]> git.p6c8.net - policy-templates.git/blob - docs/index.md
Update strings
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
21 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
22 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
23 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
24 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
25 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
26 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
27 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
28 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
29 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
30 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
31 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
32 | **[`Certificates`](#certificates)** |
33 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
34 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
35 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
36 | **[`Cookies`](#cookies)** | Configure cookie preferences.
37 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
38 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
39 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
40 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
41 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
42 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
43 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
44 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
45 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
46 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
47 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
48 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
49 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
50 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
51 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
52 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
53 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
54 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
55 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
56 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
57 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
58 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
59 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
60 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
61 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
62 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
63 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
64 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
65 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
66 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
67 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
68 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
69 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
70 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
71 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
72 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
73 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
74 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
75 | **[`Handlers`](#handlers)** | Configure default application handlers.
76 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
77 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
78 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
79 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
80 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
81 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
82 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
83 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
84 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
85 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
86 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
87 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
88 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
89 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
90 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
91 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
92 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
93 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
94 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
95 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
96 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
97 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
98 | **[`Preferences`](#preferences)** | Set and lock preferences.
99 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
100 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
101 | **[`Proxy`](#proxy)** | Configure proxy settings.
102 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
103 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
104 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
105 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
106 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
107 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
108 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
109 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
110 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
111 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
112 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
113 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
114 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
115 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
116 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
117 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
118 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
119 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
120 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
121 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
122
123 ### 3rdparty
124
125 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
126
127 For GPO and Intune, the extension developer should provide an ADMX file.
128
129 **Compatibility:** Firefox 68\
130 **CCK2 Equivalent:** N/A\
131 **Preferences Affected:** N/A
132
133 #### macOS
134 ```
135 <dict>
136 <key>3rdparty</key>
137 <dict>
138 <key>Extensions</key>
139 <dict>
140 <key>uBlock0@raymondhill.net</key>
141 <dict>
142 <key>adminSettings</key>
143 <dict>
144 <key>selectedFilterLists</key>
145 <array>
146 <string>ublock-privacy</string>
147 <string>ublock-badware</string>
148 <string>ublock-filters</string>
149 <string>user-filters</string>
150 </array>
151 </dict>
152 </dict>
153 </dict>
154 </dict>
155 </dict>
156 ```
157 #### policies.json
158 ```
159 {
160 "policies": {
161 "3rdparty": {
162 "Extensions": {
163 "uBlock0@raymondhill.net": {
164 "adminSettings": {
165 "selectedFilterLists": [
166 "ublock-privacy",
167 "ublock-badware",
168 "ublock-filters",
169 "user-filters"
170 ]
171 }
172 }
173 }
174 }
175 }
176 }
177 ```
178
179 ### AllowedDomainsForApps
180
181 Define domains allowed to access Google Workspace.
182
183 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
184
185 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
186
187 **Compatibility:** Firefox 89, Firefox ESR 78.11\
188 **CCK2 Equivalent:** N/A\
189 **Preferences Affected:** N/A
190
191 #### Windows (GPO)
192 ```
193 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
194 ```
195 #### Windows (Intune)
196 OMA-URI:
197 ```
198 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
199 ```
200 Value (string):
201 ```
202 <enabled/>
203 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
204 ```
205 #### macOS
206 ```
207 <dict>
208 <key>AllowedDomainsForApps</key>
209 <string>managedfirefox.com,example.com</string>
210 </dict>
211 ```
212 #### policies.json
213 ```
214 {
215 "policies": {
216 "AllowedDomainsForApps": "managedfirefox.com,example.com"
217 }
218 }
219 ```
220 ### AppAutoUpdate
221
222 Enable or disable **automatic** application update.
223
224 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
225
226 If set to false, application updates are downloaded but the user can choose when to install the update.
227
228 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
229
230 **Compatibility:** Firefox 75, Firefox ESR 68.7\
231 **CCK2 Equivalent:** N/A\
232 **Preferences Affected:** `app.update.auto`
233
234 #### Windows (GPO)
235 ```
236 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
237 ```
238 #### Windows (Intune)
