]> git.p6c8.net - policy-templates.git/blob - docs/index.md
3d219433015db8936bd5e9de36c0ae11263ed056
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
21 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
22 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
23 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
24 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
25 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
26 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
27 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
28 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
29 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
30 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
31 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
32 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
33 | **[`Certificates`](#certificates)** |
34 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
35 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
36 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
37 | **[`ContentAnalysis`](#contentanalysis)** | Configure Firefox to use an agent for Data Loss Prevention (DLP) that is compatible with the [Google Chrome Content Analysis Connector Agent SDK](https://github.com/chromium/content_analysis_sdk).
38 | **[`Cookies`](#cookies)** | Configure cookie preferences.
39 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
40 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
41 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
42 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
43 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
44 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
45 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
46 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
47 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
48 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
49 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
50 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
51 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
52 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
53 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
54 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
55 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
56 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
57 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
58 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
59 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
60 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
61 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
62 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
63 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
64 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
65 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
66 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
67 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
68 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
69 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
70 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
71 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
72 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
73 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
74 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
75 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
76 | **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
77 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
78 | **[`Handlers`](#handlers)** | Configure default application handlers.
79 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
80 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
81 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
82 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
83 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
84 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
85 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
86 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
87 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
88 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
89 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
90 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
91 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
92 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
93 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
94 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
95 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
96 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
97 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
98 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
99 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
100 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
101 | **[`Preferences`](#preferences)** | Set and lock preferences.
102 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
103 | **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
104 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
105 | **[`Proxy`](#proxy)** | Configure proxy settings.
106 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
107 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
108 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
109 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
110 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
111 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
112 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
113 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
114 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
115 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
116 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
117 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
118 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
119 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
120 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
121 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
122 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
123 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
124 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
125 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
126
127 ### 3rdparty
128
129 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
130
131 For GPO and Intune, the extension developer should provide an ADMX file.
132
133 **Compatibility:** Firefox 68\
134 **CCK2 Equivalent:** N/A\
135 **Preferences Affected:** N/A
136
137 #### macOS
138 ```
139 <dict>
140 <key>3rdparty</key>
141 <dict>
142 <key>Extensions</key>
143 <dict>
144 <key>uBlock0@raymondhill.net</key>
145 <dict>
146 <key>adminSettings</key>
147 <dict>
148 <key>selectedFilterLists</key>
149 <array>
150 <string>ublock-privacy</string>
151 <string>ublock-badware</string>
152 <string>ublock-filters</string>
153 <string>user-filters</string>
154 </array>
155 </dict>
156 </dict>
157 </dict>
158 </dict>
159 </dict>
160 ```
161 #### policies.json
162 ```
163 {
164 "policies": {
165 "3rdparty": {
166 "Extensions": {
167 "uBlock0@raymondhill.net": {
168 "adminSettings": {
169 "selectedFilterLists": [
170 "ublock-privacy",
171 "ublock-badware",
172 "ublock-filters",
173 "user-filters"
174 ]
175 }
176 }
177 }
178 }
179 }
180 }
181 ```
182
183 ### AllowedDomainsForApps
184
185 Define domains allowed to access Google Workspace.
186
187 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
188
189 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
190
191 **Compatibility:** Firefox 89, Firefox ESR 78.11\
192 **CCK2 Equivalent:** N/A\
193 **Preferences Affected:** N/A
194
195 #### Windows (GPO)
196 ```
197 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
198 ```
199 #### Windows (Intune)
200 OMA-URI:
201 ```
202 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
203 ```
204 Value (string):
205 ```
206 <enabled/>
207 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
208 ```
209 #### macOS
210 ```
211 <dict>
212 <key>AllowedDomainsForApps</key>
213 <string>managedfirefox.com,example.com</string>
214 </dict>
215 ```
216 #### policies.json
217 ```
218 {
219 "policies": {
220 "AllowedDomainsForApps": "managedfirefox.com,example.com"
221 }
222 }
223 ```
224 ### AllowFileSelectionDialogs
225
226 Enable or disable file selection dialogs.
227
228 **Compatibility:** Firefox 124\
229 **CCK2 Equivalent:** N/A\
230 **Preferences Affected:** `widget.disable_file_pickers`
231
232 #### Windows (GPO)
233 ```
234 Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0
235 ```
236 #### Windows (Intune)
237 OMA-URI:
238 ```
239 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate
240 ```
241 Value (string):
242 ```
243 <enabled/> or <disabled/>
244 ```
245 #### macOS
246 ```
247 <dict>
248 <key>AllowFileSelectionDialogs</key>
249 <true/> | <false/>
250 </dict>
251 ```
252 #### policies.json
253 ```
254 {
255 "policies": {
256 "AllowFileSelectionDialogs": true | false
257 }
258 }
259 ```
260 ### AppAutoUpdate
261
262 Enable or disable **automatic** application update.
263
264 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
265
266 If set to false, application updates are downloaded but the user can choose when to install the update.
267
268 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
269
270 **Compatibility:** Firefox 75, Firefox ESR 68.7\
271 **CCK2 Equivalent:** N/A\
272 **Preferences Affected:** `app.update.auto`
273
274 #### Windows (GPO)
275 ```
276 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
277 ```
278 #### Windows (Intune)
279 OMA-URI:
280 ```
281 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
282 ```
283 Value (string):
284 ```
285 <enabled/> or <disabled/>
286 ```
287 #### macOS
288 ```
289 <dict>
290 <key>AppAutoUpdate</key>
291 <true/> | <false/>
292 </dict>
293 ```
294 #### policies.json
295 ```
296 {
297 "policies": {
298 "AppAutoUpdate": true | false
299 }
300 }
301 ```
302 ### AppUpdatePin
303
304 Prevent Firefox from being updated beyond the specified version.
305
306 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
307
308 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
309
310 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
311
312 **Compatibility:** Firefox 102,\
313 **CCK2 Equivalent:** N/A\
314 **Preferences Affected:** N/A
315
316 #### Windows (GPO)
317 ```
318 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
319 ```
320 #### Windows (Intune)
321 OMA-URI:
322 ```
323 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
324 ```
325 Value (string):
326 ```
327 <enabled/>
328 <data id="AppUpdatePin" value="106."/>
329 ```
330 #### macOS
331 ```
332 <dict>
333 <key>AppUpdatePin</key>
334 <string>106.</string>
335 </dict>
336 ```
337 #### policies.json
338 ```
339 {
340 "policies": {
341 "AppUpdatePin": "106."
342 }
343 }
344 ```
345 ### AppUpdateURL
346
347 Change the URL for application update if you are providing Firefox updates from a custom update server.
348
349 **Compatibility:** Firefox 62, Firefox ESR 60.2\
350 **CCK2 Equivalent:** N/A\
351 **Preferences Affected:** `app.update.url`
352
353 #### Windows (GPO)
354 ```
355 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
356 ```
357 #### Windows (Intune)
358 OMA-URI:
359 ```
360 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
361 ```
362 Value (string):
363 ```
364 <enabled/>
365 <data id="AppUpdateURL" value="https://yoursite.com"/>
366 ```
367 #### macOS
368 ```
369 <dict>
370 <key>AppUpdateURL</key>
371 <string>https://yoursite.com</string>
372 </dict>
373 ```
374 #### policies.json
375 ```
376 {
377 "policies": {
378 "AppUpdateURL": "https://yoursite.com"
379 }
380 }
381 ```
382 ### Authentication
383
384 Configure sites that support integrated authentication.
385
386 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
387
388 `PrivateBrowsing` enables integrated authentication in private browsing.
389
390 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
391 **CCK2 Equivalent:** N/A\
392 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
393
394 #### Windows (GPO)
395 ```
396 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
397 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
398 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
399 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
400 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
401 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
402 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
403 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
404 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
405 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
406 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
407 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
408 ```
409 #### Windows (Intune)
410 OMA-URI:
411 ```
412 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
413 ```
414 Value (string):
415 ```
416 <enabled/>
417 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
418 ```
419 OMA-URI:
420 ```
421 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
422 ```
423 Value (string):
424 ```
425 <enabled/>
426 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
427 ```
428 OMA-URI:
429 ```
430 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
431 ```
432 Value (string):
433 ```
434 <enabled/>
435 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
436 ```
437 OMA-URI:
438 ```
439 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
440 ```
441 Value (string):
442 ```
443 <enabled/>
444 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
445 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
446 ```
447 OMA-URI:
448 ```
449 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
450 ```
451 Value (string):
452 ```
453 <enabled/> or <disabled/>
454 ```
455 OMA-URI:
456 ```
457 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
458 ```
459 Value (string):
460 ```
461 <enabled/> or <disabled/>
462 ```
463 #### macOS
464 ```
465 <dict>
466 <key>Authentication</key>
467 <dict>
468 <key>SPNEGO</key>
469 <array>
470 <string>mydomain.com</string>
471 <string>https://myotherdomain.com</string>
472 </array>
473 <key>Delegated</key>
474 <array>
475 <string>mydomain.com</string>
476 <string>https://myotherdomain.com</string>
477 </array>
478 <key>NTLM</key>
479 <array>
480 <string>mydomain.com</string>
481 <string>https://myotherdomain.com</string>
482 </array>
483 <key>AllowNonFQDN</key>
484 <dict>
485 <key>SPNEGO</key>
486 <true/> | <false/>
487 <key>NTLM</key>
488 <true/> | <false/>
489 </dict>
490 <key>AllowProxies</key>
491 <dict>
492 <key>SPNEGO</key>
493 <true/> | <false/>
494 <key>NTLM</key>
495 <true/> | <false/>
496 </dict>
497 <key>Locked</key>
498 <true/> | <false/>
499 <key>PrivateBrowsing</key>
500 <true/> | <false/>
501 </dict>
502 </dict>
503 ```
504 #### policies.json
505 ```
506 {
507 "policies": {
508 "Authentication": {
509 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
510 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
511 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
512 "AllowNonFQDN": {
513 "SPNEGO": true | false,
514 "NTLM": true | false
515 },
516 "AllowProxies": {
517 "SPNEGO": true | false,
518 "NTLM": true | false
519 },
520 "Locked": true | false,
521 "PrivateBrowsing": true | false
522 }
523 }
524 }
525 ```
526 ### AutoLaunchProtocolsFromOrigins
527 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
528
529 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
530
531 The schema is:
532 ```
533 {
534 "items": {
535 "properties": {
536 "allowed_origins": {
537 "items": {
538 "type": "string"
539 },
540 "type": "array"
541 },
542 "protocol": {
543 "type": "string"
544 }
545 },
546 "required": [
547 "protocol",
548 "allowed_origins"
549 ],
550 "type": "object"
551 },
552 "type": "array"
553 }
554 ```
555 **Compatibility:** Firefox 90, Firefox ESR 78.12\
556 **CCK2 Equivalent:** N/A\
557 **Preferences Affected:** N/A
558
559 #### Windows (GPO)
560 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
561 ```
562 [
563 {
564 "protocol": "zoommtg",
565 "allowed_origins": [
566 "https://somesite.zoom.us"
567 ]
568 }
569 ]
570 ```
571 #### Windows (Intune)
572 OMA-URI:
573 ```
574 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
575 ```
576 Value (string):
577 ```
578 <enabled/>
579 <data id="JSON" value='
580 [
581 {
582 "protocol": "zoommtg",
583 "allowed_origins": [
584 "https://somesite.zoom.us"
585 ]
586 }
587 ]'/>
588 ```
589 #### macOS
590 ```
591 <dict>
592 <key>AutoLaunchProtocolsFromOrigins</key>
593 <array>
594 <dict>
595 <key>protocol</key>
596 <string>zoommtg</string>
597 <key>allowed_origins</key>
598 <array>
599 <string>https://somesite.zoom.us</string>
600 </array>
601 </dict>
602 </array>
603 </dict>
604 ```
605 #### policies.json
606 ```
607 {
608 "policies": {
609 "AutoLaunchProtocolsFromOrigins": [{
610 "protocol": "zoommtg",
611 "allowed_origins": [
612 "https://somesite.zoom.us"
613 ]
614 }]
615 }
616 }
617 ```
618 ### BackgroundAppUpdate
619
620 Enable or disable **automatic** application update **in the background**, when the application is not running.
621
622 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
623
624 If set to false, the application will not try to install updates when the application is not running.
625
626 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
627
628 If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows).
629
630 **Compatibility:** Firefox 90 (Windows only)\
631 **CCK2 Equivalent:** N/A\
632 **Preferences Affected:** `app.update.background.enabled`
633
634 #### Windows (GPO)
635 ```
636 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
637 ```
638 #### Windows (Intune)
639 OMA-URI:
640 ```
641 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
642 ```
643 Value (string):
644 ```
645 <enabled/> or <disabled/>
646 ```
647 #### macOS
648 ```
649 <dict>
650 <key>BackgroundAppUpdate</key>
651 <true/> | <false/>
652 </dict>
653 ```
654 #### policies.json
655 ```
656 {
657 "policies": {
658 "BackgroundAppUpdate": true | false
659 }
660 }
661 ```
662 ### BlockAboutAddons
663
664 Block access to the Add-ons Manager (about:addons).
665
666 **Compatibility:** Firefox 60, Firefox ESR 60\
667 **CCK2 Equivalent:** `disableAddonsManager`\
668 **Preferences Affected:** N/A
669
670 #### Windows (GPO)
671 ```
672 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
673 ```
674 #### Windows (Intune)
675 OMA-URI:
676 ```
677 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
678 ```
679 Value (string):
680 ```
681 <enabled/> or <disabled/>
682 ```
683 #### macOS
684 ```
685 <dict>
686 <key>BlockAboutAddons</key>
687 <true/> | <false/>
688 </dict>
689 ```
690 #### policies.json
691 ```
692 {
693 "policies": {
694 "BlockAboutAddons": true | false
695 }
696 }
697 ```
698 ### BlockAboutConfig
699
700 Block access to about:config.
701
702 **Compatibility:** Firefox 60, Firefox ESR 60\
703 **CCK2 Equivalent:** `disableAboutConfig`\
704 **Preferences Affected:** N/A
705
706 #### Windows (GPO)
707 ```
708 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
709 ```
710 #### Windows (Intune)
711 OMA-URI:
712 ```
713 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
714 ```
715 Value (string):
716 ```
717 <enabled/> or <disabled/>
718 ```
719 #### macOS
720 ```
721 <dict>
722 <key>BlockAboutConfig</key>
723 <true/> | <false/>
724 </dict>
725 ```
726 #### policies.json
727 ```
728 {
729 "policies": {
730 "BlockAboutConfig": true | false
731 }
732 }
733 ```
734 ### BlockAboutProfiles
735
736 Block access to About Profiles (about:profiles).
737
738 **Compatibility:** Firefox 60, Firefox ESR 60\
739 **CCK2 Equivalent:** `disableAboutProfiles`\
740 **Preferences Affected:** N/A
741
742 #### Windows (GPO)
743 ```
744 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
745 ```
746 #### Windows (Intune)
747 OMA-URI:
748 ```
749 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
750 ```
751 Value (string):
752 ```
753 <enabled/> or <disabled/>
754 ```
755 #### macOS
756 ```
757 <dict>
758 <key>BlockAboutProfiles</key>
759 <true/> | <false/>
760 </dict>
761 ```
762 #### policies.json
763 ```
764 {
765 "policies": {
766 "BlockAboutProfiles": true | false
767 }
768 }
769 ```
770 ### BlockAboutSupport
771
772 Block access to Troubleshooting Information (about:support).
773
774 **Compatibility:** Firefox 60, Firefox ESR 60\
775 **CCK2 Equivalent:** `disableAboutSupport`\
776 **Preferences Affected:** N/A
777
778 #### Windows (GPO)
779 ```
780 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
781 ```
782 #### Windows (Intune)
783 OMA-URI:
784 ```
785 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
786 ```
787 Value (string):
788 ```
789 <enabled/> or <disabled/>
790 ```
791 #### macOS
792 ```
793 <dict>
794 <key>BlockAboutSupport</key>
795 <true/> | <false/>
796 </dict>
797 ```
798 #### policies.json
799 ```
800 {
801 "policies": {
802 "BlockAboutSupport": true | false
803 }
804 }
805 ```
806 ### Bookmarks
807
808 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
809
810 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
811
812 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
813
814 **Compatibility:** Firefox 60, Firefox ESR 60\
815 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
816 **Preferences Affected:** N/A
817
818 #### Windows (GPO)
819 ```
820 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
821 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
822 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
823 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
824 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
825
826 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
827 ```
828 []
829 ```
830
831 ```
832 #### Windows (Intune)
833 OMA-URI:
834 ```
835 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
836 ```
837 Value (string):
838 ```
839 <enabled/>
840 <data id="BookmarkTitle" value="Example"/>
841 <data id="BookmarkURL" value="https://example.com"/>
842 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
843 <data id="BookmarkPlacement" value="toolbar | menu"/>
844 <data id="BookmarkFolder" value="FolderName"/>
845 ```
846 OMA-URI:
847 ```
848 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
849 ```
850 Value (string):
851 ```
852 <enabled/>
853 <data id="JSON" value='[]'/>
854 ```
855 #### macOS
856 ```
857 <dict>
858 <key>Bookmarks</key>
859 <array>
860 <dict>
861 <key>Title</key>
862 <string>Example</string>
863 <key>URL</key>
864 <string>https://example.com</string>
865 <key>Favicon</key>
866 <string>https://example.com/favicon.ico</string>
867 <key>Placement</key>
868 <string>toolbar | menu</string>
869 <key>Folder</key>
870 <string>FolderName</string>
871 </dict>
872 </array>
873 </dict>
874 ```
875 #### policies.json
876 ```
877 {
878 "policies": {
879 "Bookmarks": [
880 {
881 "Title": "Example",
882 "URL": "https://example.com",
883 "Favicon": "https://example.com/favicon.ico",
884 "Placement": "toolbar" | "menu",
885 "Folder": "FolderName"
886 }
887 ]
888 }
889 }
890 ```
891 ### CaptivePortal
892 Enable or disable the detection of captive portals.
893
894 **Compatibility:** Firefox 67, Firefox ESR 60.7\
895 **CCK2 Equivalent:** N/A\
896 **Preferences Affected:** `network.captive-portal-service.enabled`
897
898 #### Windows (GPO)
899 ```
900 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
901 ```
902 #### Windows (Intune)
