {
5565 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5566 },
5567 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5568 }
5569 }
5570 }
5571 ```
5572 ### SecurityDevices (Deprecated)
5573
5574 Install PKCS #11 modules.
5575
5576 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5577 **CCK2 Equivalent:** `certs.devices`\
5578 **Preferences Affected:** N/A
5579
5580 #### Windows (GPO)
5581 ```
5582 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5583 ```
5584 #### Windows (Intune)
5585 OMA-URI:
5586 ```
5587 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5588 ```
5589 Value (string):
5590 ```
5591 <enabled/>
5592 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5593 ```
5594 #### macOS
5595 ```
5596 <dict>
5597 <key>SecurityDevices</key>
5598 <dict>
5599 <key>NAME_OF_DEVICE</key>
5600 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5601 </dict>
5602 </dict>
5603 ```
5604 #### policies.json
5605 ```
5606 {
5607 "policies": {
5608 "SecurityDevices": {
5609 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5610 }
5611 }
5612 }
5613 ```
5614 ### ShowHomeButton
5615 Show the home button on the toolbar.
5616
5617 Future versions of Firefox will not show the home button by default.
5618
5619 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5620 **CCK2 Equivalent:** N/A\
5621 **Preferences Affected:** N/A
5622
5623 #### Windows (GPO)
5624 ```
5625 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5626 ```
5627 #### Windows (Intune)
5628 OMA-URI:
5629 ```
5630 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5631 ```
5632 Value (string):
5633 ```
5634 <enabled/> or <disabled/>
5635 ```
5636 #### macOS
5637 ```
5638 <dict>
5639 <key>ShowHomeButton</key>
5640 <true/> | <false/>
5641 </dict>
5642 ```
5643 #### policies.json
5644 ```
5645 {
5646 "policies": {
5647 "ShowHomeButton": true | false
5648 }
5649 }
5650 ```
5651 ### SSLVersionMax
5652
5653 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5654
5655 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5656 **CCK2 Equivalent:** N/A\
5657 **Preferences Affected:** `security.tls.version.max`
5658
5659 #### Windows (GPO)
5660 ```
5661 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5662 ```
5663 #### Windows (Intune)
5664 OMA-URI:
5665 ```
5666 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5667 ```
5668 Value (string):
5669 ```
5670 <enabled/>
5671 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5672 ```
5673 #### macOS
5674 ```
5675 <dict>
5676 <key>SSLVersionMax</key>
5677 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5678 </dict>
5679 ```
5680
5681 #### policies.json
5682 ```
5683 {
5684 "policies": {
5685 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5686 }
5687 }
5688 ```
5689 ### SSLVersionMin
5690
5691 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5692
5693 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5694 **CCK2 Equivalent:** N/A\
5695 **Preferences Affected:** `security.tls.version.min`
5696
5697 #### Windows (GPO)
5698 ```
5699 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5700 ```
5701 #### Windows (Intune)
5702 OMA-URI:
5703 ```
5704 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5705 ```
5706 Value (string):
5707 ```
5708 <enabled/>
5709 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5710 ```
5711 #### macOS
5712 ```
5713 <dict>
5714 <key>SSLVersionMin</key>
5715 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5716 </dict>
5717 ```
5718
5719 #### policies.json
5720 ```
5721 {
5722 "policies": {
5723 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5724 }
5725 }
5726 ```
5727 ### SupportMenu
5728 Add a menuitem to the help menu for specifying support information.
5729
5730 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5731 **CCK2 Equivalent:** helpMenu\
5732 **Preferences Affected:** N/A
5733
5734 #### Windows (GPO)
5735 ```
5736 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5737 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5738 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5739 ```
5740 #### Windows (Intune)
5741 OMA-URI:
5742 ```
5743 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5744 ```
5745 Value (string):
5746 ```
5747 <enabled/>
5748 <data id="SupportMenuTitle" value="Support Menu"/>
5749 <data id="SupportMenuURL" value="http://example.com/support"/>
5750 <data id="SupportMenuAccessKey" value="S"/>
5751 ```
5752 #### macOS
5753 ```
5754 <dict>
5755 <key>SupportMenu</key>
5756 <dict>
5757 <key>Title</key>
5758 <string>SupportMenu</string>
5759 <key>URL</key>
5760 <string>http://example.com/support</string>
5761 <key>AccessKey</key>
5762 <string>S</string>
5763 </dict>
5764 </dict>
5765 ```
5766 #### policies.json
5767 ```
5768 {
5769 "policies": {
5770 "SupportMenu": {
5771 "Title": "Support Menu",
5772 "URL": "http://example.com/support",
5773 "AccessKey": "S"
5774 }
5775 }
5776 }
5777 ```
5778 ### StartDownloadsInTempDirectory
5779 Force downloads to start off in a local, temporary location rather than the default download directory.
5780
5781 **Compatibility:** Firefox 102\
5782 **CCK2 Equivalent:** N/A\
5783 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
5784
5785 #### Windows (GPO)
5786 ```
5787 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
5788 ```
5789 #### Windows (Intune)
5790 OMA-URI:
5791 ```
5792 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
5793 ```
5794 Value (string):
5795 ```
5796 <enabled/> or <disabled/>
5797 ```
5798 #### macOS
5799 ```
5800 <dict>
5801 <key>StartDownloadsInTempDirectory</key>
5802 <true/> | <false/>
5803 </dict>
5804 ```
5805 #### policies.json
5806 ```
5807 {
5808 "policies": {
5809 "StartDownloadsInTempDirectory": true | false
5810 }
5811 ```
5812 ### UserMessaging
5813
5814 Prevent Firefox from messaging the user in certain situations.
5815
5816 `WhatsNew` Remove the "What's New" icon and menuitem.