239 OMA-URI:
240 ```
241 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
242 ```
243 Value (string):
244 ```
245 <enabled/> or <disabled/>
246 ```
247 #### macOS
248 ```
249 <dict>
250 <key>AppAutoUpdate</key>
251 <true/> | <false/>
252 </dict>
253 ```
254 #### policies.json
255 ```
256 {
257 "policies": {
258 "AppAutoUpdate": true | false
259 }
260 }
261 ```
262 ### AppUpdatePin
263
264 Prevent Firefox from being updated beyond the specified version.
265
266 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
267
268 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
269
270 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
271
272 **Compatibility:** Firefox 102,\
273 **CCK2 Equivalent:** N/A\
274 **Preferences Affected:** N/A
275
276 #### Windows (GPO)
277 ```
278 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
279 ```
280 #### Windows (Intune)
281 OMA-URI:
282 ```
283 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
284 ```
285 Value (string):
286 ```
287 <enabled/>
288 <data id="AppUpdatePin" value="106."/>
289 ```
290 #### macOS
291 ```
292 <dict>
293 <key>AppUpdatePin</key>
294 <string>106.</string>
295 </dict>
296 ```
297 #### policies.json
298 ```
299 {
300 "policies": {
301 "AppUpdatePin": "106."
302 }
303 }
304 ```
305 ### AppUpdateURL
306
307 Change the URL for application update if you are providing Firefox updates from a custom update server.
308
309 **Compatibility:** Firefox 62, Firefox ESR 60.2\
310 **CCK2 Equivalent:** N/A\
311 **Preferences Affected:** `app.update.url`
312
313 #### Windows (GPO)
314 ```
315 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
316 ```
317 #### Windows (Intune)
318 OMA-URI:
319 ```
320 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
321 ```
322 Value (string):
323 ```
324 <enabled/>
325 <data id="AppUpdateURL" value="https://yoursite.com"/>
326 ```
327 #### macOS
328 ```
329 <dict>
330 <key>AppUpdateURL</key>
331 <string>https://yoursite.com</string>
332 </dict>
333 ```
334 #### policies.json
335 ```
336 {
337 "policies": {
338 "AppUpdateURL": "https://yoursite.com"
339 }
340 }
341 ```
342 ### Authentication
343
344 Configure sites that support integrated authentication.
345
346 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
347
348 `PrivateBrowsing` enables integrated authentication in private browsing.
349
350 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
351 **CCK2 Equivalent:** N/A\
352 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
353
354 #### Windows (GPO)
355 ```
356 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
357 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
358 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
359 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
360 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
361 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
362 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
363 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
364 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
365 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
366 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
367 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
368 ```
369 #### Windows (Intune)
370 OMA-URI:
371 ```
372 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
373 ```
374 Value (string):
375 ```
376 <enabled/>
377 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
378 ```
379 OMA-URI:
380 ```
381 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
382 ```
383 Value (string):
384 ```
385 <enabled/>
386 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
387 ```
388 OMA-URI:
389 ```
390 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
391 ```
392 Value (string):
393 ```
394 <enabled/>
395 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
396 ```
397 OMA-URI:
398 ```
399 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
400 ```
401 Value (string):
402 ```
403 <enabled/>
404 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