903 OMA-URI:
904 ```
905 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
906 ```
907 Value (string):
908 ```
909 <enabled/> or <disabled/>
910 ```
911 #### macOS
912 ```
913 <dict>
914 <key>CaptivePortal</key>
915 <true/> | <false/>
916 </dict>
917 ```
918 #### policies.json
919 ```
920 {
921 "policies": {
922 "CaptivePortal": true | false
923 }
924 }
925 ```
926 ### Certificates
927
928 ### Certificates | ImportEnterpriseRoots
929
930 Trust certificates that have been added to the operating system certificate store by a user or administrator.
931
932 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
933
934 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
935
936 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
937 **CCK2 Equivalent:** N/A\
938 **Preferences Affected:** `security.enterprise_roots.enabled`
939
940 #### Windows (GPO)
941 ```
942 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
943 ```
944 #### Windows (Intune)
945 OMA-URI:
946 ```
947 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
948 ```
949 Value (string):
950 ```
951 <enabled/> or <disabled/>
952 ```
953 #### macOS
954 ```
955 <dict>
956 <key>Certificates</key>
957 <dict>
958 <key>ImportEnterpriseRoots</key>
959 <true/> | <false/>
960 </dict>
961 </dict>
962 ```
963 #### policies.json
964 ```
965 {
966 "policies": {
967 "Certificates": {
968 "ImportEnterpriseRoots": true | false
969 }
970 }
971 }
972 ```
973 ### Certificates | Install
974
975 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
976
977 - Windows
978 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
979 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
980 - macOS
981 - /Library/Application Support/Mozilla/Certificates
982 - ~/Library/Application Support/Mozilla/Certificates
983 - Linux
984 - /usr/lib/mozilla/certificates
985 - /usr/lib64/mozilla/certificates
986 - ~/.mozilla/certificates
987
988 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
989
990 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
991
992 Certificates are installed using the trust string `CT,CT,`.
993
994 Binary (DER) and ASCII (PEM) certificates are both supported.
995
996 **Compatibility:** Firefox 64, Firefox ESR 64\
997 **CCK2 Equivalent:** `certs.ca`\
998 **Preferences Affected:** N/A
999
1000 #### Windows (GPO)
1001 ```
1002 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
1003 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
1004 ```
1005 #### Windows (Intune)
1006 OMA-URI:
1007 ```
1008 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
1009 ```
1010 Value (string):
1011 ```
1012 <enabled/>
1013 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
1014 ```
1015 #### macOS
1016 ```
1017 <dict>
1018 <key>Certificates</key>
1019 <dict>
1020 <key>Install</key>
1021 <array>
1022 <string>cert1.der</string>
1023 <string>/Users/username/cert2.pem</string>
1024 </array>
1025 </dict>
1026 </dict>
1027 ```
1028 #### policies.json
1029 ```
1030 {
1031 "policies": {
1032 "Certificates": {
1033 "Install": ["cert1.der", "/home/username/cert2.pem"]
1034 }
1035 }
1036 }
1037 ```
1038 ### Containers
1039 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1040
1041 Currently you can set the initial set of containers.
1042
1043 For each container, you can specify the name, icon, and color.
1044
1045 | Name | Description |
1046 | --- | --- |
1047 | `name`| Name of container
1048 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1049 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1050
1051 **Compatibility:** Firefox 113\
1052 **CCK2 Equivalent:** N/A\
1053 **Preferences Affected:** N/A
1054
1055 #### Windows (GPO)
1056 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1057 ```
1058 {
1059 "Default": [
1060 {
1061 "name": "My container",
1062 "icon": "pet",
1063 "color": "turquoise"
1064 }
1065 ]
1066 }
1067 ```
1068 #### Windows (Intune)
1069 OMA-URI:
1070 ```
1071 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1072 ```
1073 Value (string):
1074 ```
1075 <enabled/>
1076 <data id="JSON" value='
1077 {
1078 "Default": [
1079 {
1080 "name": "My container",
1081 "icon": "pet",
1082 "color": "turquoise"
1083 }
1084 ]
1085 }
1086 '/>
1087 ```
1088 #### macOS
1089 ```
1090 <dict>
1091 <key>Default</key>
1092 <dict>
1093 <key>Containers</key>
1094 <array>
1095 <dict>
1096 <key>name</key>
1097 <string>My container</string>
1098 <key>icon</key>
1099 <string>pet</string>
1100 <key>color</key>
1101 <string>turquoise</string>
1102 </dict>
1103 </array>
1104 </dict>
1105 </dict>
1106 ```
1107 #### policies.json
1108 ```
1109 {
1110 "policies": {
1111 "Containers": {
1112 "Default": [
1113 {
1114 "name": "My container",
1115 "icon": "pet",
1116 "color": "turquoise"
1117 }
1118 ]
1119 }
1120 }
1121 }
1122 ```
1123 ### ContentAnalysis
1124 Configure Firefox to use an agent for Data Loss Prevention (DLP) that is compatible with the [Google Chrome Content Analysis Connector Agent SDK](https://github.com/chromium/content_analysis_sdk).
1125
1126 `AgentName` is the name of the DLP agent. This is used in dialogs and notifications about DLP operations. The default is "A DLP Agent".
1127
1128 `AgentTimeout` is the timeout in number of seconds after a DLP request is sent to the agent. After this timeout, the request will be denied unless `DefaultResult` is set to 1 or 2. The default is 30.
1129
1130 `AllowUrlRegexList` is a space-separated list of regular expressions that indicates URLs for which DLP operations will always be allowed without consulting the agent. The default is the empty string.
1131
1132 `BypassForSameTabOperations` indicates whether Firefox will automatically allow DLP requests whose data comes from the same tab and frame - for example, if data is copied to the clipboard and then pasted on the same page. The default is false.
1133
1134 `ClientSignature` indicates the required signature of the DLP agent connected to the pipe. If this is a non-empty string and the DLP agent does not have a signature with a Subject Name that exactly matches this value, Firefox will not connect to the pipe. The default is the empty string.
1135
1136 `DefaultResult` indicates the desired behavior for DLP requests if there is a problem connecting to the DLP agent. The default is 0.
1137
1138 | Value | Description
1139 | --- | --- |
1140 | 0 | Deny the request (default)
1141 | 1 | Warn the user and allow them to choose whether to allow or deny
1142 | 2 | Allow the request
1143
1144 `DenyUrlRegexList` is a space-separated list of regular expressions that indicates URLs for which DLP operations will always be denied without consulting the agent. The default is the empty string.
1145
1146 `Enabled` indicates whether Firefox should use DLP. Note that if this value is true and no DLP agent is running, all DLP requests will be denied unless `DefaultResult` is set to 1 or 2.
1147
1148 `IsPerUser` indicates whether the pipe the DLP agent has created is per-user or per-system. The default is true, meaning per-user.
1149
1150 `PipePathName` is the name of the pipe the DLP agent has created and Firefox will connect to. The default is "path_user".
1151
1152 `ShowBlockedResult` indicates whether Firefox should show a notification when a DLP request is denied. The default is true.
1153
1154 **Compatibility:** Firefox 127\
1155 **CCK2 Equivalent:** N/A\
1156 **Preferences Affected:** `browser.contentanalysis.agent_name`, `browser.contentanalysis.agent_timeout`, `browser.contentanalysis.allow_url_regex_list`, `browser.contentanalysis.bypass_for_same_tab_operations`, `browser.contentanalysis.client_signature`, `browser.contentanalysis.default_result`, `browser.contentanalysis.deny_url_regex_list`, `browser.contentanalysis.enabled`, `browser.contentanalysis.is_per_user`, `browser.contentanalysis.pipe_path_name`, `browser.contentanalysis.show_blocked_result`
1157
1158 #### Windows (GPO)
1159 ```
1160 Software\Policies\Mozilla\Firefox\ContentAnalysis\AgentName = "My DLP Product"
1161 Software\Policies\Mozilla\Firefox\ContentAnalysis\AgentTimeout = 60
1162 Software\Policies\Mozilla\Firefox\ContentAnalysis\AllowUrlRegexList = "https://example\.com/.* https://subdomain\.example\.com/.*"
1163 Software\Policies\Mozilla\Firefox\ContentAnalysis\BypassForSameTabOperations = 0x1 | 0x0
1164 Software\Policies\Mozilla\Firefox\ContentAnalysis\ClientSignature = "My DLP Company"
1165 Software\Policies\Mozilla\Firefox\ContentAnalysis\DefaultResult = 0x0 | 0x1 | 0x2
1166 Software\Policies\Mozilla\Firefox\ContentAnalysis\DenyUrlRegexList = "https://example\.com/.* https://subdomain\.example\.com/.*"
1167 Software\Policies\Mozilla\Firefox\ContentAnalysis\Enabled = 0x1 | 0x0
1168 Software\Policies\Mozilla\Firefox\ContentAnalysis\IsPerUser = 0x1 | 0x0
1169 Software\Policies\Mozilla\Firefox\ContentAnalysis\PipePathName = "pipe_custom_name"
1170 Software\Policies\Mozilla\Firefox\ContentAnalysis\ShowBlockedResult = 0x1 | 0x0
1171 ```
1172
1173 #### Windows (Intune)
1174 OMA-URI:
1175 ```
1176 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_AgentName
1177 ```
1178 Value (string):
1179 ```
1180 <enabled/>
1181 <data id="ContentAnalysis_AgentName" value="My DLP Product"/>
1182 ```
1183 OMA-URI:
1184 ```
1185 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_AgentTimeout
1186 ```
1187 Value (string):
1188 ```
1189 <enabled/>
1190 <data id="ContentAnalysis_AgentTimeout" value="60"/>
1191 ```
1192 OMA-URI:
1193 ```
1194 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_AllowUrlRegexList
1195 ```
1196 Value (string):
1197 ```
1198 <enabled/>
1199 <data id="ContentAnalysis_AllowUrlRegexList" value="https://example\.com/.* https://subdomain\.example\.com/.*"/>
1200 ```
1201 OMA-URI:
1202 ```
1203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_BypassForSameTabOperations
1204 ```
1205 Value (string):
1206 ```
1207 <enabled/> or <disabled/>
1208 ```
1209 OMA-URI:
1210 ```
1211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_ClientSignature
1212 ```
1213 Value (string):
1214 ```
1215 <enabled/>
1216 <data id="ContentAnalysis_ClientSignature" value="My DLP Company"/>
1217 ```
1218 OMA-URI:
1219 ```
1220 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_DefaultResult
1221 ```
1222 Value (string):
1223 ```
1224 <enabled/>
1225 <data id="ContentAnalysis_DefaultResult" value="1"/>
1226 ```
1227 OMA-URI:
1228 ```
1229 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_DenyUrlRegexList
1230 ```
1231 Value (string):
1232 ```
1233 <enabled/>
1234 <data id="ContentAnalysis_DenyUrlRegexList" value="https://example\.com/.* https://subdomain\.example\.com/.*"/>
1235 ```
1236 OMA-URI:
1237 ```
1238 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_Enabled
1239 ```
1240 Value (string):
1241 ```
1242 <enabled/> or <disabled/>
1243 ```
1244 OMA-URI:
1245 ```
1246 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_IsPerUser
1247 ```
1248 Value (string):
1249 ```
1250 <enabled/> or <disabled/>
1251 ```
1252 OMA-URI:
1253 ```
1254 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_PipePathName
1255 ```
1256 Value (string):
1257 ```
1258 <enabled/>
1259 <data id="ContentAnalysis_PipePathName" value="pipe_custom_name"/>
1260 ```
1261 OMA-URI:
1262 ```
1263 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_ShowBlockedResult
1264 ```
1265 Value (string):
1266 ```
1267 <enabled/> or <disabled/>
1268 ```
1269
1270 #### policies.json
1271 ```
1272 {
1273 "policies": {
1274 "ContentAnalysis": {
1275 "AgentName": "My DLP Product",
1276 "AgentTimeout": 60,
1277 "AllowUrlRegexList": "https://example\.com/.* https://subdomain\.example\.com/.*",
1278 "BypassForSameTabOperations": true | false,
1279 "ClientSignature": "My DLP Company",
1280 "DefaultResult": 0 | 1 | 2,
1281 "DenyUrlRegexList": "https://example\.com/.* https://subdomain\.example\.com/.*",
1282 "Enabled": true | false,
1283 "IsPerUser": true | false,
1284 "PipePathName": "pipe_custom_name",
1285 "ShowBlockedResult": true | false,
1286 }
1287 }
1288 }
1289 ```
1290
1291 ### Cookies
1292 Configure cookie preferences.
1293
1294 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1295
1296 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1297
1298 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1299
1300 `Behavior` sets the default behavior for cookies based on the values below.
1301
1302 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1303
1304 | Value | Description
1305 | --- | --- |
1306 | accept | Accept all cookies
1307 | reject-foreign | Reject third party cookies
1308 | reject | Reject all cookies
1309 | limit-foreign | Reject third party cookies for sites you haven't visited
1310 | reject-tracker | Reject cookies for known trackers (default)
1311 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1312
1313 `Locked` prevents the user from changing cookie preferences.
1314
1315 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1316 **CCK2 Equivalent:** N/A\
1317 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1318
1319 #### Windows (GPO)
1320 ```
1321 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1322 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1323 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1324 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1325 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1326 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1327 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1328 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1329 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1330 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1331 ```
1332 #### Windows (Intune)
1333 OMA-URI:
1334 ```
1335 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1336 ```
1337 Value (string):
1338 ```
1339 <enabled/>
1340 <data id="Permissions" value="1&#xF000;https://example.com"/>
1341 ```
1342 OMA-URI:
1343 ```
1344 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1345 ```
1346 Value (string):
1347 ```
1348 <enabled/>
1349 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1350 ```
1351 OMA-URI:
1352 ```
1353 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1354 ```
1355 Value (string):
1356 ```
1357 <enabled/>
1358 <data id="Permissions" value="1&#xF000;https://example.org"/>
1359 ```
1360 OMA-URI:
1361 ```
1362 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1363 ```
1364 Value (string):
1365 ```
1366 <enabled/> or <disabled/>
1367 ```
1368 OMA-URI:
1369 ```
1370 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1371 ```
1372 Value (string):
1373 ```
1374 <enabled/>
1375 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1376 ```
1377 OMA-URI:
1378 ```
1379 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1380 ```
1381 Value (string):
1382 ```
1383 <enabled/> or <disabled/>
1384 ```
1385 OMA-URI:
1386 ```
1387 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1388 ```
1389 Value (string):
1390 ```
1391 <enabled/> or <disabled/>
1392 ```
1393 OMA-URI:
1394 ```
1395 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1396 ```
1397 Value (string):
1398 ```
1399 <enabled/> or <disabled/>
1400 ```
1401 OMA-URI:
1402 ```
1403 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1404 ```
1405 Value (string):
1406 ```
1407 <enabled/>
1408 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1409 ```
1410 OMA-URI:
1411 ```
1412 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1413 ```
1414 Value (string):
1415 ```
1416 <enabled/>
1417 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1418 ```
1419 #### macOS
1420 ```
1421 <dict>
1422 <key>Cookies</key>
1423 <dict>
1424 <key>Allow</key>
1425 <array>
1426 <string>http://example.com</string>
1427 </array>
1428 <key>AllowSession</key>
1429 <array>
1430 <string>http://example.edu</string>
1431 </array>
1432 <key>Block</key>
1433 <array>
1434 <string>http://example.org</string>
1435 </array>
1436 <key>Default</key>
1437 <true/> | <false/>
1438 <key>AcceptThirdParty</key>
1439 <string>always | never | from-visited</string>
1440 <key>ExpireAtSessionEnd</key>
1441 <true/> | <false/>
1442 <key>RejectTracker</key>
1443 <true/> | <false/>
1444 <key>Locked</key>
1445 <true/> | <false/>
1446 <key>Behavior</key>
1447 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1448 <key>BehaviorPrivateBrowsing</key>
1449 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1450 </dict>
1451 </dict>
1452 ```
1453 #### policies.json
1454 ```
1455 {
1456 "policies": {
1457 "Cookies": {
1458 "Allow": ["http://example.org/"],
1459 "AllowSession": ["http://example.edu/"],
1460 "Block": ["http://example.edu/"],
1461 "Default": true | false,
1462 "AcceptThirdParty": "always" | "never" | "from-visited",
1463 "ExpireAtSessionEnd": true | false,
1464 "RejectTracker": true | false,
1465 "Locked": true | false,
1466 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1467 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1468 }
1469 }
1470 }
1471 ```
1472 ### DefaultDownloadDirectory
1473 Set the default download directory.
1474
1475 You can use ${home} for the native home directory.
1476
1477 **Compatibility:** Firefox 68, Firefox ESR 68\
1478 **CCK2 Equivalent:** N/A\
1479 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1480
1481 #### Windows (GPO)
1482 ```
1483 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1484 ```
1485 #### Windows (Intune)
1486 OMA-URI:
1487 ```
1488 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1489 ```
1490 Value (string):
1491 ```
1492 <enabled/>
1493 <data id="Preferences_String" value="${home}\Downloads"/>
1494 ```
1495 #### macOS
1496 ```
1497 <dict>
1498 <key>DefaultDownloadDirectory</key>
1499 <string>${home}/Downloads</string>
1500 </dict>
1501 ```
1502 #### policies.json (macOS and Linux)
1503 ```
1504 {
1505 "policies": {
1506 "DefaultDownloadDirectory": "${home}/Downloads"
1507 }
1508 }
1509 ```
1510 #### policies.json (Windows)
1511 ```
1512 {
1513 "policies": {
1514 "DefaultDownloadDirectory": "${home}\\Downloads"
1515 }
1516 }
1517 ```
1518 ### DisableAppUpdate
1519 Turn off application updates within Firefox.
1520
1521 **Compatibility:** Firefox 60, Firefox ESR 60\
1522 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1523 **Preferences Affected:** N/A
1524
1525 #### Windows (GPO)
1526 ```
1527 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1528 ```
1529 #### Windows (Intune)
1530 OMA-URI:
1531 ```
1532 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1533 ```
1534 Value (string):
1535 ```
1536 <enabled/> or <disabled/>
1537 ```
1538 #### macOS
1539 ```
1540 <dict>
1541 <key>DisableAppUpdate</key>
1542 <true/> | <false/>
1543 </dict>
1544 ```
1545 #### policies.json
1546 ```
1547 {
1548 "policies": {
1549 "DisableAppUpdate": true | false
1550 }
1551 }
1552 ```
1553 ### DisableBuiltinPDFViewer
1554 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1555
1556 **Compatibility:** Firefox 60, Firefox ESR 60\
1557 **CCK2 Equivalent:** `disablePDFjs`\
1558 **Preferences Affected:** `pdfjs.disabled`
1559
1560 #### Windows (GPO)
1561 ```
1562 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1563 ```
1564 #### Windows (Intune)