5817
5818 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
5819
5820 `FeatureRecommendations` If false, don't recommend browser features.
5821
5822 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
5823
5824 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
5825
5826 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
5827
5828 `Locked` prevents the user from changing user messaging preferences.
5829
5830 **Compatibility:** Firefox 75, Firefox ESR 68.7\
5831 **CCK2 Equivalent:** N/A\
5832 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
5833
5834 #### Windows (GPO)
5835 ```
5836 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
5837 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
5838 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
5839 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
5840 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
5841 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
5842 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
5843 ```
5844 #### Windows (Intune)
5845 OMA-URI:
5846 ```
5847 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
5848 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
5849 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
5850 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
5851 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
5852 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
5853 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
5854 ```
5855 Value (string):
5856 ```
5857 <enabled/> or <disabled/>
5858 ```
5859 #### macOS
5860 ```
5861 <dict>
5862 <key>UserMessaging</key>
5863 <dict>
5864 <key>WhatsNew</key>
5865 <true/> | <false/>
5866 <key>ExtensionRecommendations</key>
5867 <true/> | <false/>
5868 <key>FeatureRecommendations</key>
5869 <true/> | <false/>
5870 <key>UrlbarInterventions</key>
5871 <true/> | <false/>
5872 <key>SkipOnboarding</key>
5873 <true/> | <false/>
5874 <key>MoreFromMozilla</key>
5875 <true/> | <false/>
5876 <key>Locked</key>
5877 <true/> | <false/>
5878 </dict>
5879 </dict>
5880 ```
5881 #### policies.json
5882 ```
5883 {
5884 "policies": {
5885 "UserMessaging": {
5886 "WhatsNew": true | false,
5887 "ExtensionRecommendations": true | false,
5888 "FeatureRecommendations": true | false,
5889 "UrlbarInterventions": true | false,
5890 "SkipOnboarding": true | false,
5891 "MoreFromMozilla": true | false,
5892 "Locked": true | false
5893 }
5894 }
5895 }
5896 ```
5897 ### UseSystemPrintDialog
5898 Use the system print dialog instead of the print preview window.
5899
5900 **Compatibility:** Firefox 102\
5901 **CCK2 Equivalent:** N/A\
5902 **Preferences Affected:** `print.prefer_system_dialog`
5903
5904 #### Windows (GPO)
5905 ```
5906 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
5907 ```
5908 #### Windows (Intune)
5909 OMA-URI:
5910 ```
5911 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
5912 ```
5913 Value (string):
5914 ```
5915 <enabled/> or <disabled/>
5916 ```
5917 #### macOS
5918 ```
5919 <dict>
5920 <key>UseSystemPrintDialog</key>
5921 <true/> | <false/>
5922 </dict>
5923 ```
5924 #### policies.json
5925 ```
5926 {
5927 "policies": {
5928 "UseSystemPrintDialog": true | false
5929 }
5930 }
5931 ```
5932 ### WebsiteFilter
5933 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
5934 The arrays are limited to 1000 entries each.
5935
5936 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
5937
5938 For specific protocols, use `https://*/*` or `http://*/*`.
5939
5940 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
5941
5942 **Compatibility:** Firefox 60, Firefox ESR 60\
5943 **CCK2 Equivalent:** N/A\
5944 **Preferences Affected:** N/A
5945
5946 #### Windows (GPO)
5947 ```
5948 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
5949 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
5950 ```
5951 #### Windows (Intune)
5952 OMA-URI:
5953 ```
5954 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
5955 ```
5956 Value (string):
5957 ```
5958 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
5959 ```
5960 OMA-URI:
5961 ```
5962 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
5963 ```
5964 Value (string):
5965 ```
5966 <enabled/>
5967 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
5968 ```
5969 #### macOS
5970 ```
5971 <dict>
5972 <key>WebsiteFilter</key>
5973 <dict>
5974 <key>Block</key>
5975 <array>
5976 <string><all_urls></string>
5977 </array>
5978 <key>Exceptions</key>
5979 <array>
5980 <string>http://example.org/*</string>
5981 </array>
5982 </dict>
5983
5984 </dict>
5985 ```
5986 #### policies.json
5987 ```
5988 {
5989 "policies": {
5990 "WebsiteFilter": {
5991 "Block": ["<all_urls>"],
5992 "Exceptions": ["http://example.org/*"]
5993 }
5994 }
5995 }
5996 ```
5997 ### WindowsSSO
5998 Allow Windows single sign-on for Microsoft, work, and school accounts.
5999
6000 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6001
6002 **Compatibility:** Firefox 91\
6003 **CCK2 Equivalent:** N/A\
6004 **Preferences Affected:** `network.http.windows-sso.enabled`
6005
6006 #### Windows (GPO)
6007 ```
6008 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6009 ```
6010 #### Windows (Intune)
6011 OMA-URI:
6012 ```
6013 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6014 ```
6015 Value (string):
6016 ```
6017 <enabled/> or <disabled/>
6018 ```
6019 #### policies.json
6020 ```
6021 {
6022 "policies": {
6023 "WindowsSSO": true | false
6024 }
6025 }
6026 ```

patrick-canterino.de