405 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
406 ```
407 OMA-URI:
408 ```
409 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
410 ```
411 Value (string):
412 ```
413 <enabled/> or <disabled/>
414 ```
415 OMA-URI:
416 ```
417 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
418 ```
419 Value (string):
420 ```
421 <enabled/> or <disabled/>
422 ```
423 #### macOS
424 ```
425 <dict>
426 <key>Authentication</key>
427 <dict>
428 <key>SPNEGO</key>
429 <array>
430 <string>mydomain.com</string>
431 <string>https://myotherdomain.com</string>
432 </array>
433 <key>Delegated</key>
434 <array>
435 <string>mydomain.com</string>
436 <string>https://myotherdomain.com</string>
437 </array>
438 <key>NTLM</key>
439 <array>
440 <string>mydomain.com</string>
441 <string>https://myotherdomain.com</string>
442 </array>
443 <key>AllowNonFQDN</key>
444 <dict>
445 <key>SPNEGO</key>
446 <true/> | <false/>
447 <key>NTLM</key>
448 <true/> | <false/>
449 </dict>
450 <key>AllowProxies</key>
451 <dict>
452 <key>SPNEGO</key>
453 <true/> | <false/>
454 <key>NTLM</key>
455 <true/> | <false/>
456 </dict>
457 <key>Locked</key>
458 <true/> | <false/>
459 <key>PrivateBrowsing</key>
460 <true/> | <false/>
461 </dict>
462 </dict>
463 ```
464 #### policies.json
465 ```
466 {
467 "policies": {
468 "Authentication": {
469 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
470 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
471 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
472 "AllowNonFQDN": {
473 "SPNEGO": true | false,
474 "NTLM": true | false
475 },
476 "AllowProxies": {
477 "SPNEGO": true | false,
478 "NTLM": true | false
479 },
480 "Locked": true | false,
481 "PrivateBrowsing": true | false
482 }
483 }
484 }
485 ```
486 ### AutoLaunchProtocolsFromOrigins
487 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
488
489 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
490
491 The schema is:
492 ```
493 {
494 "items": {
495 "properties": {
496 "allowed_origins": {
497 "items": {
498 "type": "string"
499 },
500 "type": "array"
501 },
502 "protocol": {
503 "type": "string"
504 }
505 },
506 "required": [
507 "protocol",
508 "allowed_origins"
509 ],
510 "type": "object"
511 },
512 "type": "array"
513 }
514 ```
515 **Compatibility:** Firefox 90, Firefox ESR 78.12\
516 **CCK2 Equivalent:** N/A\
517 **Preferences Affected:** N/A
518
519 #### Windows (GPO)
520 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
521 ```
522 [
523 {
524 "protocol": "zoommtg",
525 "allowed_origins": [
526 "https://somesite.zoom.us"
527 ]
528 }
529 ]
530 ```
531 #### Windows (Intune)
532 OMA-URI:
533 ```
534 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
535 ```
536 Value (string):
537 ```
538 <enabled/>
539 <data id="JSON" value='
540 [
541 {
542 "protocol": "zoommtg",
543 "allowed_origins": [
544 "https://somesite.zoom.us"
545 ]
546 }
547 ]'/>
548 ```
549 #### macOS
550 ```
551 <dict>
552 <key>AutoLaunchProtocolsFromOrigins</key>
553 <array>
554 <dict>
555 <key>protocol</key>
556 <string>zoommtg</string>
557 <key>allowed_origins</key>
558 <array>
559 <string>https://somesite.zoom.us</string>
560 </array>
561 </dict>
562 </array>
563 </dict>
564 ```
565 #### policies.json
566 ```
567 {
568 "policies": {
569 "AutoLaunchProtocolsFromOrigins": [{
570 "protocol": "zoommtg",
571 "allowed_origins": [
572 "https://somesite.zoom.us"
573 ]
574 }]
575 }
576 }
577 ```
578 ### BackgroundAppUpdate
579
580 Enable or disable **automatic** application update **in the background**, when the application is not running.
581
582 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
583
584 If set to false, the application will not try to install updates when the application is not running.
585
586 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
587
588 **Compatibility:** Firefox 90 (Windows only)\
589 **CCK2 Equivalent:** N/A\
590 **Preferences Affected:** `app.update.background.enabled`
591
592 #### Windows (GPO)
593 ```
594 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
595 ```
596 #### Windows (Intune)