1565 OMA-URI:
1566 ```
1567 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1568 ```
1569 Value (string):
1570 ```
1571 <enabled/> or <disabled/>
1572 ```
1573 #### macOS
1574 ```
1575 <dict>
1576 <key>DisableBuiltinPDFViewer</key>
1577 <true/> | <false/>
1578 </dict>
1579 ```
1580 #### policies.json
1581 ```
1582 {
1583 "policies": {
1584 "DisableBuiltinPDFViewer": true | false
1585 }
1586 }
1587 ```
1588 ### DisabledCiphers
1589 Disable specific cryptographic ciphers, listed below.
1590
1591 ```
1592 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1593 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1594 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1595 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1596 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1597 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1598 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1599 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1600 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1601 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1602 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1603 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1604 TLS_RSA_WITH_AES_128_GCM_SHA256
1605 TLS_RSA_WITH_AES_256_GCM_SHA384
1606 TLS_RSA_WITH_AES_128_CBC_SHA
1607 TLS_RSA_WITH_AES_256_CBC_SHA
1608 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1609 ```
1610
1611 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1612
1613 ---
1614 **Note:**
1615
1616 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1617
1618 ---
1619 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1620 **CCK2 Equivalent:** N/A\
1621 **Preferences Affected:** N/A
1622
1623 #### Windows (GPO)
1624 ```
1625 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1626 ```
1627 #### Windows (Intune)
1628 OMA-URI:
1629 ```
1630 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1631
1632 ```
1633 Value (string):
1634 ```
1635 <enabled/> or <disabled/>
1636 ```
1637 #### macOS
1638 ```
1639 <dict>
1640 <key>DisabledCiphers</key>
1641 <dict>
1642 <key>CIPHER_NAME</key>
1643 <true/> | <false/>
1644 </dict>
1645 </dict>
1646 ```
1647 #### policies.json
1648 ```
1649 {
1650 "policies": {
1651 "DisabledCiphers": {
1652 "CIPHER_NAME": true | false,
1653 }
1654 }
1655 }
1656 ```
1657 ### DisableDefaultBrowserAgent
1658 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1659
1660 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1661
1662 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1663 **CCK2 Equivalent:** N/A\
1664 **Preferences Affected:** N/A
1665
1666 #### Windows (GPO)
1667 ```
1668 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1669 ```
1670 #### Windows (Intune)
1671 OMA-URI:
1672 ```
1673 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1674 ```
1675 Value (string):
1676 ```
1677 <enabled/> or <disabled/>
1678 ```
1679 #### policies.json
1680 ```
1681 {
1682 "policies": {
1683 "DisableDefaultBrowserAgent": true | false
1684 }
1685 }
1686 ```
1687 ### DisableDeveloperTools
1688 Remove access to all developer tools.
1689
1690 **Compatibility:** Firefox 60, Firefox ESR 60\
1691 **CCK2 Equivalent:** `removeDeveloperTools`\
1692 **Preferences Affected:** `devtools.policy.disabled`
1693
1694 #### Windows (GPO)
1695 ```
1696 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1697 ```
1698 #### Windows (Intune)
1699 OMA-URI:
1700 ```
1701 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1702 ```
1703 Value (string):
1704 ```
1705 <enabled/> or <disabled/>
1706 ```
1707 #### macOS
1708 ```
1709 <dict>
1710 <key>DisableDeveloperTools</key>
1711 <true/> | <false/>
1712 </dict>
1713 ```
1714 #### policies.json
1715 ```
1716 {
1717 "policies": {
1718 "DisableDeveloperTools": true | false
1719 }
1720 }
1721 ```
1722 ### DisableFeedbackCommands
1723 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1724
1725 **Compatibility:** Firefox 60, Firefox ESR 60\
1726 **CCK2 Equivalent:** N/A\
1727 **Preferences Affected:** N/A
1728
1729 #### Windows (GPO)
1730 ```
1731 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1732 ```
1733 #### Windows (Intune)
1734 OMA-URI:
1735 ```
1736 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1737 ```
1738 Value (string):
1739 ```
1740 <enabled/> or <disabled/>
1741 ```
1742 #### macOS
1743 ```
1744 <dict>
1745 <key>DisableFeedbackCommands</key>
1746 <true/> | <false/>
1747 </dict>
1748 ```
1749 #### policies.json
1750 ```
1751 {
1752 "policies": {
1753 "DisableFeedbackCommands": true | false
1754 }
1755 }
1756 ```
1757 ### DisableFirefoxAccounts
1758 Disable Firefox Accounts integration (Sync).
1759
1760 **Compatibility:** Firefox 60, Firefox ESR 60\
1761 **CCK2 Equivalent:** `disableSync`\
1762 **Preferences Affected:** `identity.fxaccounts.enabled`
1763
1764 #### Windows (GPO)
1765 ```
1766 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1767 ```
1768 #### Windows (Intune)
1769 OMA-URI:
1770 ```
1771 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1772 ```
1773 Value (string):
1774 ```
1775 <enabled/> or <disabled/>
1776 ```
1777 #### macOS
1778 ```
1779 <dict>
1780 <key>DisableFirefoxAccounts</key>
1781 <true/> | <false/>
1782 </dict>
1783 ```
1784 #### policies.json
1785 ```
1786 {
1787 "policies": {
1788 "DisableFirefoxAccounts": true | false
1789 }
1790 }
1791 ```
1792 ### DisableFirefoxScreenshots
1793 Remove access to Firefox Screenshots.
1794
1795 **Compatibility:** Firefox 60, Firefox ESR 60\
1796 **CCK2 Equivalent:** N/A\
1797 **Preferences Affected:** `extensions.screenshots.disabled`
1798
1799 #### Windows (GPO)
1800 ```
1801 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1802 ```
1803 #### Windows (Intune)
1804 OMA-URI:
1805 ```
1806 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1807 ```
1808 Value (string):
1809 ```
1810 <enabled/> or <disabled/>
1811 ```
1812 #### macOS
1813 ```
1814 <dict>
1815 <key>DisableFirefoxScreenshots</key>
1816 <true/> | <false/>
1817 </dict>
1818 ```
1819 #### policies.json
1820 ```
1821 {
1822 "policies": {
1823 "DisableFirefoxScreenshots": true | false
1824 }
1825 }
1826 ```
1827 ### DisableFirefoxStudies
1828 Disable Firefox studies (Shield).
1829
1830 **Compatibility:** Firefox 60, Firefox ESR 60\
1831 **CCK2 Equivalent:** N/A\
1832 **Preferences Affected:** N/A
1833
1834 #### Windows (GPO)
1835 ```
1836 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1837 ```
1838 #### Windows (Intune)
1839 OMA-URI:
1840 ```
1841 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1842 ```
1843 Value (string):
1844 ```
1845 <enabled/> or <disabled/>
1846 ```
1847 #### macOS
1848 ```
1849 <dict>
1850 <key>DisableFirefoxStudies</key>
1851 <true/> | <false/>
1852 </dict>
1853 ```
1854 #### policies.json
1855 ```
1856 {
1857 "policies": {
1858 "DisableFirefoxStudies": true | false
1859 }
1860 }
1861 ```
1862 ### DisableForgetButton
1863 Disable the "Forget" button.
1864
1865 **Compatibility:** Firefox 60, Firefox ESR 60\
1866 **CCK2 Equivalent:** `disableForget`\
1867 **Preferences Affected:** N/A
1868
1869 #### Windows (GPO)
1870 ```
1871 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1872 ```
1873 #### Windows (Intune)
1874 OMA-URI:
1875 ```
1876 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1877 ```
1878 Value (string):
1879 ```
1880 <enabled/> or <disabled/>
1881 ```
1882 #### macOS
1883 ```
1884 <dict>
1885 <key>DisableForgetButton</key>
1886 <true/> | <false/>
1887 </dict>
1888 ```
1889 #### policies.json
1890 ```
1891 {
1892 "policies": {
1893 "DisableForgetButton": true | false
1894 }
1895 }
1896 ```
1897 ### DisableFormHistory
1898 Turn off saving information on web forms and the search bar.
1899
1900 **Compatibility:** Firefox 60, Firefox ESR 60\
1901 **CCK2 Equivalent:** `disableFormFill`\
1902 **Preferences Affected:** `browser.formfill.enable`
1903
1904 #### Windows (GPO)
1905 ```
1906 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1907 ```
1908 #### Windows (Intune)
1909 OMA-URI:
1910 ```
1911 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1912 ```
1913 Value (string):
1914 ```
1915 <enabled/> or <disabled/>
1916 ```
1917 #### macOS
1918 ```
1919 <dict>
1920 <key>DisableFormHistory</key>
1921 <true/> | <false/>
1922 </dict>
1923 ```
1924 #### policies.json
1925 ```
1926 {
1927 "policies": {
1928 "DisableFormHistory": true | false
1929 }
1930 }
1931 ```
1932 ### DisableMasterPasswordCreation
1933 Remove the master password functionality.
1934
1935 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1936
1937 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1938
1939 **Compatibility:** Firefox 60, Firefox ESR 60\
1940 **CCK2 Equivalent:** `noMasterPassword`\
1941 **Preferences Affected:** N/A
1942
1943 #### Windows (GPO)
1944 ```
1945 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1946 ```
1947 #### Windows (Intune)
1948 OMA-URI:
1949 ```
1950 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1951 ```
1952 Value (string):
1953 ```
1954 <enabled/> or <disabled/>
1955 ```
1956 #### macOS
1957 ```
1958 <dict>
1959 <key>DisableMasterPasswordCreation</key>
1960 <true/> | <false/>
1961 </dict>
1962 ```
1963 #### policies.json
1964 ```
1965 {
1966 "policies": {
1967 "DisableMasterPasswordCreation": true | false
1968 }
1969 }
1970 ```
1971 ### DisablePasswordReveal
1972 Do not allow passwords to be shown in saved logins
1973
1974 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1975 **CCK2 Equivalent:** N/A
1976 **Preferences Affected:** N/A
1977
1978 #### Windows (GPO)
1979 ```
1980 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1981 ```
1982 #### Windows (Intune)
1983 OMA-URI:
1984 ```
1985 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1986 ```
1987 Value (string):
1988 ```
1989 <enabled/> or <disabled/>
1990 ```
1991 #### macOS
1992 ```
1993 <dict>
1994 <key>DisablePasswordReveal</key>
1995 <true/> | <false/>
1996 </dict>
1997 ```
1998 #### policies.json
1999 ```
2000 {
2001 "policies": {
2002 "DisablePasswordReveal": true | false
2003 }
2004 }
2005 ```
2006 ### DisablePocket
2007 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
2008
2009 **Compatibility:** Firefox 60, Firefox ESR 60\
2010 **CCK2 Equivalent:** `disablePocket`\
2011 **Preferences Affected:** `extensions.pocket.enabled`
2012
2013 #### Windows (GPO)
2014 ```
2015 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
2016 ```
2017 #### Windows (Intune)
2018 OMA-URI:
2019 ```
2020 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
2021 ```
2022 Value (string):
2023 ```
2024 <enabled/> or <disabled/>
2025 ```
2026 #### macOS
2027 ```
2028 <dict>
2029 <key>DisablePocket</key>
2030 <true/> | <false/>
2031 </dict>
2032 ```
2033 #### policies.json
2034 ```
2035 {
2036 "policies": {
2037 "DisablePocket": true | false
2038 }
2039 }
2040 ```
2041 ### DisablePrivateBrowsing
2042 Remove access to private browsing.
2043
2044 **Compatibility:** Firefox 60, Firefox ESR 60\
2045 **CCK2 Equivalent:** `disablePrivateBrowsing`\
2046 **Preferences Affected:** N/A
2047
2048 #### Windows (GPO)
2049 ```
2050 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
2051 ```
2052 #### Windows (Intune)
2053 OMA-URI:
2054 ```
2055 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
2056 ```
2057 Value (string):
2058 ```
2059 <enabled/> or <disabled/>
2060 ```
2061 #### macOS
2062 ```
2063 <dict>
2064 <key>DisablePrivateBrowsing</key>
2065 <true/> | <false/>
2066 </dict>
2067 ```
2068 #### policies.json
2069 ```
2070 {
2071 "policies": {
2072 "DisablePrivateBrowsing": true | false
2073 }
2074 }
2075 ```
2076 ### DisableProfileImport
2077 Disables the "Import data from another browser" option in the bookmarks window.
2078
2079 **Compatibility:** Firefox 60, Firefox ESR 60\
2080 **CCK2 Equivalent:** N/A\
2081 **Preferences Affected:** N/A
2082
2083 #### Windows (GPO)
2084 ```
2085 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
2086 ```
2087 #### Windows (Intune)
2088 OMA-URI:
2089 ```
2090 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
2091 ```
2092 Value (string):
2093 ```
2094 <enabled/> or <disabled/>
2095 ```
2096 #### macOS
2097 ```
2098 <dict>
2099 <key>DisableProfileImport</key>
2100 <true/> | <false/>
2101 </dict>
2102 ```
2103 #### policies.json
2104 ```
2105 {
2106 "policies": {
2107 "DisableProfileImport": true | false
2108 }
2109 }
2110 ```
2111 ### DisableProfileRefresh
2112 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
2113
2114 **Compatibility:** Firefox 60, Firefox ESR 60\
2115 **CCK2 Equivalent:** `disableResetFirefox`\
2116 **Preferences Affected:** `browser.disableResetPrompt`
2117
2118 #### Windows (GPO)
2119 ```
2120 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
2121 ```
2122 #### Windows (Intune)
2123 OMA-URI:
2124 ```
2125 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
2126 ```
2127 Value (string):
2128 ```
2129 <enabled/> or <disabled/>
2130 ```
2131 #### macOS
2132 ```
2133 <dict>
2134 <key>DisableProfileRefresh</key>
2135 <true/> | <false/>
2136 </dict>
2137 ```
2138 #### policies.json
2139 ```
2140 {
2141 "policies": {
2142 "DisableProfileRefresh": true | false
2143 }
2144 }
2145 ```
2146 ### DisableSafeMode
2147 Disable safe mode within the browser.
2148
2149 On Windows, this disables safe mode via the command line as well.
2150
2151 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
2152 **CCK2 Equivalent:** `disableSafeMode`\
2153 **Preferences Affected:** N/A
2154
2155 #### Windows (GPO)
2156 ```
2157 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
2158 ```
2159 #### Windows (Intune)
2160 OMA-URI:
2161 ```
2162 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
2163 ```
2164 Value (string):
2165 ```
2166 <enabled/> or <disabled/>
2167 ```
2168 #### macOS
2169 ```
2170 <dict>
2171 <key>DisableSafeMode</key>
2172 <true/> | <false/>
2173 </dict>
2174 ```
2175 #### policies.json
2176 ```
2177 {
2178 "policies": {
2179 "DisableSafeMode": true | false
2180 }
2181 }
2182 ```
2183 ### DisableSecurityBypass
2184 Prevent the user from bypassing security in certain cases.
2185
2186 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
2187
2188 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
2189
2190 These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
2191
2192 **Compatibility:** Firefox 60, Firefox ESR 60\
2193 **CCK2 Equivalent:** N/A\
2194 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
2195
2196 #### Windows (GPO)
2197 ```
2198 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2199 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2200 ```
2201 #### Windows (Intune)
2202 OMA-URI:
2203 ```
2204 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2205 ```
2206 Value (string):
2207 ```
2208 <enabled/> or <disabled/>
2209 ```
2210 OMA-URI:
2211 ```
2212 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2213 ```
2214 Value (string):
2215 ```
2216 <enabled/> or <disabled/>
2217 ```
2218
2219 #### macOS
2220 ```
2221 <dict>
2222 <key>DisableSecurityBypass</key>
2223 <dict>
2224 <key>InvalidCertificate</key>
2225 <true/> | <false/>
2226 <key>SafeBrowsing</key>
2227 <true/> | <false/>
2228 </dict>
2229 </dict>
2230 ```
2231 #### policies.json
2232 ```
2233 {
2234 "policies": {
2235 "DisableSecurityBypass": {
2236 "InvalidCertificate": true | false,
2237 "SafeBrowsing": true | false
2238 }
2239 }
2240 }
2241 ```
2242 ### DisableSetDesktopBackground
2243 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2244
2245 **Compatibility:** Firefox 60, Firefox ESR 60\
2246 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2247 **Preferences Affected:** N/A
2248
2249 #### Windows (GPO)
2250 ```
2251 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2252 ```
2253 #### Windows (Intune)
2254 OMA-URI:
2255 ```
2256 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2257 ```
2258 Value (string):
2259 ```
2260 <enabled/> or <disabled/>
2261 ```
2262 #### macOS
2263 ```
2264 <dict>
2265 <key>DisableSetDesktopBackground</key>
2266 <true/> | <false/>
2267 </dict>
2268 ```
2269 #### policies.json
2270 ```
2271 {
2272 "policies": {
2273 "DisableSetDesktopBackground": true | false
2274 }
2275 }
2276 ```
2277 ### DisableSystemAddonUpdate
2278 Prevent system add-ons from being installed or updated.
2279
2280 **Compatibility:** Firefox 60, Firefox ESR 60\
2281 **CCK2 Equivalent:** N/A\
2282 **Preferences Affected:** N/A
2283
2284 #### Windows (GPO)
2285 ```
2286 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2287 ```
2288 #### Windows (Intune)
2289 OMA-URI:
2290 ```
2291 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2292 ```
2293 Value (string):
2294 ```
2295 <enabled/> or <disabled/>
2296 ```
2297 #### macOS
2298 ```
2299 <dict>
2300 <key>DisableSystemAddonUpdate</key>
2301 <true/> | <false/>
2302 </dict>
2303 ```
2304 #### policies.json
2305 ```
2306 {
2307 "policies": {
2308 "DisableSystemAddonUpdate": true | false
2309 }
2310 }
2311 ```
2312 ### DisableTelemetry
2313 Prevent the upload of telemetry data.
2314
2315 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2316
2317 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2318
2319 **Compatibility:** Firefox 60, Firefox ESR 60\
2320 **CCK2 Equivalent:** `disableTelemetry`\
2321 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2322
2323 #### Windows (GPO)
2324 ```
2325 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2326 ```
2327 #### Windows (Intune)
2328 OMA-URI:
2329 ```
2330 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2331 ```
2332 Value (string):
2333 ```
2334 <enabled/> or <disabled/>
2335 ```
2336 #### macOS
2337 ```
2338 <dict>
2339 <key>DisableTelemetry</key>
2340 <true/> | <false/>
2341 </dict>
2342 ```
2343 #### policies.json
2344 ```
2345 {
2346 "policies": {
2347 "DisableTelemetry": true | false
2348 }
2349 }
2350 ```
2351 ### DisableThirdPartyModuleBlocking
2352 Do not allow blocking third-party modules from the `about:third-party` page.
2353
2354 This policy only works on Windows through GPO (not policies.json).
2355
2356 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2357 **CCK2 Equivalent:** N/A\
2358 **Preferences Affected:** N/A
2359
2360 #### Windows (GPO)
2361 ```
2362 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2363 ```
2364 #### Windows (Intune)
2365 OMA-URI:
2366 ```
2367 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2368 ```
2369 Value (string):
2370 ```
2371 <enabled/> or <disabled/>
2372 ```
2373 ### DisplayBookmarksToolbar
2374 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2375
2376 `always` means the bookmarks toolbar is always shown.