597 OMA-URI:
598 ```
599 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
600 ```
601 Value (string):
602 ```
603 <enabled/> or <disabled/>
604 ```
605 #### macOS
606 ```
607 <dict>
608 <key>BackgroundAppUpdate</key>
609 <true/> | <false/>
610 </dict>
611 ```
612 #### policies.json
613 ```
614 {
615 "policies": {
616 "BackgroundAppUpdate": true | false
617 }
618 }
619 ```
620 ### BlockAboutAddons
621
622 Block access to the Add-ons Manager (about:addons).
623
624 **Compatibility:** Firefox 60, Firefox ESR 60\
625 **CCK2 Equivalent:** `disableAddonsManager`\
626 **Preferences Affected:** N/A
627
628 #### Windows (GPO)
629 ```
630 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
631 ```
632 #### Windows (Intune)
633 OMA-URI:
634 ```
635 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
636 ```
637 Value (string):
638 ```
639 <enabled/> or <disabled/>
640 ```
641 #### macOS
642 ```
643 <dict>
644 <key>BlockAboutAddons</key>
645 <true/> | <false/>
646 </dict>
647 ```
648 #### policies.json
649 ```
650 {
651 "policies": {
652 "BlockAboutAddons": true | false
653 }
654 }
655 ```
656 ### BlockAboutConfig
657
658 Block access to about:config.
659
660 **Compatibility:** Firefox 60, Firefox ESR 60\
661 **CCK2 Equivalent:** `disableAboutConfig`\
662 **Preferences Affected:** N/A
663
664 #### Windows (GPO)
665 ```
666 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
667 ```
668 #### Windows (Intune)
669 OMA-URI:
670 ```
671 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
672 ```
673 Value (string):
674 ```
675 <enabled/> or <disabled/>
676 ```
677 #### macOS
678 ```
679 <dict>
680 <key>BlockAboutConfig</key>
681 <true/> | <false/>
682 </dict>
683 ```
684 #### policies.json
685 ```
686 {
687 "policies": {
688 "BlockAboutConfig": true | false
689 }
690 }
691 ```
692 ### BlockAboutProfiles
693
694 Block access to About Profiles (about:profiles).
695
696 **Compatibility:** Firefox 60, Firefox ESR 60\
697 **CCK2 Equivalent:** `disableAboutProfiles`\
698 **Preferences Affected:** N/A
699
700 #### Windows (GPO)
701 ```
702 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
703 ```
704 #### Windows (Intune)
705 OMA-URI:
706 ```
707 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
708 ```
709 Value (string):
710 ```
711 <enabled/> or <disabled/>
712 ```
713 #### macOS
714 ```
715 <dict>
716 <key>BlockAboutProfiles</key>
717 <true/> | <false/>
718 </dict>
719 ```
720 #### policies.json
721 ```
722 {
723 "policies": {
724 "BlockAboutProfiles": true | false
725 }
726 }
727 ```
728 ### BlockAboutSupport
729
730 Block access to Troubleshooting Information (about:support).
731
732 **Compatibility:** Firefox 60, Firefox ESR 60\
733 **CCK2 Equivalent:** `disableAboutSupport`\
734 **Preferences Affected:** N/A
735
736 #### Windows (GPO)
737 ```
738 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
739 ```
740 #### Windows (Intune)
741 OMA-URI:
742 ```
743 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
744 ```
745 Value (string):
746 ```
747 <enabled/> or <disabled/>
748 ```
749 #### macOS
750 ```
751 <dict>
752 <key>BlockAboutSupport</key>
753 <true/> | <false/>
754 </dict>
755 ```
756 #### policies.json
757 ```
758 {
759 "policies": {
760 "BlockAboutSupport": true | false
761 }
762 }
763 ```
764 ### Bookmarks
765
766 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
767
768 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
769
770 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
771
772 **Compatibility:** Firefox 60, Firefox ESR 60\
773 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
774 **Preferences Affected:** N/A
775
776 #### Windows (GPO)
777 ```
778 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
779 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
780 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
781 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
782 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
783
784 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
785 ```
786 []
787 ```
788
789 ```
790 #### Windows (Intune)
791 OMA-URI:
792 ```
793 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
794 ```
795 Value (string):
796 ```
797 <enabled/>
798 <data id="BookmarkTitle" value="Example"/>
799 <data id="BookmarkURL" value="https://example.com"/>
800 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
801 <data id="BookmarkPlacement" value="toolbar | menu"/>
802 <data id="BookmarkFolder" value="FolderName"/>
803 ```
804 OMA-URI:
805 ```
806 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
807 ```
808 Value (string):
809 ```
810 <enabled/>
811 <data id="JSON" value='[]'/>
812 ```
813 #### macOS
814 ```
815 <dict>
816 <key>Bookmarks</key>
817 <array>
818 <dict>
819 <key>Title</key>
820 <string>Example</string>
821 <key>URL</key>
822 <string>https://example.com</string>
823 <key>Favicon</key>
824 <string>https://example.com/favicon.ico</string>
825 <key>Placement</key>
826 <string>toolbar | menu</string>
827 <key>Folder</key>
828 <string>FolderName</string>
829 </dict>
830 </array>
831 </dict>
832 ```
833 #### policies.json
834 ```
835 {
836 "policies": {
837 "Bookmarks": [
838 {
839 "Title": "Example",
840 "URL": "https://example.com",
841 "Favicon": "https://example.com/favicon.ico",
842 "Placement": "toolbar" | "menu",
843 "Folder": "FolderName"
844 }
845 ]
846 }
847 }
848 ```
849 ### CaptivePortal
850 Enable or disable the detection of captive portals.
851
852 **Compatibility:** Firefox 67, Firefox ESR 60.7\
853 **CCK2 Equivalent:** N/A\
854 **Preferences Affected:** `network.captive-portal-service.enabled`
855
856 #### Windows (GPO)
857 ```
858 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
859 ```
860 #### Windows (Intune)
861 OMA-URI:
862 ```
863 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
864 ```
865 Value (string):
866 ```
867 <enabled/> or <disabled/>
868 ```
869 #### macOS
870 ```
871 <dict>
872 <key>CaptivePortal</key>
873 <true/> | <false/>
874 </dict>
875 ```
876 #### policies.json
877 ```
878 {
879 "policies": {
880 "CaptivePortal": true | false
881 }
882 }
883 ```
884 ### Certificates
885
886 ### Certificates | ImportEnterpriseRoots
887
888 Trust certificates that have been added to the operating system certificate store by a user or administrator.
889
890 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
891
892 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
893
894 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
895 **CCK2 Equivalent:** N/A\
896 **Preferences Affected:** `security.enterprise_roots.enabled`
897
898 #### Windows (GPO)
899 ```
900 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
901 ```
902 #### Windows (Intune)
903 OMA-URI:
904 ```
905 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
906 ```
907 Value (string):
908 ```
909 <enabled/> or <disabled/>
910 ```
911 #### macOS
912 ```
913 <dict>
914 <key>Certificates</key>
915 <dict>
916 <key>ImportEnterpriseRoots</key>
917 <true/> | <false/>
918 </dict>
919 </dict>
920 ```
921 #### policies.json
922 ```
923 {
924 "policies": {
925 "Certificates": {
926 "ImportEnterpriseRoots": true | false
927 }
928 }
929 }
930 ```
931 ### Certificates | Install
932
933 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
934
935 - Windows
936 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
937 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
938 - macOS
939 - /Library/Application Support/Mozilla/Certificates
940 - ~/Library/Application Support/Mozilla/Certificates
941 - Linux
942 - /usr/lib/mozilla/certificates
943 - /usr/lib64/mozilla/certificates
944 - ~/.mozilla/certificates
945
946 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
947
948 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
949
950 Certificates are installed using the trust string `CT,CT,`.
951
952 Binary (DER) and ASCII (PEM) certificates are both supported.
953
954 **Compatibility:** Firefox 64, Firefox ESR 64\
955 **CCK2 Equivalent:** `certs.ca`\
956 **Preferences Affected:** N/A
957
958 #### Windows (GPO)
959 ```
960 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
961 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
962 ```
963 #### Windows (Intune)
964 OMA-URI:
965 ```
966 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
967 ```
968 Value (string):
969 ```
970 <enabled/>
971 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
972 ```
973 #### macOS
974 ```
975 <dict>
976 <key>Certificates</key>
977 <dict>
978 <key>Install</key>
979 <array>
980 <string>cert1.der</string>
981 <string>/Users/username/cert2.pem</string>
982 </array>
983 </dict>
984 </dict>
985 ```
986 #### policies.json
987 ```
988 {
989 "policies": {
990 "Certificates": {
991 "Install": ["cert1.der", "/home/username/cert2.pem"]