2377
2378 `never` means the bookmarks toolbar is not shown.
2379
2380 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2381
2382 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2383 **CCK2 Equivalent:** N/A\
2384 **Preferences Affected:** N/A
2385
2386 #### Windows (GPO)
2387 ```
2388 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2389 ```
2390 #### Windows (Intune)
2391 OMA-URI:
2392 ```
2393 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2394 ```
2395 Value (string):
2396 ```
2397 <enabled/>
2398 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2399 ```
2400 #### macOS
2401 ```
2402 <dict>
2403 <key>DisplayBookmarksToolbar</key>
2404 <string>always | never | newtab</string>
2405 </dict>
2406 ```
2407 #### policies.json
2408 ```
2409 {
2410 "policies": {
2411 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2412 }
2413 }
2414 ```
2415 ### DisplayMenuBar
2416 Set the state of the menubar.
2417
2418 `always` means the menubar is shown and cannot be hidden.
2419
2420 `never` means the menubar is hidden and cannot be shown.
2421
2422 `default-on` means the menubar is on by default but can be hidden.
2423
2424 `default-off` means the menubar is off by default but can be shown.
2425
2426 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2427 **CCK2 Equivalent:** `displayMenuBar`\
2428 **Preferences Affected:** N/A
2429
2430 #### Windows (GPO)
2431 ```
2432 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2433 ```
2434 #### Windows (Intune)
2435 OMA-URI:
2436 ```
2437 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2438 ```
2439 Value (string):
2440 ```
2441 <enabled/>
2442 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2443 ```
2444 #### macOS
2445 ```
2446 <dict>
2447 <key>DisplayMenuBar</key>
2448 <string>always | never | default-on | default-off</string>
2449 </dict>
2450 ```
2451 #### policies.json
2452 ```
2453 {
2454 "policies": {
2455 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2456 }
2457 }
2458 ```
2459 ### DNSOverHTTPS
2460 Configure DNS over HTTPS.
2461
2462 `Enabled` determines whether DNS over HTTPS is enabled
2463
2464 `ProviderURL` is a URL to another provider.
2465
2466 `Locked` prevents the user from changing DNS over HTTPS preferences.
2467
2468 `ExcludedDomains` excludes domains from DNS over HTTPS.
2469
2470 `Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider.
2471
2472 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\
2473 **CCK2 Equivalent:** N/A\
2474 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2475
2476 #### Windows (GPO)
2477 ```
2478 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2479 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2480 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2481 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2482 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0
2483 ```
2484 #### Windows (Intune)
2485 OMA-URI:
2486 ```
2487 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2488 ```
2489 Value (string):
2490 ```
2491 <enabled/> or <disabled/>
2492 ```
2493 OMA-URI:
2494 ```
2495 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2496 ```
2497 Value (string):
2498 ```
2499 <enabled/>
2500 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2501 ```
2502 OMA-URI:
2503 ```
2504 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2505 ```
2506 Value (string):
2507 ```
2508 <enabled/> or <disabled/>
2509 ```
2510 OMA-URI:
2511 ```
2512 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2513 ```
2514 Value (string):
2515 ```
2516 <enabled/>
2517 <data id="List" value="1&#xF000;example.com"/>
2518 ```
2519 OMA-URI:
2520 ```
2521 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback
2522 ```
2523 Value (string):
2524 ```
2525 <enabled/> or <disabled/>
2526 ```
2527 #### macOS
2528 ```
2529 <dict>
2530 <key>DNSOverHTTPS</key>
2531 <dict>
2532 <key>Enabled</key>
2533 <true/> | <false/>
2534 <key>ProviderURL</key>
2535 <string>URL_TO_ALTERNATE_PROVIDER</string>
2536 <key>Locked</key>
2537 <true/> | <false/>
2538 <key>ExcludedDomains</key>
2539 <array>
2540 <string>example.com</string>
2541 </array>
2542 <key>Fallback</key>
2543 <true/> | <false/>
2544 </dict>
2545 </dict>
2546 ```
2547 #### policies.json
2548 ```
2549 {
2550 "policies": {
2551 "DNSOverHTTPS": {
2552 "Enabled": true | false,
2553 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2554 "Locked": true | false,
2555 "ExcludedDomains": ["example.com"],
2556 "Fallback": true | false,
2557 }
2558 }
2559 }
2560 ```
2561 ### DontCheckDefaultBrowser
2562 Don't check if Firefox is the default browser at startup.
2563
2564 **Compatibility:** Firefox 60, Firefox ESR 60\
2565 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2566 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2567
2568 #### Windows (GPO)
2569 ```
2570 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2571 ```
2572 #### Windows (Intune)
2573 OMA-URI:
2574 ```
2575 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2576 ```
2577 Value (string):
2578 ```
2579 <enabled/> or <disabled/>
2580 ```
2581 #### macOS
2582 ```
2583 <dict>
2584 <key>DontCheckDefaultBrowser</key>
2585 <true/> | <false/>
2586 </dict>
2587 ```
2588 #### policies.json
2589 ```
2590 {
2591 "policies": {
2592 "DontCheckDefaultBrowser": true | false
2593 }
2594 }
2595 ```
2596 ### DownloadDirectory
2597 Set and lock the download directory.
2598
2599 You can use ${home} for the native home directory.
2600
2601 **Compatibility:** Firefox 68, Firefox ESR 68\
2602 **CCK2 Equivalent:** N/A\
2603 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2604
2605 #### Windows (GPO)
2606 ```
2607 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2608 ```
2609 #### Windows (Intune)
2610 OMA-URI:
2611 ```
2612 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2613 ```
2614 Value (string):
2615 ```
2616 <enabled/>
2617 <data id="Preferences_String" value="${home}\Downloads"/>
2618 ```
2619 #### macOS
2620 ```
2621 <dict>
2622 <key>DownloadDirectory</key>
2623 <string>${home}/Downloads</string>
2624 </dict>
2625 ```
2626 #### policies.json (macOS and Linux)
2627 ```
2628 {
2629 "policies": {
2630 "DownloadDirectory": "${home}/Downloads"
2631 }
2632 ```
2633 #### policies.json (Windows)
2634 ```
2635 {
2636 "policies": {
2637 "DownloadDirectory": "${home}\\Downloads"
2638 }
2639 ```
2640 ### EnableTrackingProtection
2641 Configure tracking protection.
2642
2643 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2644
2645 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2646
2647 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2648
2649 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2650
2651 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2652
2653 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2654
2655 `Exceptions` are origins for which tracking protection is not enabled.
2656
2657 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2658 **CCK2 Equivalent:** N/A\
2659 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2660
2661 #### Windows (GPO)
2662 ```
2663 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2664 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2665 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2666 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2667 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2668 ```
2669 #### Windows (Intune)
2670 OMA-URI:
2671 ```
2672 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2673 ```
2674 Value (string):
2675 ```
2676 <enabled/> or <disabled/>
2677 ```
2678 OMA-URI:
2679 ```
2680 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2681 ```
2682 Value (string):
2683 ```
2684 <enabled/> or <disabled/>
2685 ```
2686 OMA-URI:
2687 ```
2688 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2689 ```
2690 Value (string):
2691 ```
2692 <enabled/> or <disabled/>
2693 ```
2694 OMA-URI:
2695 ```
2696 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2697 ```
2698 Value (string):
2699 ```
2700 <enabled/>
2701 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2702 ```
2703 OMA-URI:
2704 ```
2705 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2706 ```
2707 Value (string):
2708 ```
2709 <enabled/> or <disabled/>
2710 ```
2711 #### macOS
2712 ```
2713 <dict>
2714 <key>EnableTrackingProtection</key>
2715 <dict>
2716 <key>Value</key>
2717 <true/> | <false/>
2718 <key>Locked</key>
2719 <true/> | <false/>
2720 <key>Cryptomining</key>
2721 <true/> | <false/>
2722 <key>Fingerprinting</key>
2723 <true/> | <false/>
2724 <key>Exceptions</key>
2725 <array>
2726 <string>https://example.com</string>
2727 </array>
2728 </dict>
2729 </dict>
2730 ```
2731 #### policies.json
2732 ```
2733 {
2734 "policies": {
2735 "EnableTrackingProtection": {
2736 "Value": true | false,
2737 "Locked": true | false,
2738 "Cryptomining": true | false,
2739 "Fingerprinting": true | false,
2740 "Exceptions": ["https://example.com"]
2741 }
2742 }
2743 }
2744 ```
2745 ### EncryptedMediaExtensions
2746 Enable or disable Encrypted Media Extensions and optionally lock it.
2747
2748 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2749
2750 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2751
2752 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2753 **CCK2 Equivalent:** N/A\
2754 **Preferences Affected:** `media.eme.enabled`
2755
2756 #### Windows (GPO)
2757 ```
2758 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2759 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2760 ```
2761 #### Windows (Intune)
2762 OMA-URI:
2763 ```
2764 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2765 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2766 ```
2767 Value (string):
2768 ```
2769 <enabled/>or <disabled/>
2770 ```
2771 #### macOS
2772 ```
2773 <dict>
2774 <key>EncryptedMediaExtensions</key>
2775 <dict>
2776 <key>Enabled</key>
2777 <true/> | <false/>
2778 <key>Locked</key>
2779 <true/> | <false/>
2780 </dict>
2781 </dict>
2782 ```
2783 #### policies.json
2784 ```
2785 {
2786 "policies": {
2787 "EncryptedMediaExtensions": {
2788 "Enabled": true | false,
2789 "Locked": true | false
2790 }
2791 }
2792 }
2793 ```
2794 ### EnterprisePoliciesEnabled
2795 Enable policy support on macOS.
2796
2797 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2798 **CCK2 Equivalent:** N/A\
2799 **Preferences Affected:** N/A
2800
2801 #### macOS
2802 ```
2803 <dict>
2804 <key>EnterprisePoliciesEnabled</key>
2805 <true/>
2806 </dict>
2807 ```
2808 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2809
2810 Disable warnings based on file extension for specific file types on domains.
2811
2812 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2813
2814 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2815
2816 **Compatibility:** Firefox 102\
2817 **CCK2 Equivalent:** N/A\
2818 **Preferences Affected:** N/A
2819
2820 #### Windows (GPO)
2821 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2822 ```
2823 [
2824 {
2825 "file_extension": "jnlp",
2826 "domains": ["example.com"]
2827 }
2828 ]
2829 ```
2830 #### Windows (Intune)
2831 OMA-URI:
2832 ```
2833 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2834 ```
2835 Value (string):
2836 ```
2837 <enabled/>
2838 <data id="JSON" value='
2839 [
2840 {
2841 "file_extension": "jnlp",
2842 "domains": ["example.com"]
2843 }
2844 ]
2845 '/>
2846 ```
2847 #### macOS
2848 ```
2849 <dict>
2850 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2851 <array>
2852 <dict>
2853 <key>file_extension</key>
2854 <string>jnlp</string>
2855 <key>domains</key>
2856 <array>
2857 <string>example.com</string>
2858 </array>
2859 </dict>
2860 </array>
2861 </dict>
2862 ```
2863 #### policies.json
2864 ```
2865 {
2866 "policies": {
2867 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2868 "file_extension": "jnlp",
2869 "domains": ["example.com"]
2870 }]
2871 }
2872 }
2873 ```
2874 ### Extensions
2875 Control the installation, uninstallation and locking of extensions.
2876
2877 We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2878
2879 This method will be deprecated in the near future.
2880
2881 `Install` is a list of URLs or native paths for extensions to be installed.
2882
2883 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2884
2885 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2886
2887 **Compatibility:** Firefox 60, Firefox ESR 60\
2888 **CCK2 Equivalent:** `addons`\
2889 **Preferences Affected:** N/A
2890
2891 #### Windows (GPO)
2892 ```
2893 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2894 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2895 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2896 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2897 ```
2898 #### Windows (Intune)
2899 OMA-URI:
2900 ```
2901 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2902 ```
2903 Value (string):
2904 ```
2905 <enabled/>
2906 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2907 ```
2908 OMA-URI:
2909 ```
2910 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2911 ```
2912 Value (string):
2913 ```
2914 <enabled/>
2915 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2916 ```
2917 OMA-URI:
2918 ```
2919 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2920 ```
2921 Value (string):
2922 ```
2923 <enabled/>
2924 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2925 ```
2926 #### macOS
2927 ```
2928 <dict>
2929 <key>Extensions</key>
2930 <dict>
2931 <key>Install</key>
2932 <array>
2933 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2934 <string>//path/to/xpi</string>
2935 </array>
2936 <key>Uninstall</key>
2937 <array>
2938 <string>bad_addon_id@mozilla.org</string>
2939 </array>
2940 <key>Locked</key>
2941 <array>
2942 <string>addon_id@mozilla.org</string>
2943 </array>
2944 </dict>
2945 </dict>
2946 ```
2947 #### policies.json
2948 ```
2949 {
2950 "policies": {
2951 "Extensions": {
2952 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2953 "Uninstall": ["bad_addon_id@mozilla.org"],
2954 "Locked": ["addon_id@mozilla.org"]
2955 }
2956 }
2957 }
2958 ```
2959 ### ExtensionSettings
2960 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2961
2962 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2963
2964 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2965
2966 The configuration for each extension is another dictionary that can contain the fields documented below.
2967
2968 | Name | Description |
2969 | --- | --- |
2970 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2971 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2972 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2973 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2974 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2975 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2976 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2977 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2978 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2979 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2980 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2981 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2982
2983 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2984 **CCK2 Equivalent:** N/A\
2985 **Preferences Affected:** N/A
2986
2987 #### Windows (GPO)
2988 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2989 ```
2990 {
2991 "*": {
2992 "blocked_install_message": "Custom error message.",
2993 "install_sources": ["https://yourwebsite.com/*"],
2994 "installation_mode": "blocked",
2995 "allowed_types": ["extension"]
2996 },
2997 "uBlock0@raymondhill.net": {
2998 "installation_mode": "force_installed",
2999 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
3000 },
3001 "https-everywhere@eff.org": {
3002 "installation_mode": "allowed",
3003 "updates_disabled": false
3004 }
3005 }
3006 ```
3007 #### Windows (Intune)
3008 OMA-URI:
3009 ```
3010 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
3011 ```
3012 Value (string):
3013 ```
3014 <enabled/>
3015 <data id="ExtensionSettings" value='
3016 {
3017 "*": {
3018 "blocked_install_message": "Custom error message.",
3019 "install_sources": ["https://yourwebsite.com/*"],
3020 "installation_mode": "blocked",
3021 "allowed_types": ["extension"]
3022 },
3023 "uBlock0@raymondhill.net": {
3024 "installation_mode": "force_installed",
3025 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
3026 },
3027 "https-everywhere@eff.org": {
3028 "installation_mode": "allowed",
3029 "updates_disabled": false
3030 }
3031 }'/>
3032 ```
3033 #### macOS
3034 ```
3035 <dict>
3036 <key>ExtensionSettings</key>
3037 <dict>
3038 <key>*</key>
3039 <dict>
3040 <key>blocked_install_message</key>
3041 <string>Custom error message.</string>
3042 <key>install_sources</key>
3043 <array>
3044 <string>"https://yourwebsite.com/*"</string>
3045 </array>
3046 <key>installation_mode</key>
3047 <string>blocked</string>
3048 <key>allowed_types</key>
3049 <array>
3050 <string>extension</string>
3051 </array>
3052 </dict>
3053 <key>uBlock0@raymondhill.net</key>
3054 <dict>
3055 <key>installation_mode</key>
3056 <string>force_installed</string>
3057 <key>install_url</key>
3058 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
3059 </dict>
3060 <key>https-everywhere@eff.org</key>
3061 <dict>
3062 <key>installation_mode</key>
3063 <string>allowed</string>
3064 <key>updates_disabled</key>
3065 <true/> | <false/>
3066 </dict>
3067 </dict>
3068 </dict>
3069 ```
3070 #### policies.json
3071 ```
3072 {
3073 "policies": {
3074 "ExtensionSettings": {
3075 "*": {
3076 "blocked_install_message": "Custom error message.",
3077 "install_sources": ["https://yourwebsite.com/*"],
3078 "installation_mode": "blocked",
3079 "allowed_types": ["extension"]
3080 },
3081 "uBlock0@raymondhill.net": {
3082 "installation_mode": "force_installed",
3083 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
3084 },
3085 "https-everywhere@eff.org": {
3086 "installation_mode": "allowed",
3087 "updates_disabled": false
3088 }
3089 }
3090 }
3091 }
3092 ```
3093 ### ExtensionUpdate
3094 Control extension updates.
3095
3096 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3097 **CCK2 Equivalent:** N/A\
3098 **Preferences Affected:** `extensions.update.enabled`
3099
3100 #### Windows (GPO)
3101 ```
3102 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
3103 ```
3104 #### Windows (Intune)
3105 OMA-URI:
3106 ```
3107 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
3108 ```
3109 Value (string):
3110 ```
3111 <enabled/> or <disabled/>
3112 ```
3113 #### macOS
3114 ```
3115 <dict>
3116 <key>ExtensionUpdate</key>
3117 <true/> | <false/>
3118 </dict>
3119 ```
3120 #### policies.json
3121 ```
3122 {
3123 "policies": {
3124 "ExtensionUpdate": true | false
3125 }
3126 }
3127 ```
3128 ### FirefoxHome
3129 Customize the Firefox Home page.
3130
3131 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
3132 **CCK2 Equivalent:** N/A\
3133 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
3134
3135 #### Windows (GPO)
3136 ```
3137 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
3138 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
3139 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
3140 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
3141 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
3142 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
3143 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
3144 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
3145 ```
3146 #### Windows (Intune)
3147 OMA-URI:
3148 ```
3149 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
3150 ```
3151 Value (string):
3152 ```
3153 <enabled/>
3154 <data id="FirefoxHome_Search" value="true | false"/>
3155 <data id="FirefoxHome_TopSites" value="true | false"/>
3156 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3157 <data id="FirefoxHome_Highlights" value="true | false"/>
3158 <data id="FirefoxHome_Pocket" value="true | false"/>
3159 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3160 <data id="FirefoxHome_Snippets" value="true | false"/>
3161 <data id="FirefoxHome_Locked" value="true | false"/>
3162 ```
3163 #### macOS
3164 ```
3165 <dict>
3166 <key>FirefoxHome</key>
3167 <dict>
3168 <key>Search</key>
3169 <true/> | <false/>
3170 <key>TopSites</key>
3171 <true/> | <false/>
3172 <key>SponsoredTopSites</key>
3173 <true/> | <false/>
3174 <key>Highlights</key>
3175 <true/> | <false/>
3176 <key>Pocket</key>
3177 <true/> | <false/>
3178 <key>SponsoredPocket</key>
3179 <true/> | <false/>
3180 <key>Snippets</key>
3181 <true/> | <false/>
3182 <key>Locked</key>
3183 <true/> | <false/>
3184 </dict>
3185 </dict>
3186 ```
3187 #### policies.json
3188 ```
3189 {
3190 "policies": {
3191 "FirefoxHome": {
3192 "Search": true | false,
3193 "TopSites": true | false,
3194 "SponsoredTopSites": true | false,
3195 "Highlights": true | false,
3196 "Pocket": true | false,
3197 "SponsoredPocket": true | false,
3198 "Snippets": true | false,
3199 "Locked": true | false
3200 }
3201 }
3202 }
3203 ```
3204 ### FirefoxSuggest
3205 Customize Firefox Suggest (US only).
3206
3207 **Compatibility:** Firefox 118, Firefox ESR 115.3.