992 }
993 }
994 }
995 ```
996 ### Containers
997 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
998
999 Currently you can set the initial set of containers.
1000
1001 For each container, you can specify the name, icon, and color.
1002
1003 | Name | Description |
1004 | --- | --- |
1005 | `name`| Name of container
1006 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1007 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1008
1009 **Compatibility:** Firefox 113\
1010 **CCK2 Equivalent:** N/A\
1011 **Preferences Affected:** N/A
1012
1013 #### Windows (GPO)
1014 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1015 ```
1016 {
1017 "Default": [
1018 {
1019 "name": "My container",
1020 "icon": "pet",
1021 "color": "turquoise"
1022 }
1023 ]
1024 }
1025 ```
1026 #### Windows (Intune)
1027 OMA-URI:
1028 ```
1029 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1030 ```
1031 Value (string):
1032 ```
1033 <enabled/>
1034 <data id="JSON" value='
1035 {
1036 "Default": [
1037 {
1038 "name": "My container",
1039 "icon": "pet",
1040 "color": "turquoise"
1041 }
1042 ]
1043 }
1044 '/>
1045 ```
1046 #### macOS
1047 ```
1048 <dict>
1049 <key>Default</key>
1050 <dict>
1051 <key>Containers</key>
1052 <array>
1053 <dict>
1054 <key>name</key>
1055 <string>My container</string>
1056 <key>icon</key>
1057 <string>pet</string>
1058 <key>color</key>
1059 <string>turquoise</string>
1060 </dict>
1061 </array>
1062 </dict>
1063 </dict>
1064 ```
1065 #### policies.json
1066 ```
1067 {
1068 "policies": {
1069 "Containers": {
1070 "Default": [
1071 {
1072 "name": "My container",
1073 "icon": "pet",
1074 "color": "turquoise"
1075 }
1076 ]
1077 }
1078 }
1079 }
1080 ```
1081 ### Cookies
1082 Configure cookie preferences.
1083
1084 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1085
1086 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1087
1088 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1089
1090 `Behavior` sets the default behavior for cookies based on the values below.
1091
1092 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1093
1094 | Value | Description
1095 | --- | --- |
1096 | accept | Accept all cookies
1097 | reject-foreign | Reject third party cookies
1098 | reject | Reject all cookies
1099 | limit-foreign | Reject third party cookies for sites you haven't visited
1100 | reject-tracker | Reject cookies for known trackers (default)
1101 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1102
1103 `Locked` prevents the user from changing cookie preferences.
1104
1105 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1106 **CCK2 Equivalent:** N/A\
1107 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1108
1109 #### Windows (GPO)
1110 ```
1111 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1112 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1113 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1114 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1115 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1116 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1117 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1118 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1119 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1120 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1121 ```
1122 #### Windows (Intune)
1123 OMA-URI:
1124 ```
1125 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1126 ```
1127 Value (string):
1128 ```
1129 <enabled/>
1130 <data id="Permissions" value="1&#xF000;https://example.com"/>
1131 ```
1132 OMA-URI:
1133 ```
1134 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1135 ```
1136 Value (string):
1137 ```
1138 <enabled/>
1139 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1140 ```
1141 OMA-URI:
1142 ```
1143 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1144 ```
1145 Value (string):
1146 ```
1147 <enabled/>
1148 <data id="Permissions" value="1&#xF000;https://example.org"/>
1149 ```
1150 OMA-URI:
1151 ```
1152 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1153 ```
1154 Value (string):
1155 ```
1156 <enabled/> or <disabled/>
1157 ```
1158 OMA-URI:
1159 ```
1160 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1161 ```
1162 Value (string):
1163 ```
1164 <enabled/>
1165 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1166 ```
1167 OMA-URI:
1168 ```
1169 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1170 ```
1171 Value (string):
1172 ```
1173 <enabled/> or <disabled/>
1174 ```
1175 OMA-URI:
1176 ```
1177 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1178 ```
1179 Value (string):
1180 ```
1181 <enabled/> or <disabled/>
1182 ```
1183 OMA-URI:
1184 ```
1185 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1186 ```
1187 Value (string):
1188 ```
1189 <enabled/> or <disabled/>
1190 ```
1191 OMA-URI:
1192 ```
1193 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1194 ```
1195 Value (string):
1196 ```
1197 <enabled/>
1198 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1199 ```
1200 OMA-URI:
1201 ```
1202 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1203 ```
1204 Value (string):
1205 ```
1206 <enabled/>
1207 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1208 ```
1209 #### macOS
1210 ```
1211 <dict>
1212 <key>Cookies</key>
1213 <dict>
1214 <key>Allow</key>
1215 <array>
1216 <string>http://example.com</string>
1217 </array>
1218 <key>AllowSession</key>
1219 <array>
1220 <string>http://example.edu</string>
1221 </array>
1222 <key>Block</key>
1223 <array>
1224 <string>http://example.org</string>
1225 </array>
1226 <key>Default</key>
1227 <true/> | <false/>
1228 <key>AcceptThirdParty</key>
1229 <string>always | never | from-visited</string>
1230 <key>ExpireAtSessionEnd</key>
1231 <true/> | <false/>
1232 <key>RejectTracker</key>
1233 <true/> | <false/>
1234 <key>Locked</key>
1235 <true/> | <false/>
1236 <key>Behavior</key>
1237 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1238 <key>BehaviorPrivateBrowsing</key>
1239 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1240 </dict>
1241 </dict>
1242 ```
1243 #### policies.json
1244 ```
1245 {
1246 "policies": {
1247 "Cookies": {
1248 "Allow": ["http://example.org/"],
1249 "AllowSession": ["http://example.edu/"],
1250 "Block": ["http://example.edu/"],
1251 "Default": true | false,
1252 "AcceptThirdParty": "always" | "never" | "from-visited",
1253 "ExpireAtSessionEnd": true | false,
1254 "RejectTracker": true | false,
1255 "Locked": true | false,
1256 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1257 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1258 }
1259 }
1260 }
1261 ```
1262 ### DefaultDownloadDirectory
1263 Set the default download directory.
1264
1265 You can use ${home} for the native home directory.
1266
1267 **Compatibility:** Firefox 68, Firefox ESR 68\
1268 **CCK2 Equivalent:** N/A\
1269 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1270
1271 #### Windows (GPO)
1272 ```
1273 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1274 ```
1275 #### Windows (Intune)
1276 OMA-URI:
1277 ```
1278 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1279 ```
1280 Value (string):
1281 ```
1282 <enabled/>
1283 <data id="Preferences_String" value="${home}\Downloads"/>
1284 ```
1285 #### macOS
1286 ```
1287 <dict>
1288 <key>DefaultDownloadDirectory</key>
1289 <string>${home}/Downloads</string>
1290 </dict>
1291 ```
1292 #### policies.json (macOS and Linux)
1293 ```
1294 {
1295 "policies": {
1296 "DefaultDownloadDirectory": "${home}/Downloads"
1297 }
1298 }
1299 ```
1300 #### policies.json (Windows)
1301 ```
1302 {
1303 "policies": {
1304 "DefaultDownloadDirectory": "${home}\\Downloads"
1305 }
1306 }
1307 ```
1308 ### DisableAppUpdate
1309 Turn off application updates within Firefox.
1310
1311 **Compatibility:** Firefox 60, Firefox ESR 60\
1312 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1313 **Preferences Affected:** N/A
1314
1315 #### Windows (GPO)
1316 ```
1317 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1318 ```
1319 #### Windows (Intune)
1320 OMA-URI:
1321 ```
1322 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1323 ```
1324 Value (string):
1325 ```
1326 <enabled/> or <disabled/>
1327 ```
1328 #### macOS
1329 ```
1330 <dict>
1331 <key>DisableAppUpdate</key>
1332 <true/> | <false/>
1333 </dict>
1334 ```
1335 #### policies.json
1336 ```
1337 {
1338 "policies": {
1339 "DisableAppUpdate": true | false
1340 }
1341 }
1342 ```
1343 ### DisableBuiltinPDFViewer
1344 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1345
1346 **Compatibility:** Firefox 60, Firefox ESR 60\
1347 **CCK2 Equivalent:** `disablePDFjs`\
1348 **Preferences Affected:** `pdfjs.disabled`
1349
1350 #### Windows (GPO)
1351 ```
1352 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1353 ```
1354 #### Windows (Intune)