3208 **CCK2 Equivalent:** N/A\
3209 **Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
3210
3211 #### Windows (GPO)
3212 ```
3213 Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
3214 Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
3215 Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
3216 Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
3217 ```
3218 #### Windows (Intune)
3219 OMA-URI:
3220 ```
3221 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
3222 ```
3223 Value (string):
3224 ```
3225 <enabled/> or <disabled/>
3226 ```
3227 OMA-URI:
3228 ```
3229 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
3230 ```
3231 Value (string):
3232 ```
3233 <enabled/> or <disabled/>
3234 ```
3235 OMA-URI:
3236 ```
3237 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
3238 ```
3239 Value (string):
3240 ```
3241 <enabled/> or <disabled/>
3242 ```
3243 OMA-URI:
3244 ```
3245 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
3246 ```
3247 Value (string):
3248 ```
3249 <enabled/> or <disabled/>
3250 ```
3251 #### macOS
3252 ```
3253 <dict>
3254 <key>FirefoxSuggest</key>
3255 <dict>
3256 <key>WebSuggestions</key>
3257 <true/> | <false/>
3258 <key>SponsoredSuggestions</key>
3259 <true/> | <false/>
3260 <key>ImproveSuggest</key>
3261 <true/> | <false/>
3262 <key>Locked</key>
3263 <true/> | <false/>
3264 </dict>
3265 </dict>
3266 ```
3267 #### policies.json
3268 ```
3269 {
3270 "policies": {
3271 "FirefoxSuggest": {
3272 "WebSuggestions": true | false,
3273 "SponsoredSuggestions": true | false,
3274 "ImproveSuggest": true | false,
3275 "Locked": true | false
3276 }
3277 }
3278 }
3279 ```
3280 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3281 Whether to always go through the DNS server before sending a single word search string to a search engine.
3282
3283 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3284
3285 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3286
3287 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3288
3289 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3290
3291 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3292
3293 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3294 **CCK2 Equivalent:** `N/A`\
3295 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3296
3297 #### Windows (GPO)
3298 ```
3299 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3300 ```
3301 #### Windows (Intune)
3302 OMA-URI:
3303 ```
3304 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3305 ```
3306 Value (string):
3307 ```
3308 <enabled/> or <disabled/>
3309 ```
3310 #### macOS
3311 ```
3312 <dict>
3313 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3314 <true/> | <false/>
3315 </dict>
3316 ```
3317 #### policies.json
3318 ```
3319 {
3320 "policies": {
3321 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3322 }
3323 }
3324 ```
3325 ### Handlers
3326 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3327
3328 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3329
3330 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3331
3332 | Name | Description |
3333 | --- | --- |
3334 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3335 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3336 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3337 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3338 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3339 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3340
3341 **Compatibility:** Firefox 78, Firefox ESR 78\
3342 **CCK2 Equivalent:** N/A\
3343 **Preferences Affected:** N/A
3344
3345 #### Windows (GPO)
3346 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3347 ```
3348 {
3349 "mimeTypes": {
3350 "application/msword": {
3351 "action": "useSystemDefault",
3352 "ask": true | false
3353 }
3354 },
3355 "schemes": {
3356 "mailto": {
3357 "action": "useHelperApp",
3358 "ask": true | false,
3359 "handlers": [{
3360 "name": "Gmail",
3361 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3362 }]
3363 }
3364 },
3365 "extensions": {
3366 "pdf": {
3367 "action": "useHelperApp",
3368 "ask": true | false,
3369 "handlers": [{
3370 "name": "Adobe Acrobat",
3371 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3372 }]
3373 }
3374 }
3375 }
3376 ```
3377 #### Windows (Intune)
3378 OMA-URI:
3379 ```
3380 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3381 ```
3382 Value (string):
3383 ```
3384 <enabled/>
3385 <data id="Handlers" value='
3386 {
3387 "mimeTypes": {
3388 "application/msword": {
3389 "action": "useSystemDefault",
3390 "ask": true | false
3391 }
3392 },
3393 "schemes": {
3394 "mailto": {
3395 "action": "useHelperApp",
3396 "ask": true | false,
3397 "handlers": [{
3398 "name": "Gmail",
3399 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3400 }]
3401 }
3402 },
3403 "extensions": {
3404 "pdf": {
3405 "action": "useHelperApp",
3406 "ask": true | false,
3407 "handlers": [{
3408 "name": "Adobe Acrobat",
3409 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3410 }]
3411 }
3412 }
3413 }
3414 '/>
3415 ```
3416 #### macOS
3417 ```
3418 <dict>
3419 <key>Handlers</key>
3420 <dict>
3421 <key>mimeTypes</key>
3422 <dict>
3423 <key>application/msword</key>
3424 <dict>
3425 <key>action</key>
3426 <string>useSystemDefault</string>
3427 <key>ask</key>
3428 <true/> | <false/>
3429 </dict>
3430 </dict>
3431 <key>schemes</key>
3432 <dict>
3433 <key>mailto</key>
3434 <dict>
3435 <key>action</key>
3436 <string>useHelperApp</string>
3437 <key>ask</key>
3438 <true/> | <false/>
3439 <key>handlers</key>
3440 <array>
3441 <dict>
3442 <key>name</key>
3443 <string>Gmail</string>
3444 <key>uriTemplate</key>
3445 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3446 </dict>
3447 </array>
3448 </dict>
3449 </dict>
3450 <key>extensions</key>
3451 <dict>
3452 <key>pdf</key>
3453 <dict>
3454 <key>action</key>
3455 <string>useHelperApp</string>
3456 <key>ask</key>
3457 <true/> | <false/>
3458 <key>handlers</key>
3459 <array>
3460 <dict>
3461 <key>name</key>
3462 <string>Adobe Acrobat</string>
3463 <key>path</key>
3464 <string>/System/Applications/Preview.app</string>
3465 </dict>
3466 </array>
3467 </dict>
3468 </dict>
3469 </dict>
3470 </dict>
3471 ```
3472 #### policies.json
3473 ```
3474 {
3475 "policies": {
3476 "Handlers": {
3477 "mimeTypes": {
3478 "application/msword": {
3479 "action": "useSystemDefault",
3480 "ask": false
3481 }
3482 },
3483 "schemes": {
3484 "mailto": {
3485 "action": "useHelperApp",
3486 "ask": true | false,
3487 "handlers": [{
3488 "name": "Gmail",
3489 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3490 }]
3491 }
3492 },
3493 "extensions": {
3494 "pdf": {
3495 "action": "useHelperApp",
3496 "ask": true | false,
3497 "handlers": [{
3498 "name": "Adobe Acrobat",
3499 "path": "/usr/bin/acroread"
3500 }]
3501 }
3502 }
3503 }
3504 }
3505 }
3506 ```
3507 ### HardwareAcceleration
3508 Control hardware acceleration.
3509
3510 **Compatibility:** Firefox 60, Firefox ESR 60\
3511 **CCK2 Equivalent:** N/A\
3512 **Preferences Affected:** `layers.acceleration.disabled`
3513
3514 #### Windows (GPO)
3515 ```
3516 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3517 ```
3518 #### Windows (Intune)
3519 OMA-URI:
3520 ```
3521 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3522 ```
3523 Value (string):
3524 ```
3525 <enabled/> or <disabled/>
3526 ```
3527 #### macOS
3528 ```
3529 <dict>
3530 <key>HardwareAcceleration</key>
3531 <true/> | <false/>
3532 </dict>
3533 ```
3534 #### policies.json
3535 ```
3536 {
3537 "policies": {
3538 "HardwareAcceleration": true | false
3539 }
3540 }
3541 ```
3542 ### Homepage
3543 Configure the default homepage and how Firefox starts.
3544
3545 `URL` is the default homepage.
3546
3547 `Locked` prevents the user from changing homepage preferences.
3548
3549 `Additional` allows for more than one homepage.
3550
3551 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3552
3553 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3554
3555 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3556 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3557 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3558
3559 #### Windows (GPO)
3560 ```
3561 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3562 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3563 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3564 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3565 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3566 ```
3567 #### Windows (Intune)
3568 OMA-URI:
3569 ```
3570 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3571 ```
3572 Value (string):
3573 ```
3574 <enabled/>
3575
3576 <data id="HomepageURL" value="https://example.com"/>
3577 <data id="HomepageLocked" value="true | false"/>
3578 ```
3579 OMA-URI:
3580 ```
3581 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3582 ```
3583 Value (string):
3584 ```
3585 <enabled/>
3586
3587 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3588 ```
3589 OMA-URI:
3590 ```
3591 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3592 ```
3593 Value (string):
3594 ```
3595 <enabled/>
3596
3597 <data id="StartPage" value="none | homepage | previous-session"/>
3598 ```
3599 #### macOS
3600 ```
3601 <dict>
3602 <key>Homepage</key>
3603 <dict>
3604 <key>URL</key>
3605 <string>http://example.com</string>
3606 <key>Locked</key>
3607 <true/> | <false/>
3608 <key>Additional</key>
3609 <array>
3610 <string>http://example.org</string>
3611 <string>http://example.edu</string>
3612 </array>
3613 <key>StartPage</key>
3614 <string>none | homepage | previous-session | homepage-locked</string>
3615 </dict>
3616 </dict>
3617 ```
3618 #### policies.json
3619 ```
3620 {
3621 "policies": {
3622 "Homepage": {
3623 "URL": "http://example.com/",
3624 "Locked": true | false,
3625 "Additional": ["http://example.org/",
3626 "http://example.edu/"],
3627 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3628 }
3629 }
3630 }
3631 ```
3632 ### InstallAddonsPermission
3633 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3634
3635 `Allow` is a list of origins where extension installs are allowed.
3636
3637 `Default` determines whether or not extension installs are allowed by default.
3638
3639 **Compatibility:** Firefox 60, Firefox ESR 60\
3640 **CCK2 Equivalent:** `permissions.install`\
3641 **Preferences Affected:** `xpinstall.enabled`
3642
3643 #### Windows (GPO)
3644 ```
3645 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3646 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3647 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3648 ```
3649 #### Windows (Intune)
3650 OMA-URI:
3651 ```
3652 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3653 ```
3654 Value (string):
3655 ```
3656 <enabled/>
3657 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3658 ```
3659 OMA-URI:
3660 ```
3661 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3662 ```
3663 Value (string):
3664 ```
3665 <enabled/>
3666 ```
3667 #### macOS
3668 ```
3669 <dict>
3670 <key>InstallAddonsPermission</key>
3671 <dict>
3672 <key>Allow</key>
3673 <array>
3674 <string>http://example.org</string>
3675 <string>http://example.edu</string>
3676 </array>
3677 <key>Default</key>
3678 <true/> | <false/>
3679 </dict>
3680 </dict>
3681 ```
3682 #### policies.json
3683 ```
3684 {
3685 "policies": {
3686 "InstallAddonsPermission": {
3687 "Allow": ["http://example.org/",
3688 "http://example.edu/"],
3689 "Default": true | false
3690 }
3691 }
3692 }
3693 ```
3694 ### LegacyProfiles
3695 Disable the feature enforcing a separate profile for each installation.
3696
3697 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3698
3699 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3700
3701 This policy only work on Windows via GPO (not policies.json).
3702
3703 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3704 **CCK2 Equivalent:** N/A\
3705 **Preferences Affected:** N/A
3706
3707 #### Windows (GPO)
3708 ```
3709 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3710 ```
3711 #### Windows (Intune)
3712 OMA-URI:
3713 ```
3714 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3715 ```
3716 Value (string):
3717 ```
3718 <enabled/> or <disabled/>
3719 ```
3720 ### LegacySameSiteCookieBehaviorEnabled
3721 Enable default legacy SameSite cookie behavior setting.
3722
3723 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3724
3725 **Compatibility:** Firefox 96\
3726 **CCK2 Equivalent:** N/A\
3727 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3728
3729 #### Windows (GPO)
3730 ```
3731 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3732 ```
3733 #### Windows (Intune)
3734 OMA-URI:
3735 ```
3736 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3737 ```
3738 Value (string):
3739 ```
3740 <enabled/> or <disabled/>
3741 ```
3742 #### macOS
3743 ```
3744 <dict>
3745 <key>LegacySameSiteCookieBehaviorEnabled</key>
3746 <true/> | <false/>
3747 </dict>
3748 ```
3749 #### policies.json
3750 ```
3751 {
3752 "policies": {
3753 "LegacySameSiteCookieBehaviorEnabled": true | false
3754 }
3755 ```
3756 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3757 Revert to legacy SameSite behavior for cookies on specified sites.
3758
3759 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3760
3761 **Compatibility:** Firefox 96\
3762 **CCK2 Equivalent:** N/A\
3763 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3764
3765 #### Windows (GPO)
3766 ```
3767 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3768 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3769 ```
3770 #### Windows (Intune)
3771 OMA-URI:
3772 ```
3773 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3774 ```
3775 Value (string):
3776 ```
3777 <enabled/>
3778 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3779 ```
3780 #### macOS
3781 ```
3782 <dict>
3783 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3784 <array>
3785 <string>example.org</string>
3786 <string>example.edu</string>
3787 </array>
3788 </dict>
3789 ```
3790 #### policies.json
3791 ```
3792 {
3793 "policies": {
3794 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3795 "example.edu"]
3796 }
3797 }
3798 ```
3799 ### LocalFileLinks
3800 Enable linking to local files by origin.
3801
3802 **Compatibility:** Firefox 68, Firefox ESR 68\
3803 **CCK2 Equivalent:** N/A\
3804 **Preferences Affected:** `capability.policy.localfilelinks.*`
3805
3806 #### Windows (GPO)
3807 ```
3808 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3809 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3810 ```
3811 #### Windows (Intune)
3812 OMA-URI:
3813 ```
3814 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3815 ```
3816 Value (string):
3817 ```
3818 <enabled/>
3819 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3820 ```
3821 #### macOS
3822 ```
3823 <dict>
3824 <key>LocalFileLinks</key>
3825 <array>
3826 <string>http://example.org</string>
3827 <string>http://example.edu</string>
3828 </array>
3829 </dict>
3830 ```
3831 #### policies.json
3832 ```
3833 {
3834 "policies": {
3835 "LocalFileLinks": ["http://example.org/",
3836 "http://example.edu/"]
3837 }
3838 }
3839 ```
3840 ### ManagedBookmarks
3841 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3842
3843 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3844
3845 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3846 ```
3847 {
3848 "items": {
3849 "id": "BookmarkType",
3850 "properties": {
3851 "children": {
3852 "items": {
3853 "$ref": "BookmarkType"
3854 },
3855 "type": "array"
3856 },
3857 "name": {
3858 "type": "string"
3859 },
3860 "toplevel_name": {
3861 "type": "string"
3862 },
3863 "url": {
3864 "type": "string"
3865 }
3866 },
3867 "type": "object"
3868 },
3869 "type": "array"
3870 }
3871 ```
3872 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3873 **CCK2 Equivalent:** N/A\
3874 **Preferences Affected:** N/A
3875
3876 #### Windows (GPO)
3877 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3878 ```
3879 [
3880 {
3881 "toplevel_name": "My managed bookmarks folder"
3882 },
3883 {
3884 "url": "example.com",
3885 "name": "Example"
3886 },
3887 {
3888 "name": "Mozilla links",
3889 "children": [
3890 {
3891 "url": "https://mozilla.org",
3892 "name": "Mozilla.org"
3893 },
3894 {
3895 "url": "https://support.mozilla.org/",
3896 "name": "SUMO"
3897 }
3898 ]
3899 }
3900 ]
3901 ```
3902 #### Windows (Intune)
3903 OMA-URI:
3904 ```
3905 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3906 ```
3907 Value (string):
3908 ```
3909 <enabled/>
3910 <data id="JSON" value='
3911 [
3912 {
3913 "toplevel_name": "My managed bookmarks folder"
3914 },
3915 {
3916 "url": "example.com",
3917 "name": "Example"
3918 },
3919 {
3920 "name": "Mozilla links",
3921 "children": [
3922 {
3923 "url": "https://mozilla.org",
3924 "name": "Mozilla.org"
3925 },
3926 {
3927 "url": "https://support.mozilla.org/",
3928 "name": "SUMO"
3929 }
3930 ]
3931 }
3932 ]'/>
3933 ```
3934 #### macOS
3935 ```
3936 <dict>
3937 <key>ManagedBookmarks</key>
3938 <array>
3939 <dict>
3940 <key>toplevel_name</key>
3941 <string>My managed bookmarks folder</string>
3942 <dict>
3943 <key>url</key>
3944 <string>example.com</string>
3945 <key>name</key>
3946 <string>Example</string>
3947 </dict>
3948 <dict>
3949 <key>name</key>
3950 <string>Mozilla links</string>
3951 <key>children</key>
3952 <array>
3953 <dict>
3954 <key>url</key>
3955 <string>https://mozilla.org</string>
3956 <key>name</key>
3957 <string>Mozilla</string>
3958 </dict>
3959 <dict>
3960 <key>url</key>
3961 <string>https://support.mozilla.org/</string>
3962 <key>name</key>
3963 <string>SUMO</string>
3964 </dict>
3965 </array>
3966 </dict>
3967 </array>
3968 </dict>
3969 ```
3970 #### policies.json
3971 ```
3972 {
3973 "policies": {
3974 "ManagedBookmarks": [
3975 {
3976 "toplevel_name": "My managed bookmarks folder"
3977 },
3978 {
3979 "url": "example.com",
3980 "name": "Example"
3981 },
3982 {
3983 "name": "Mozilla links",
3984 "children": [
3985 {
3986 "url": "https://mozilla.org",
3987 "name": "Mozilla.org"
3988 },
3989 {
3990 "url": "https://support.mozilla.org/",
3991 "name": "SUMO"
3992 }
3993 ]
3994 }
3995 ]
3996 }
3997 }
3998 ```
3999 ### ManualAppUpdateOnly
4000
4001 Switch to manual updates only.
4002
4003 If this policy is enabled:
4004 1. The user will never be prompted to install updates
4005 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
4006 3. The update UI will work as expected, unlike when using DisableAppUpdate.
4007
4008 This policy is primarily intended for advanced end users, not for enterprises, but it is available via GPO.
4009
4010 **Compatibility:** Firefox 87\
4011 **CCK2 Equivalent:** N/A\
4012 **Preferences Affected:** N/A
4013
4014 #### Windows (GPO)
4015 ```
4016 Software\Policies\Mozilla\Firefox\ManualAppUpdateOnly = 0x1 | 0x0
4017 ```
4018 #### Windows (Intune)
4019 OMA-URI:
4020 ```
4021 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManualAppUpdateOnly
4022 ```
4023 Value (string):
4024 ```
4025 <enabled/> or <disabled/>
4026 ```
4027 #### macOS
4028 ```
4029 <dict>
4030 <key>ManualAppUpdateOnly</key>
4031 <true/> | <false/>
4032 </dict>
4033 ```
4034 #### policies.json
4035 ```
4036 {
4037 "policies": {
4038 "ManualAppUpdateOnly": true | false
4039 }
4040 }
4041 ```
4042 ### NetworkPrediction
4043 Enable or disable network prediction (DNS prefetching).
4044
4045 **Compatibility:** Firefox 67, Firefox ESR 60.7\
4046 **CCK2 Equivalent:** N/A\
4047 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
4048
4049 #### Windows (GPO)
4050 ```
4051 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
4052 ```
4053 #### Windows (Intune)
4054 OMA-URI:
4055 ```
4056 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
4057 ```
4058 Value (string):
4059 ```
4060 <enabled/> or <disabled/>
4061 ```
4062 #### macOS
4063 ```
4064 <dict>
4065 <key>NetworkPrediction</key>
4066 <true/> | <false/>
4067 </dict>
4068 ```
4069 #### policies.json
4070 ```
4071 {
4072 "policies": {
4073 "NetworkPrediction": true | false
4074 }
4075 ```
4076 ### NewTabPage
4077 Enable or disable the New Tab page.
4078
4079 **Compatibility:** Firefox 68, Firefox ESR 68\
4080 **CCK2 Equivalent:** N/A\
4081 **Preferences Affected:** `browser.newtabpage.enabled`
4082
4083 #### Windows (GPO)
4084 ```
4085 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
4086 ```
4087 #### Windows (Intune)
4088 OMA-URI:
4089 ```
4090 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
4091 ```
4092 Value (string):
4093 ```
4094 <enabled/> or <disabled/>
4095 ```
4096 #### macOS
4097 ```
4098 <dict>
4099 <key>NewTabPage</key>
4100 <true/> | <false/>
4101 </dict>
4102 ```
4103 #### policies.json
4104 ```
4105 {
4106 "policies": {
4107 "NewTabPage": true | false
4108 }
4109 ```
4110 ### NoDefaultBookmarks
4111 Disable the creation of default bookmarks.
4112
4113 This policy is only effective if the user profile has not been created yet.
4114
4115 **Compatibility:** Firefox 60, Firefox ESR 60\
4116 **CCK2 Equivalent:** `removeDefaultBookmarks`\
4117 **Preferences Affected:** N/A
4118
4119 #### Windows (GPO)
4120 ```
4121 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
4122 ```
4123 #### Windows (Intune)
4124 OMA-URI:
4125 ```
4126 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
4127 ```
4128 Value (string):
4129 ```
4130 <enabled/> or <disabled/>
4131 ```
4132 #### macOS
4133 ```
4134 <dict>
4135 <key>NoDefaultBookmarks</key>
4136 <true/> | <false/>
4137 </dict>
4138 ```
4139 #### policies.json
4140 ```
4141 {
4142 "policies": {
4143 "NoDefaultBookmarks": true | false
4144 }
4145 }
4146 ```
4147 ### OfferToSaveLogins
4148 Control whether or not Firefox offers to save passwords.
4149
4150 **Compatibility:** Firefox 60, Firefox ESR 60\
4151 **CCK2 Equivalent:** `dontRememberPasswords`\
4152 **Preferences Affected:** `signon.rememberSignons`
4153
4154 #### Windows (GPO)
4155 ```
4156 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
4157 ```
4158 #### Windows (Intune)
4159 OMA-URI:
4160 ```
4161 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
4162 ```
4163 Value (string):
4164 ```
4165 <enabled/> or <disabled/>
4166 ```
4167 #### macOS
4168 ```
4169 <dict>
4170 <key>OfferToSaveLogins</key>
4171 <true/> | <false/>
4172 </dict>
4173 ```
4174 #### policies.json
4175 ```
4176 {
4177 "policies": {
4178 "OfferToSaveLogins": true | false
4179 }
4180 }
4181 ```
4182 ### OfferToSaveLoginsDefault
4183 Sets the default value of signon.rememberSignons without locking it.
4184
4185 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4186 **CCK2 Equivalent:** `dontRememberPasswords`\
4187 **Preferences Affected:** `signon.rememberSignons`
4188
4189 #### Windows (GPO)
4190 ```
4191 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4192 ```
4193 #### Windows (Intune)
4194 OMA-URI:
4195 ```
4196 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4197 ```
4198 Value (string):
4199 ```
4200 <enabled/> or <disabled/>
4201 ```
4202 #### macOS
4203 ```
4204 <dict>
4205 <key>OfferToSaveLoginsDefault</key>
4206 <true/> | <false/>
4207 </dict>
4208 ```
4209 #### policies.json
4210 ```
4211 {
4212 "policies": {
4213 "OfferToSaveLoginsDefault": true | false
4214 }
4215 }
4216 ```
4217 ### OverrideFirstRunPage
4218 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4219
4220 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4221
4222 **Compatibility:** Firefox 60, Firefox ESR 60\
4223 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4224 **Preferences Affected:** `startup.homepage_welcome_url`
4225
4226 #### Windows (GPO)
4227 ```
4228 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4229 ```
4230 #### Windows (Intune)
4231 OMA-URI:
4232 ```
4233 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4234 ```
4235 Value (string):
4236 ```
4237 <enabled/>
4238 <data id="OverridePage" value="https://example.com"/>
4239 ```
4240 #### macOS
4241 ```
4242 <dict>
4243 <key>OverrideFirstRunPage</key>
4244 <string>http://example.org</string>
4245 </dict>
4246 ```
4247 #### policies.json
4248 ```
4249 {
4250 "policies": {
4251 "OverrideFirstRunPage": "http://example.org"
4252 }
4253 }
4254 ```
4255 ### OverridePostUpdatePage
4256 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4257
4258 **Compatibility:** Firefox 60, Firefox ESR 60\
4259 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4260 **Preferences Affected:** `startup.homepage_override_url`
4261
4262 #### Windows (GPO)
4263 ```
4264 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4265 ```
4266 #### Windows (Intune)
4267 OMA-URI:
4268 ```
4269 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4270 ```
4271 Value (string):
4272 ```
4273 <enabled/>
4274 <data id="OverridePage" value="https://example.com"/>
4275 ```
4276 #### macOS
4277 ```
4278 <dict>
4279 <key>OverridePostUpdatePage</key>
4280 <string>http://example.org</string>
4281 </dict>
4282 ```
4283 #### policies.json
4284 ```
4285 {
4286 "policies": {
4287 "OverridePostUpdatePage": "http://example.org"
4288 }
4289 }
4290 ```
4291 ### PasswordManagerEnabled
4292 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4293
4294 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4295 **CCK2 Equivalent:** N/A\
4296 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4297
4298 #### Windows (GPO)
4299 ```
4300 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4301 ```
4302 #### Windows (Intune)
4303 OMA-URI:
4304 ```
4305 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4306 ```
4307 Value (string):
4308 ```
4309 <enabled/> or <disabled/>
4310 ```
4311 #### macOS
4312 ```
4313 <dict>
4314 <key>PasswordManagerEnabled</key>
4315 <true/> | <false/>
4316 </dict>
4317 ```
4318 #### policies.json
4319 ```
4320 {
4321 "policies": {
4322 "PasswordManagerEnabled": true | false
4323 }
4324 }
4325 ```
4326 ### PasswordManagerExceptions
4327 Prevent Firefox from saving passwords for specific sites.
4328
4329 The sites are specified as a list of origins.
4330
4331 **Compatibility:** Firefox 101\
4332 **CCK2 Equivalent:** N/A\
4333 **Preferences Affected:** N/A
4334
4335 #### Windows (GPO)
4336 ```
4337 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4338 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4339 ```
4340 #### Windows (Intune)
4341 OMA-URI:
4342 ```
4343 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4344 ```
4345 Value (string):
4346 ```
4347 <enabled/>
4348 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4349 ```
4350 #### macOS
4351 ```
4352 <dict>
4353 <key>PasswordManagerExceptions</key>
4354 <array>
4355 <string>https://example.org</string>
4356 <string>https://example.edu</string>
4357 </array>
4358 </dict>
4359 ```
4360 #### policies.json
4361 ```
4362 {
4363 "policies": {
4364 "PasswordManagerExceptions": ["https://example.org",
4365 "https://example.edu"]
4366 }
4367 }
4368 ```
4369
4370 ### PDFjs
4371 Disable or configure PDF.js, the built-in PDF viewer.
4372
4373 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4374
4375 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4376
4377 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4378
4379 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4380 **CCK2 Equivalent:** N/A\
4381 **Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
4382
4383 #### Windows (GPO)
4384 ```
4385 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4386 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4387 ```
4388 #### Windows (Intune)
4389 OMA-URI:
4390 ```
4391 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4392 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4393 ```
4394 Value (string):
4395 ```
4396 <enabled/>or <disabled/>
4397 ```
4398 #### macOS
4399 ```
4400 <dict>
4401 <key>PDFjs</key>
4402 <dict>
4403 <key>Enabled</key>
4404 <true/> | <false/>
4405 <key>EnablePermissions</key>
4406 <true/> | <false/>
4407 </dict>
4408 </dict>
4409 ```
4410 #### policies.json
4411 ```
4412 {
4413 "policies": {
4414 "PDFjs": {
4415 "Enabled": true | false,
4416 "EnablePermissions": true | false
4417 }
4418 }
4419 }
4420 ```
4421 ### Permissions
4422 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4423
4424 `Allow` is a list of origins where the feature is allowed.
4425
4426 `Block` is a list of origins where the feature is not allowed.
4427
4428 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4429
4430 `Locked` prevents the user from changing preferences for the feature.
4431
4432 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4433
4434 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4435 **CCK2 Equivalent:** N/A\
4436 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4437
4438 #### Windows (GPO)
4439 ```
4440 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4441 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4442 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4443 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4444 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4445 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4446 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4447 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4448 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4449 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4450 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4451 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4452 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4453 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4454 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4455 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4456 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4457 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4458 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4459 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4460 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4461 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4462 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4463 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4464 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4465 ```
4466 #### Windows (Intune)
4467 OMA-URI:
4468 ```
4469 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4470 ```
4471 Value (string):
4472 ```
4473 <enabled/> or <disabled/>
4474 ```
4475 OMA-URI:
4476 ```
4477 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4478 ```
4479 Value (string):
4480 ```
4481 <enabled/> or <disabled/>
4482 ```
4483 OMA-URI:
4484 ```
4485 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4486 ```
4487 Value (string):
4488 ```
4489 <enabled/>
4490 <data id="Permissions" value="1&#xF000;https://example.org"/>
4491 ```
4492 OMA-URI:
4493 ```
4494 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4495 ```
4496 Value (string):
4497 ```
4498 <enabled/> or <disabled/>
4499 ```
4500 OMA-URI:
4501 ```
4502 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4503 ```
4504 Value (string):
4505 ```
4506 <enabled/> or <disabled/>
4507 ```
4508 OMA-URI:
4509 ```
4510 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4511 ```
4512 Value (string):
4513 ```
4514 <enabled/>
4515 <data id="Permissions" value="1&#xF000;https://example.org"/>
4516 ```
4517 OMA-URI:
4518 ```
4519 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4520 ```
4521 Value (string):
4522 ```
4523 <enabled/>
4524 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4525 ```
4526 OMA-URI:
4527 ```
4528 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4529 ```
4530 Value (string):
4531 ```
4532 <enabled/>
4533 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4534 ```
4535 OMA-URI:
4536 ```
4537 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4538 ```
4539 Value (string):
4540 ```
4541 <enabled/> or <disabled/>
4542 ```
4543 OMA-URI:
4544 ```
4545 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4546 ```
4547 Value (string):
4548 ```
4549 <enabled/>
4550 <data id="Permissions" value="1&#xF000;https://example.org"/>
4551 ```
4552 OMA-URI:
4553 ```
4554 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4555 ```
4556 Value (string):
4557 ```
4558 <enabled/>
4559 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4560 ```
4561 OMA-URI:
4562 ```
4563 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4564 ```
4565 Value (string):
4566 ```
4567 <enabled/> or <disabled/>
4568 ```
4569 OMA-URI:
4570 ```
4571 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4572 ```
4573 Value (string):
4574 ```
4575 <enabled/> or <disabled/>
4576 ```
4577 #### macOS
4578 ```
4579 <dict>
4580 <key>Permissions</key>
4581 <dict>
4582 <key>Camera</key>
4583 <dict>
4584 <key>Allow</key>
4585 <array>
4586 <string>https://example.org</string>
4587 <string>https://example.org:1234</string>
4588 </array>
4589 <key>Block</key>
4590 <array>
4591 <string>https://example.edu</string>
4592 </array>
4593 <key>BlockNewRequests</key>
4594 <true/> | <false/>
4595 <key>Locked</key>
4596 <true/> | <false/>
4597 </dict>
4598 <key>Microphone</key>
4599 <dict>
4600 <key>Allow</key>
4601 <array>
4602 <string>https://example.org</string>
4603 </array>
4604 <key>Block</key>
4605 <array>
4606 <string>https://example.edu</string>
4607 </array>
4608 <key>BlockNewRequests</key>
4609 <true/> | <false/>
4610 <key>Locked</key>
4611 <true/> | <false/>
4612 </dict>
4613 <key>Location</key>
4614 <dict>
4615 <key>Allow</key>
4616 <array>
4617 <string>https://example.org</string>
4618 </array>
4619 <key>Block</key>
4620 <array>
4621 <string>https://example.edu</string>
4622 </array>
4623 <key>BlockNewRequests</key>
4624 <true/> | <false/>
4625 <key>Locked</key>
4626 <true/> | <false/>
4627 </dict>
4628 <key>Notifications</key>
4629 <dict>
4630 <key>Allow</key>
4631 <array>
4632 <string>https://example.org</string>
4633 </array>
4634 <key>Block</key>
4635 <array>
4636 <string>https://example.edu</string>
4637 </array>
4638 <key>BlockNewRequests</key>
4639 <true/>
4640 <key>Locked</key>
4641 <true/>
4642 </dict>
4643 <key>Autoplay</key>
4644 <dict>
4645 <key>Allow</key>
4646 <array>
4647 <string>https://example.org</string>
4648 </array>
4649 <key>Block</key>
4650 <array>
4651 <string>https://example.edu</string>
4652 </array>
4653 <key>Default</key>
4654 <string>allow-audio-video | block-audio | block-audio-video</string>
4655 <key>Locked</key>
4656 <true/> | <false/>
4657 </dict>
4658 </dict>
4659 </dict>
4660 ```
4661 #### policies.json
4662 ```
4663 {
4664 "policies": {
4665 "Permissions": {
4666 "Camera": {
4667 "Allow": ["https://example.org","https://example.org:1234"],
4668 "Block": ["https://example.edu"],
4669 "BlockNewRequests": true | false,
4670 "Locked": true | false
4671 },
4672 "Microphone": {
4673 "Allow": ["https://example.org"],
4674 "Block": ["https://example.edu"],
4675 "BlockNewRequests": true | false,
4676 "Locked": true | false
4677 },
4678 "Location": {
4679 "Allow": ["https://example.org"],
4680 "Block": ["https://example.edu"],
4681 "BlockNewRequests": true | false,
4682 "Locked": true | false
4683 },
4684 "Notifications": {
4685 "Allow": ["https://example.org"],
4686 "Block": ["https://example.edu"],
4687 "BlockNewRequests": true | false,
4688 "Locked": true | false
4689 },
4690 "Autoplay": {
4691 "Allow": ["https://example.org"],
4692 "Block": ["https://example.edu"],
4693 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4694 "Locked": true | false
4695 }
4696 }
4697 }
4698 }
4699 ```
4700 ### PictureInPicture
4701
4702 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4703
4704 **Compatibility:** Firefox 78, Firefox ESR 78\
4705 **CCK2 Equivalent:** N/A\
4706 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4707
4708 #### Windows (GPO)
4709 ```
4710 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4711 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4712
4713 ```
4714 #### Windows (Intune)
4715 OMA-URI:
4716 ```
4717 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4718 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4719 ```
4720 Value (string):
4721 ```
4722 <enabled/> or <disabled/>
4723 ```
4724 #### macOS
4725 ```
4726 <dict>
4727 <key>PictureInPicture</key>
4728 <dict>
4729 <key>Enabled</key>
4730 <true/> | <false/>
4731 <key>Locked</key>
4732 <true/> | <false/>
4733 </dict>
4734 </dict>
4735 ```
4736 #### policies.json
4737 ```
4738 {
4739 "policies": {
4740 "PictureInPicture": {
4741 "Enabled": true | false,
4742 "Locked": true | false
4743 }
4744 }
4745 }
4746 ```
4747 ### PopupBlocking
4748 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4749
4750 `Allow` is a list of origins where popup-windows are allowed.
4751
4752 `Default` determines whether or not pop-up windows are allowed by default.
4753
4754 `Locked` prevents the user from changing pop-up preferences.
4755
4756 **Compatibility:** Firefox 60, Firefox ESR 60\
4757 **CCK2 Equivalent:** `permissions.popup`\
4758 **Preferences Affected:** `dom.disable_open_during_load`
4759
4760 #### Windows (GPO)
4761 ```
4762 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4763 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4764 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4765 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4766 ```
4767 #### Windows (Intune)
4768 OMA-URI:
4769 ```
4770 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4771 ```
4772 Value (string):
4773 ```
4774 <enabled/>
4775 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4776 ```
4777 OMA-URI:
4778 ```
4779 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4780 ```
4781 Value (string):
4782 ```
4783 <enabled/> or <disabled/>
4784 ```
4785 OMA-URI:
4786 ```
4787 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4788 ```
4789 Value (string):
4790 ```
4791 <enabled/> or <disabled/>
4792 ```
4793 #### macOS
4794 ```
4795 <dict>
4796 <key>PopupBlocking</key>
4797 <dict>
4798 <key>Allow</key>
4799 <array>
4800 <string>http://example.org</string>
4801 <string>http://example.edu</string>
4802 </array>
4803 <key>Default</key>
4804 <true/> | <false/>
4805 <key>Locked</key>
4806 <true/> | <false/>
4807 </dict>
4808 </dict>
4809 ```
4810 #### policies.json
4811 ```
4812 {
4813 "policies": {
4814 "PopupBlocking": {
4815 "Allow": ["http://example.org/",
4816 "http://example.edu/"],
4817 "Default": true | false,
4818 "Locked": true | false
4819 }
4820 }
4821 }
4822 ```
4823 ### Preferences
4824 Set and lock preferences.
4825
4826 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4827
4828 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4829
4830 Preferences that start with the following prefixes are supported:
4831 ```
4832 accessibility.
4833 alerts.* (Firefox 122, Firefox ESR 115.7)
4834 app.update.* (Firefox 86, Firefox ESR 78.8)
4835 browser.
4836 datareporting.policy.
4837 dom.
4838 extensions.
4839 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4840 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4841 geo.
4842 gfx.
4843 intl.
4844 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4845 layers.
4846 layout.
4847 media.
4848 network.
4849 pdfjs. (Firefox 84, Firefox ESR 78.6)
4850 places.
4851 pref.
4852 print.
4853 signon. (Firefox 83, Firefox ESR 78.5)
4854 spellchecker. (Firefox 84, Firefox ESR 78.6)
4855 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4856 ui.
4857 widget.
4858 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4859 xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
4860 ```
4861 as well as the following security preferences:
4862
4863 | Preference | Type | Default
4864 | --- | --- | --- |
4865 | security.default_personal_cert | string | Ask Every Time
4866 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4867 | security.disable_button.openCertManager | string | N/A
4868 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4869 | security.disable_button.openDeviceManager | string | N/A
4870 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4871 | security.insecure_connection_text.enabled | bool | false
4872 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4873 | security.insecure_connection_text.pbmode.enabled | bool | false
4874 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4875 | security.mixed_content.block_active_content | boolean | true
4876 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4877 | security.osclientcerts.autoload | boolean | false
4878 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4879 | security.OCSP.enabled | integer | 1
4880 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4881 | security.OCSP.require | boolean | false
4882 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4883 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4884 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4885 | security.ssl.enable_ocsp_stapling | boolean | true
4886 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4887 | security.ssl.errorReporting.enabled | boolean | true
4888 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4889 | security.ssl.require_safe_negotiation | boolean | false
4890 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4891 | security.tls.enable_0rtt_data | boolean | true
4892 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4893 | security.tls.hello_downgrade_check | boolean | true
4894 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4895 | security.tls.version.enable-deprecated | boolean | false
4896 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4897 | security.warn_submit_secure_to_insecure | boolean | true
4898 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4899
4900 Using the preference as the key, set the `Value` to the corresponding preference value.
4901
4902 `Status` can be "default", "locked", "user" or "clear"
4903
4904 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4905 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4906 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4907 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4908
4909 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4910
4911 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4912
4913 You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.
4914
4915 See the examples below for more detail.
4916
4917 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4918
4919 Status
4920 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4921 **CCK2 Equivalent:** `preferences`\
4922 **Preferences Affected:** Many
4923
4924 #### Windows (GPO)
4925 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4926 ```
4927 {
4928 "accessibility.force_disabled": {
4929 "Value": 1,
4930 "Status": "default",
4931 "Type": "number"
4932
4933 },
4934 "browser.cache.disk.parent_directory": {
4935 "Value": "SOME_NATIVE_PATH",
4936 "Status": "user"
4937 },
4938 "browser.tabs.warnOnClose": {
4939 "Value": false,
4940 "Status": "locked"
4941 }
4942 }
4943 ```
4944 #### Windows (Intune)
4945 OMA-URI:
4946 ```
4947 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4948 ```
4949 Value (string):
4950 ```
4951 <enabled/>
4952 <data id="JSON" value='
4953 {
4954 "accessibility.force_disabled": {
4955 "Value": 1,
4956 "Status": "default",
4957 "Type": "number"
4958 },
4959 "browser.cache.disk.parent_directory": {
4960 "Value": "SOME_NATIVE_PATH",
4961 "Status": "user"
4962 },
4963 "browser.tabs.warnOnClose": {
4964 "Value": false,
4965 "Status": "locked"
4966 }
4967 }'/>
4968 ```
4969 #### macOS
4970 ```
4971 <dict>
4972 <key>Preferences</key>
4973 <dict>
4974 <key>accessibility.force_disabled</key>
4975 <dict>
4976 <key>Value</key>
4977 <integer>1</integer>
4978 <key>Status</key>
4979 <string>default</string>
4980 <key>Type</key>
4981 <string>number</string>
4982 </dict>
4983 <key>browser.cache.disk.parent_directory</key>
4984 <dict>
4985 <key>Value</key>
4986 <string>SOME_NATIVE_PATH</string>
4987 <key>Status</key>
4988 <string>user</string>
4989 </dict>
4990 <key>browser.tabs.warnOnClose</key>
4991 <dict>
4992 <key>Value</key>
4993 <false/>
4994 <key>Status</key>
4995 <string>locked</string>
4996 </dict>
4997 </dict>
4998 </dict>
4999 ```
5000 #### policies.json
5001 ```
5002 {
5003 "policies": {
5004 "Preferences": {
5005 "accessibility.force_disabled": {
5006 "Value": 1,
5007 "Status": "default"
5008 "Type": "number"
5009 },
5010 "browser.cache.disk.parent_directory": {
5011 "Value": "SOME_NATIVE_PATH",
5012 "Status": "user"
5013 },
5014 "browser.tabs.warnOnClose": {
5015 "Value": false,
5016 "Status": "locked"
5017 }
5018 }
5019 }
5020 }
5021 ```
5022 ### PrimaryPassword
5023 Require or prevent using a primary (formerly master) password.
5024
5025 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
5026
5027 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
5028
5029 **Compatibility:** Firefox 79, Firefox ESR 78.1\
5030 **CCK2 Equivalent:** `noMasterPassword`\
5031 **Preferences Affected:** N/A
5032
5033 #### Windows (GPO)
5034 ```
5035 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
5036 ```
5037 #### Windows (Intune)
5038 OMA-URI:
5039 ```
5040 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
5041 ```
5042 Value (string):
5043 ```
5044 <enabled/> or <disabled/>
5045 ```
5046 #### macOS
5047 ```
5048 <dict>
5049 <key>PrimaryPassword</key>
5050 <true/> | <false/>
5051 </dict>
5052 ```
5053 #### policies.json
5054 ```
5055 {
5056 "policies": {
5057 "PrimaryPassword": true | false
5058 }
5059 }
5060 ```
5061 ### PrintingEnabled
5062 Enable or disable printing.
5063
5064 **Compatibility:** Firefox 120, Firefox ESR 115.5\
5065 **CCK2 Equivalent:** N/A\
5066 **Preferences Affected:** `print.enabled`
5067
5068 #### Windows (GPO)
5069 ```
5070 Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
5071 ```
5072 #### Windows (Intune)
5073 OMA-URI:
5074 ```
5075 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
5076 ```
5077 Value (string):
5078 ```
5079 <enabled/> or <disabled/>
5080 ```
5081 #### macOS
5082 ```
5083 <dict>
5084 <key>PrintingEnabled</key>
5085 <true/> | <false/>
5086 </dict>
5087 ```
5088 #### policies.json
5089 ```
5090 {
5091 "policies": {
5092 "PrintingEnabled": true | false
5093 }
5094 }
5095 ```
5096 ### PromptForDownloadLocation
5097 Ask where to save each file before downloading.
5098
5099 **Compatibility:** Firefox 68, Firefox ESR 68\
5100 **CCK2 Equivalent:** N/A\
5101 **Preferences Affected:** `browser.download.useDownloadDir`
5102
5103 #### Windows (GPO)
5104 ```
5105 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
5106 ```
5107 #### Windows (Intune)
5108 OMA-URI:
5109 ```
5110 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
5111 ```
5112 Value (string):
5113 ```
5114 <enabled/> or <disabled/>
5115 ```
5116 #### macOS
5117 ```
5118 <dict>
5119 <key>PromptForDownloadLocation</key>
5120 <true/> | <false/>
5121 </dict>
5122 ```
5123 #### policies.json
5124 ```
5125 {
5126 "policies": {
5127 "PromptForDownloadLocation": true | false
5128 }
5129 }
5130 ```
5131 ### Proxy
5132 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5133 To specify ports, append them to the hostnames with a colon (:).
5134
5135 Unless you lock this policy, changes the user already has in place will take effect.
5136
5137 `Mode` is the proxy method being used.
5138
5139 `Locked` is whether or not proxy settings can be changed.
5140
5141 `HTTPProxy` is the HTTP proxy server.
5142
5143 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5144
5145 `SSLProxy` is the SSL proxy server.
5146
5147 `FTPProxy` is the FTP proxy server.
5148
5149 `SOCKSProxy` is the SOCKS proxy server
5150
5151 `SOCKSVersion` is the SOCKS version (4 or 5)
5152
5153 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5154
5155 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5156
5157 `AutoLogin` means do not prompt for authentication if password is saved.
5158
5159 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5160
5161 **Compatibility:** Firefox 60, Firefox ESR 60\
5162 **CCK2 Equivalent:** `networkProxy*`\
5163 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5164
5165 #### Windows (GPO)
5166 ```
5167 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5168 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5169 Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
5170 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5171 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5172 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5173 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5174 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5175 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5176 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5177 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5178 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5179 ```
5180 #### Windows (Intune)
5181 **Note**
5182 These setttings were moved to a category to make them easier to configure via Intune.
5183
5184 OMA-URI:
5185 ```
5186 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5187 ```
5188 Value (string):
5189 ```
5190 <enabled/> or <disabled/>
5191 ```
5192 OMA-URI:
5193 ```
5194 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5195 ```
5196 Value (string):
5197 ```
5198 <enabled/>
5199 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5200 ```
5201 OMA-URI:
5202 ```
5203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5204 ```
5205 Value (string):
5206 ```
5207 <enabled/>
5208 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5209 ```
5210 OMA-URI:
5211 ```
5212 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5213 ```
5214 Value (string):
5215 ```
5216 <enabled/> or <disabled/>
5217 ```
5218 OMA-URI:
5219 ```
5220 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5221 ```
5222 Value (string):
5223 ```
5224 <enabled/>
5225 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5226 ```
5227 OMA-URI:
5228 ```
5229 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5230 ```
5231 Value (string):
5232 ```
5233 <enabled/>
5234 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5235 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5236 ```
5237 OMA-URI:
5238 ```
5239 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5240 ```
5241 Value (string):
5242 ```
5243 <enabled/>
5244 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5245 ```
5246 OMA-URI:
5247 ```
5248 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5249 ```
5250 Value (string):
5251 ```
5252 <enabled/>
5253 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5254 ```
5255 OMA-URI:
5256 ```
5257 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5258 ```
5259 Value (string):
5260 ```
5261 <enabled/> or <disabled/>
5262 ```
5263 OMA-URI:
5264 ```
5265 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5266 ```
5267 Value (string):
5268 ```
5269 <enabled/> or <disabled/>
5270 ```
5271 OMA-URI (Old way):
5272 ```
5273 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5274 ```
5275 Value (string):
5276 ```
5277 <enabled/>
5278 <data id="ProxyLocked" value="true | false"/>
5279 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5280 <data id="HTTPProxy" value="httpproxy.example.com"/>
5281 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5282 <data id="SSLProxy" value="sslproxy.example.com"/>
5283 <data id="FTPProxy" value="ftpproxy.example.com"/>
5284 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5285 <data id="SOCKSVersion" value="4 | 5"/>
5286 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5287 <data id="Passthrough" value="<local>"/>
5288 <data id="AutoLogin" value="true | false"/>
5289 <data id="UseProxyForDNS" value="true | false"/>
5290 ```
5291 #### macOS
5292 ```
5293 <dict>
5294 <key>Proxy</key>
5295 <dict>
5296 <key>Mode</key>
5297 <string>none | system | manual | autoDetect | autoConfig</string>
5298 <key>Locked</key>
5299 <true> | </false>
5300 <key>HTTPProxy</key>
5301 <string>https://httpproxy.example.com</string>
5302 <key>UseHTTPProxyForAllProtocols</key>
5303 <true> | </false>
5304 <key>SSLProxy</key>
5305 <string>https://sslproxy.example.com</string>
5306 <key>FTPProxy</key>
5307 <string>https://ftpproxy.example.com</string>
5308 <key>SOCKSProxy</key>
5309 <string>https://socksproxy.example.com</string>
5310 <key>SOCKSVersion</key>
5311 <string>4 | 5</string>
5312 <key>Passthrough</key>
5313 <string>&lt;local>&gt;</string>
5314 <key>AutoConfigURL</key>
5315 <string>URL_TO_AUTOCONFIG</string>
5316 <key>AutoLogin</key>
5317 <true> | </false>
5318 <key>UseProxyForDNS</key>
5319 <true> | </false>
5320 </dict>
5321 </dict>
5322 ```
5323 #### policies.json
5324 ```
5325 {
5326 "policies": {
5327 "Proxy": {
5328 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5329 "Locked": true | false,
5330 "HTTPProxy": "hostname",
5331 "UseHTTPProxyForAllProtocols": true | false,
5332 "SSLProxy": "hostname",
5333 "FTPProxy": "hostname",
5334 "SOCKSProxy": "hostname",
5335 "SOCKSVersion": 4 | 5,
5336 "Passthrough": "<local>",
5337 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5338 "AutoLogin": true | false,
5339 "UseProxyForDNS": true | false
5340 }
5341 }
5342 }
5343 ```
5344 ### RequestedLocales
5345 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5346
5347 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5348
5349 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5350 **CCK2 Equivalent:** N/A\
5351 **Preferences Affected:** N/A
5352 #### Windows (GPO)
5353 ```
5354 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5355 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5356
5357 or
5358
5359 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5360 ```
5361 #### Windows (Intune)
5362 OMA-URI:
5363 ```
5364 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5365 ```
5366 Value (string):
5367 ```
5368 <enabled/>
5369 <data id="Preferences_String" value="de,en-US"/>
5370 ```
5371 #### macOS
5372 ```
5373 <dict>
5374 <key>RequestedLocales</key>
5375 <array>
5376 <string>de</string>
5377 <string>en-US</string>
5378 </array>
5379 </dict>
5380
5381 or
5382
5383 <dict>
5384 <key>RequestedLocales</key>
5385 <string>de,en-US</string>
5386 </dict>
5387
5388 ```
5389 #### policies.json
5390 ```
5391 {
5392 "policies": {
5393 "RequestedLocales": ["de", "en-US"]
5394 }
5395 }
5396
5397 or
5398
5399 {
5400 "policies": {
5401 "RequestedLocales": "de,en-US"
5402 }
5403 }
5404 ```
5405 <a name="SanitizeOnShutdown"></a>
5406
5407 ### SanitizeOnShutdown (Selective)
5408 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5409
5410 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5411
5412 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5413 **CCK2 Equivalent:** N/A\
5414 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5415 #### Windows (GPO)
5416 ```
5417 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5418 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5419 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5420 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5421 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5422 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5423 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5424 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5425 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5426 ```
5427 #### Windows (Intune)
5428 OMA-URI:
5429 ```
5430 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5431 ```
5432 Value (string):
5433 ```
5434 <enabled/> or <disabled/>
5435 ```
5436 OMA-URI:
5437 ```
5438 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5439 ```
5440 Value (string):
5441 ```
5442 <enabled/> or <disabled/>
5443 ```
5444 OMA-URI:
5445 ```
5446 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5447 ```
5448 Value (string):
5449 ```
5450 <enabled/> or <disabled/>
5451 ```
5452 OMA-URI:
5453 ```
5454 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5455 ```
5456 Value (string):
5457 ```
5458 <enabled/> or <disabled/>
5459 ```
5460 OMA-URI:
5461 ```
5462 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5463 ```
5464 Value (string):
5465 ```
5466 <enabled/> or <disabled/>
5467 ```
5468 OMA-URI:
5469 ```
5470 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5471 ```
5472 Value (string):
5473 ```
5474 <enabled/> or <disabled/>
5475 ```
5476 OMA-URI:
5477 ```
5478 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5479 ```
5480 Value (string):
5481 ```
5482 <enabled/> or <disabled/>
5483 ```
5484 OMA-URI:
5485 ```
5486 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5487 ```
5488 Value (string):
5489 ```
5490 <enabled/> or <disabled/>
5491 ```
5492 OMA-URI:
5493 ```
5494 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5495 ```
5496 Value (string):
5497 ```
5498 <enabled/> or <disabled/>
5499 ```
5500 #### macOS
5501 ```
5502 <dict>
5503 <key>SanitizeOnShutdown</key>
5504 <dict>
5505 <key>Cache</key>
5506 <true/> | <false/>
5507 <key>Cookies</key>
5508 <true/> | <false/>
5509 <key>Downloads</key>
5510 <true/> | <false/>
5511 <key>FormData</key>
5512 <true/> | <false/>
5513 <key>History</key>
5514 <true/> | <false/>
5515 <key>Sessions</key>
5516 <true/> | <false/>
5517 <key>SiteSettings</key>
5518 <true/> | <false/>
5519 <key>OfflineApps</key>
5520 <true/> | <false/>
5521 <key>Locked</key>
5522 <true/> | <false/>
5523 </dict>
5524 </dict>
5525 ```
5526 #### policies.json
5527 ```
5528 {
5529 "policies": {
5530 "SanitizeOnShutdown": {
5531 "Cache": true | false,
5532 "Cookies": true | false,
5533 "Downloads": true | false,
5534 "FormData": true | false,
5535 "History": true | false,
5536 "Sessions": true | false,
5537 "SiteSettings": true | false,
5538 "OfflineApps": true | false,
5539 "Locked": true | false
5540 }
5541 }
5542 }
5543 ```
5544 ### SanitizeOnShutdown (All)
5545 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5546
5547 **Compatibility:** Firefox 60, Firefox ESR 60\
5548 **CCK2 Equivalent:** N/A\
5549 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5550 #### Windows (GPO)
5551 ```
5552 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5553 ```
5554 #### Windows (Intune)
5555 OMA-URI:
5556 ```
5557 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5558 ```
5559 Value (string):
5560 ```
5561 <enabled/> or <disabled/>
5562 ```
5563 #### macOS
5564 ```
5565 <dict>
5566 <key>SanitizeOnShutdown</key>
5567 <true/> | <false/>
5568 </dict>
5569 ```
5570 #### policies.json
5571 ```
5572 {
5573 "policies": {
5574 "SanitizeOnShutdown": true | false
5575 }
5576 }
5577 ```
5578 ### SearchBar
5579 Set whether or not search bar is displayed.
5580
5581 **Compatibility:** Firefox 60, Firefox ESR 60\
5582 **CCK2 Equivalent:** `showSearchBar`\
5583 **Preferences Affected:** N/A
5584
5585 #### Windows (GPO)
5586 ```
5587 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5588 ```
5589
5590 #### Windows (Intune)
5591 OMA-URI:
5592 ```
5593 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5594 ```
5595 Value (string):
5596 ```
5597 <enabled/>
5598 <data id="SearchBar" value="unified | separate"/>
5599 ```
5600 #### macOS
5601 ```
5602 <dict>
5603 <key>SearchBar</key>
5604 <string>unified | separate</string>
5605 </dict>
5606 ```
5607 #### policies.json
5608 ```
5609 {
5610 "policies": {
5611 "SearchBar": "unified" | "separate"
5612 }
5613 }
5614 ```
5615 <a name="SearchEngines"></a>
5616
5617 ### SearchEngines (This policy is only available on the ESR.)
5618
5619 ### SearchEngines | Add
5620
5621 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5622
5623 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5624
5625 `Name` is the name of the search engine.
5626
5627 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5628
5629 `Method` is either GET or POST
5630
5631 `IconURL` is a URL for the icon to use.
5632
5633 `Alias` is a keyword to use for the engine.
5634
5635 `Description` is a description of the search engine.
5636
5637 `PostData` is the POST data as name value pairs separated by &.
5638
5639 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5640
5641 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5642
5643 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5644 **CCK2 Equivalent:** `searchplugins`\
5645 **Preferences Affected:** N/A
5646
5647 #### Windows (GPO)
5648 ```
5649 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5650 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5651 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5652 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5653 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5654 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5655 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5656 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5657 ```
5658 #### Windows (Intune)
5659 OMA-URI:
5660 ```
5661 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5662 ```
5663 Value (string):
5664 ```
5665 <enabled/>
5666 <data id="SearchEngine_Name" value="Example1"/>
5667 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5668 <data id="SearchEngine_Method" value="GET | POST"/>
5669 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5670 <data id="SearchEngine_Alias" value="example"/>
5671 <data id="SearchEngine_Description" value="Example Description"/>
5672 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5673 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5674 ```
5675 #### macOS
5676 ```
5677 <dict>
5678 <key>SearchEngines</key>
5679 <dict>
5680 <key>Add</key>
5681 <array>
5682 <dict>
5683 <key>Name</key>
5684 <string>Example1</string>
5685 <key>URLTemplate</key>
5686 <string>https://www.example.org/q={searchTerms}</string>
5687 <key>Method</key>
5688 <string>GET | POST </string>
5689 <key>IconURL</key>
5690 <string>https://www.example.org/favicon.ico</string>
5691 <key>Alias</key>
5692 <string>example</string>
5693 <key>Description</key>
5694 <string>Example Description</string>
5695 <key>SuggestURLTemplate</key>
5696 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5697 <key>PostData</key>
5698 <string>name=value&q={searchTerms}</string>
5699 </dict>
5700 <array>
5701 </dict>
5702 </dict>
5703 ```
5704 #### policies.json
5705 ```
5706 {
5707 "policies": {
5708 "SearchEngines": {
5709 "Add": [
5710 {
5711 "Name": "Example1",
5712 "URLTemplate": "https://www.example.org/q={searchTerms}",
5713 "Method": "GET" | "POST",
5714 "IconURL": "https://www.example.org/favicon.ico",
5715 "Alias": "example",
5716 "Description": "Description",
5717 "PostData": "name=value&q={searchTerms}",
5718 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5719 }
5720 ]
5721 }
5722 }
5723 }
5724 ```
5725 ### SearchEngines | Default
5726
5727 Set the default search engine. This policy is only available on the ESR.
5728
5729 **Compatibility:** Firefox ESR 60\
5730 **CCK2 Equivalent:** `defaultSearchEngine`\
5731 **Preferences Affected:** N/A
5732
5733 #### Windows (GPO)
5734 ```
5735 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5736 ```
5737 #### Windows (Intune)
5738 OMA-URI:
5739 ```
5740 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5741 ```
5742 Value (string):
5743 ```
5744 <enabled/>
5745 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5746 ```
5747 #### macOS
5748 ```
5749 <dict>
5750 <key>SearchEngines</key>
5751 <dict>
5752 <key>Default</key>
5753 <string>NAME_OF_SEARCH_ENGINE</string>
5754 </dict>
5755 </dict>
5756 ```
5757 #### policies.json
5758 ```
5759 {
5760 "policies": {
5761 "SearchEngines": {
5762 "Default": "NAME_OF_SEARCH_ENGINE"
5763 }
5764 }
5765 }
5766 ```
5767 ### SearchEngines | PreventInstalls
5768
5769 Prevent installing search engines from webpages.
5770
5771 **Compatibility:** Firefox ESR 60\
5772 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5773 **Preferences Affected:** N/A
5774
5775 #### Windows (GPO)
5776 ```
5777 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5778 ```
5779 #### Windows (Intune)
5780 OMA-URI:
5781 ```
5782 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5783 ```
5784 Value (string):
5785 ```
5786 <enabled/> or <disabled/>
5787 ```
5788 #### macOS
5789 ```
5790 <dict>
5791 <key>SearchEngines</key>
5792 <dict>
5793 <key>PreventInstalls</key>
5794 <true/> | <false/>
5795 </dict>
5796 </dict>
5797 ```
5798 #### policies.json
5799 ```
5800 {
5801 "policies": {
5802 "SearchEngines": {
5803 "PreventInstalls": true | false
5804 }
5805 }
5806 }
5807 ```
5808 ### SearchEngines | Remove
5809
5810 Hide built-in search engines. This policy is only available on the ESR.
5811
5812 **Compatibility:** Firefox ESR 60.2\
5813 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5814 **Preferences Affected:** N/A
5815
5816 #### Windows (GPO)
5817 ```
5818 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5819 ```
5820 #### Windows (Intune)
5821 OMA-URI:
5822 ```
5823 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5824 ```
5825 Value (string):
5826 ```
5827 <enabled/>
5828 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5829 ```
5830 #### macOS
5831 ```
5832 <dict>
5833 <key>SearchEngines</key>
5834 <dict>
5835 <key>Remove</key>
5836 <array>
5837 <string>NAME_OF_SEARCH_ENGINE</string>
5838 </array>
5839 </dict>
5840 </dict>
5841 ```
5842 #### policies.json
5843 ```
5844 {
5845 "policies": {
5846 "SearchEngines": {
5847 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5848 }
5849 }
5850 }
5851 ```
5852 ### SearchSuggestEnabled
5853
5854 Enable search suggestions.
5855
5856 **Compatibility:** Firefox 68, Firefox ESR 68\
5857 **CCK2 Equivalent:** N/A\
5858 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5859
5860 #### Windows (GPO)
5861 ```
5862 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5863 ```
5864 #### Windows (Intune)
5865 OMA-URI:
5866 ```
5867 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5868 ```
5869 Value (string):
5870 ```
5871 <enabled/> or <disabled/>
5872 ```
5873 #### macOS
5874 ```
5875 <dict>
5876 <key>SearchSuggestEnabled</key>
5877 <true/> | <false/>
5878 </dict>
5879 ```
5880 #### policies.json
5881 ```
5882 {
5883 "policies": {
5884 "SearchSuggestEnabled": true | false
5885 }
5886 }
5887 ```
5888 ### SecurityDevices
5889
5890 Add or delete PKCS #11 modules.
5891
5892 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5893 **CCK2 Equivalent:** N/A\
5894 **Preferences Affected:** N/A
5895
5896 #### Windows (GPO)
5897 ```
5898 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5899 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5900 ```
5901 #### Windows (Intune)
5902 OMA-URI:
5903 ```
5904 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5905 ```
5906 Value (string):
5907 ```
5908 <enabled/>
5909 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5910 ```
5911 OMA-URI:
5912 ```
5913 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5914 ```
5915 Value (string):
5916 ```
5917 <enabled/>
5918 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5919 ```
5920 #### macOS
5921 ```
5922 <dict>
5923 <key>SecurityDevices</key>
5924 <dict>
5925 <key>Add<key>
5926 <dict>
5927 <key>NAME_OF_DEVICE_TO_ADD</key>
5928 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5929 </dict>
5930 <key>Delete</add>
5931 <array>
5932 <string>NAME_OF_DEVICE_TO_DELETE</string>
5933 </array>
5934 </dict>
5935 </dict>
5936 ```
5937 #### policies.json
5938 ```
5939 {
5940 "policies": {
5941 "SecurityDevices": {
5942 "Add": {
5943 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5944 },
5945 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5946 }
5947 }
5948 }
5949 ```
5950 ### SecurityDevices (Deprecated)
5951
5952 Install PKCS #11 modules.
5953
5954 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5955 **CCK2 Equivalent:** `certs.devices`\
5956 **Preferences Affected:** N/A
5957
5958 #### Windows (GPO)
5959 ```
5960 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5961 ```
5962 #### Windows (Intune)
5963 OMA-URI:
5964 ```
5965 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5966 ```
5967 Value (string):
5968 ```
5969 <enabled/>
5970 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5971 ```
5972 #### macOS
5973 ```
5974 <dict>
5975 <key>SecurityDevices</key>
5976 <dict>
5977 <key>NAME_OF_DEVICE</key>
5978 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5979 </dict>
5980 </dict>
5981 ```
5982 #### policies.json
5983 ```
5984 {
5985 "policies": {
5986 "SecurityDevices": {
5987 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5988 }
5989 }
5990 }
5991 ```
5992 ### ShowHomeButton
5993 Show the home button on the toolbar.
5994
5995 Future versions of Firefox will not show the home button by default.
5996
5997 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5998 **CCK2 Equivalent:** N/A\
5999 **Preferences Affected:** N/A
6000
6001 #### Windows (GPO)
6002 ```
6003 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
6004 ```
6005 #### Windows (Intune)
6006 OMA-URI:
6007 ```
6008 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
6009 ```
6010 Value (string):
6011 ```
6012 <enabled/> or <disabled/>
6013 ```
6014 #### macOS
6015 ```
6016 <dict>
6017 <key>ShowHomeButton</key>
6018 <true/> | <false/>
6019 </dict>
6020 ```
6021 #### policies.json
6022 ```
6023 {
6024 "policies": {
6025 "ShowHomeButton": true | false
6026 }
6027 }
6028 ```
6029 ### SSLVersionMax
6030
6031 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
6032
6033 **Compatibility:** Firefox 66, Firefox ESR 60.6\
6034 **CCK2 Equivalent:** N/A\
6035 **Preferences Affected:** `security.tls.version.max`
6036
6037 #### Windows (GPO)
6038 ```
6039 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6040 ```
6041 #### Windows (Intune)
6042 OMA-URI:
6043 ```
6044 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
6045 ```
6046 Value (string):
6047 ```
6048 <enabled/>
6049 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
6050 ```
6051 #### macOS
6052 ```
6053 <dict>
6054 <key>SSLVersionMax</key>
6055 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
6056 </dict>
6057 ```
6058
6059 #### policies.json
6060 ```
6061 {
6062 "policies": {
6063 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6064 }
6065 }
6066 ```
6067 ### SSLVersionMin
6068
6069 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
6070
6071 **Compatibility:** Firefox 66, Firefox ESR 60.6\
6072 **CCK2 Equivalent:** N/A\
6073 **Preferences Affected:** `security.tls.version.min`
6074
6075 #### Windows (GPO)
6076 ```
6077 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6078 ```
6079 #### Windows (Intune)
6080 OMA-URI:
6081 ```
6082 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
6083 ```
6084 Value (string):
6085 ```
6086 <enabled/>
6087 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
6088 ```
6089 #### macOS
6090 ```
6091 <dict>
6092 <key>SSLVersionMin</key>
6093 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
6094 </dict>
6095 ```
6096
6097 #### policies.json
6098 ```
6099 {
6100 "policies": {
6101 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6102 }
6103 }
6104 ```
6105 ### SupportMenu
6106 Add a menuitem to the help menu for specifying support information.
6107
6108 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
6109 **CCK2 Equivalent:** helpMenu\
6110 **Preferences Affected:** N/A
6111
6112 #### Windows (GPO)
6113 ```
6114 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
6115 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
6116 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
6117 ```
6118 #### Windows (Intune)
6119 OMA-URI:
6120 ```
6121 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
6122 ```
6123 Value (string):
6124 ```
6125 <enabled/>
6126 <data id="SupportMenuTitle" value="Support Menu"/>
6127 <data id="SupportMenuURL" value="http://example.com/support"/>
6128 <data id="SupportMenuAccessKey" value="S"/>
6129 ```
6130 #### macOS
6131 ```
6132 <dict>
6133 <key>SupportMenu</key>
6134 <dict>
6135 <key>Title</key>
6136 <string>SupportMenu</string>
6137 <key>URL</key>
6138 <string>http://example.com/support</string>
6139 <key>AccessKey</key>
6140 <string>S</string>
6141 </dict>
6142 </dict>
6143 ```
6144 #### policies.json
6145 ```
6146 {
6147 "policies": {
6148 "SupportMenu": {
6149 "Title": "Support Menu",
6150 "URL": "http://example.com/support",
6151 "AccessKey": "S"
6152 }
6153 }
6154 }
6155 ```
6156 ### StartDownloadsInTempDirectory
6157 Force downloads to start off in a local, temporary location rather than the default download directory.
6158
6159 **Compatibility:** Firefox 102\
6160 **CCK2 Equivalent:** N/A\
6161 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
6162
6163 #### Windows (GPO)
6164 ```
6165 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
6166 ```
6167 #### Windows (Intune)
6168 OMA-URI:
6169 ```
6170 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
6171 ```
6172 Value (string):
6173 ```
6174 <enabled/> or <disabled/>
6175 ```
6176 #### macOS
6177 ```
6178 <dict>
6179 <key>StartDownloadsInTempDirectory</key>
6180 <true/> | <false/>
6181 </dict>
6182 ```
6183 #### policies.json
6184 ```
6185 {
6186 "policies": {
6187 "StartDownloadsInTempDirectory": true | false
6188 }
6189 ```
6190 ### UserMessaging
6191
6192 Prevent Firefox from messaging the user in certain situations.
6193
6194 `WhatsNew` Remove the "What's New" icon and menuitem.
6195
6196 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6197
6198 `FeatureRecommendations` If false, don't recommend browser features.
6199
6200 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6201
6202 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6203
6204 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6205
6206 `Locked` prevents the user from changing user messaging preferences.
6207
6208 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6209 **CCK2 Equivalent:** N/A\
6210 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6211
6212 #### Windows (GPO)
6213 ```
6214 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
6215 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6216 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6217 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6218 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6219 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6220 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
6221 ```
6222 #### Windows (Intune)
6223 OMA-URI:
6224 ```
6225 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6226 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6227 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6228 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6229 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6230 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6231 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
6232 ```
6233 Value (string):
6234 ```
6235 <enabled/> or <disabled/>
6236 ```
6237 #### macOS
6238 ```
6239 <dict>
6240 <key>UserMessaging</key>
6241 <dict>
6242 <key>WhatsNew</key>
6243 <true/> | <false/>
6244 <key>ExtensionRecommendations</key>
6245 <true/> | <false/>
6246 <key>FeatureRecommendations</key>
6247 <true/> | <false/>
6248 <key>UrlbarInterventions</key>
6249 <true/> | <false/>
6250 <key>SkipOnboarding</key>
6251 <true/> | <false/>
6252 <key>MoreFromMozilla</key>
6253 <true/> | <false/>
6254 <key>Locked</key>
6255 <true/> | <false/>
6256 </dict>
6257 </dict>
6258 ```
6259 #### policies.json
6260 ```
6261 {
6262 "policies": {
6263 "UserMessaging": {
6264 "WhatsNew": true | false,
6265 "ExtensionRecommendations": true | false,
6266 "FeatureRecommendations": true | false,
6267 "UrlbarInterventions": true | false,
6268 "SkipOnboarding": true | false,
6269 "MoreFromMozilla": true | false,
6270 "Locked": true | false
6271 }
6272 }
6273 }
6274 ```
6275 ### UseSystemPrintDialog
6276 Use the system print dialog instead of the print preview window.
6277
6278 **Compatibility:** Firefox 102\
6279 **CCK2 Equivalent:** N/A\
6280 **Preferences Affected:** `print.prefer_system_dialog`
6281
6282 #### Windows (GPO)
6283 ```
6284 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6285 ```
6286 #### Windows (Intune)
6287 OMA-URI:
6288 ```
6289 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6290 ```
6291 Value (string):
6292 ```
6293 <enabled/> or <disabled/>
6294 ```
6295 #### macOS
6296 ```
6297 <dict>
6298 <key>UseSystemPrintDialog</key>
6299 <true/> | <false/>
6300 </dict>
6301 ```
6302 #### policies.json
6303 ```
6304 {
6305 "policies": {
6306 "UseSystemPrintDialog": true | false
6307 }
6308 }
6309 ```
6310 ### WebsiteFilter
6311 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6312 The arrays are limited to 1000 entries each.
6313
6314 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6315
6316 For specific protocols, use `https://*/*` or `http://*/*`.
6317
6318 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6319
6320 **Compatibility:** Firefox 60, Firefox ESR 60\
6321 **CCK2 Equivalent:** N/A\
6322 **Preferences Affected:** N/A
6323
6324 #### Windows (GPO)
6325 ```
6326 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6327 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6328 ```
6329 #### Windows (Intune)
6330 OMA-URI:
6331 ```
6332 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6333 ```
6334 Value (string):
6335 ```
6336 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6337 ```
6338 OMA-URI:
6339 ```
6340 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6341 ```
6342 Value (string):
6343 ```
6344 <enabled/>
6345 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6346 ```
6347 #### macOS
6348 ```
6349 <dict>
6350 <key>WebsiteFilter</key>
6351 <dict>
6352 <key>Block</key>
6353 <array>
6354 <string><all_urls></string>
6355 </array>
6356 <key>Exceptions</key>
6357 <array>
6358 <string>http://example.org/*</string>
6359 </array>
6360 </dict>
6361
6362 </dict>
6363 ```
6364 #### policies.json
6365 ```
6366 {
6367 "policies": {
6368 "WebsiteFilter": {
6369 "Block": ["<all_urls>"],
6370 "Exceptions": ["http://example.org/*"]
6371 }
6372 }
6373 }
6374 ```
6375 ### WindowsSSO
6376 Allow Windows single sign-on for Microsoft, work, and school accounts.
6377
6378 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6379
6380 **Compatibility:** Firefox 91\
6381 **CCK2 Equivalent:** N/A\
6382 **Preferences Affected:** `network.http.windows-sso.enabled`
6383
6384 #### Windows (GPO)
6385 ```
6386 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6387 ```
6388 #### Windows (Intune)
6389 OMA-URI:
6390 ```
6391 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6392 ```
6393 Value (string):
6394 ```
6395 <enabled/> or <disabled/>
6396 ```
6397 #### policies.json
6398 ```
6399 {
6400 "policies": {
6401 "WindowsSSO": true | false
6402 }
6403 }
6404 ```

patrick-canterino.de