1355 OMA-URI:
1356 ```
1357 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1358 ```
1359 Value (string):
1360 ```
1361 <enabled/> or <disabled/>
1362 ```
1363 #### macOS
1364 ```
1365 <dict>
1366 <key>DisableBuiltinPDFViewer</key>
1367 <true/> | <false/>
1368 </dict>
1369 ```
1370 #### policies.json
1371 ```
1372 {
1373 "policies": {
1374 "DisableBuiltinPDFViewer": true | false
1375 }
1376 }
1377 ```
1378 ### DisabledCiphers
1379 Disable specific cryptographic ciphers, listed below.
1380
1381 ```
1382 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1383 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1385 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1386 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1387 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1388 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1389 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1390 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1391 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1392 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1393 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1394 TLS_RSA_WITH_AES_128_GCM_SHA256
1395 TLS_RSA_WITH_AES_256_GCM_SHA384
1396 TLS_RSA_WITH_AES_128_CBC_SHA
1397 TLS_RSA_WITH_AES_256_CBC_SHA
1398 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1399 ```
1400
1401 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1402
1403 ---
1404 **Note:**
1405
1406 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1407
1408 ---
1409 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1410 **CCK2 Equivalent:** N/A\
1411 **Preferences Affected:** N/A
1412
1413 #### Windows (GPO)
1414 ```
1415 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1416 ```
1417 #### Windows (Intune)
1418 OMA-URI:
1419 ```
1420 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1421
1422 ```
1423 Value (string):
1424 ```
1425 <enabled/> or <disabled/>
1426 ```
1427 #### macOS
1428 ```
1429 <dict>
1430 <key>DisabledCiphers</key>
1431 <dict>
1432 <key>CIPHER_NAME</key>
1433 <true/> | <false/>
1434 </dict>
1435 </dict>
1436 ```
1437 #### policies.json
1438 ```
1439 {
1440 "policies": {
1441 "DisabledCiphers": {
1442 "CIPHER_NAME": true | false,
1443 }
1444 }
1445 }
1446 ```
1447 ### DisableDefaultBrowserAgent
1448 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1449
1450 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1451
1452 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1453 **CCK2 Equivalent:** N/A\
1454 **Preferences Affected:** N/A
1455
1456 #### Windows (GPO)
1457 ```
1458 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1459 ```
1460 #### Windows (Intune)
1461 OMA-URI:
1462 ```
1463 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1464 ```
1465 Value (string):
1466 ```
1467 <enabled/> or <disabled/>
1468 ```
1469 #### policies.json
1470 ```
1471 {
1472 "policies": {
1473 "DisableDefaultBrowserAgent": true | false
1474 }
1475 }
1476 ```
1477 ### DisableDeveloperTools
1478 Remove access to all developer tools.
1479
1480 **Compatibility:** Firefox 60, Firefox ESR 60\
1481 **CCK2 Equivalent:** `removeDeveloperTools`\
1482 **Preferences Affected:** `devtools.policy.disabled`
1483
1484 #### Windows (GPO)
1485 ```
1486 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1487 ```
1488 #### Windows (Intune)
1489 OMA-URI:
1490 ```
1491 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1492 ```
1493 Value (string):
1494 ```
1495 <enabled/> or <disabled/>
1496 ```
1497 #### macOS
1498 ```
1499 <dict>
1500 <key>DisableDeveloperTools</key>
1501 <true/> | <false/>
1502 </dict>
1503 ```
1504 #### policies.json
1505 ```
1506 {
1507 "policies": {
1508 "DisableDeveloperTools": true | false
1509 }
1510 }
1511 ```
1512 ### DisableFeedbackCommands
1513 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1514
1515 **Compatibility:** Firefox 60, Firefox ESR 60\
1516 **CCK2 Equivalent:** N/A\
1517 **Preferences Affected:** N/A
1518
1519 #### Windows (GPO)
1520 ```
1521 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1522 ```
1523 #### Windows (Intune)
1524 OMA-URI:
1525 ```
1526 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1527 ```
1528 Value (string):
1529 ```
1530 <enabled/> or <disabled/>
1531 ```
1532 #### macOS
1533 ```
1534 <dict>
1535 <key>DisableFeedbackCommands</key>
1536 <true/> | <false/>
1537 </dict>
1538 ```
1539 #### policies.json
1540 ```
1541 {
1542 "policies": {
1543 "DisableFeedbackCommands": true | false
1544 }
1545 }
1546 ```
1547 ### DisableFirefoxAccounts
1548 Disable Firefox Accounts integration (Sync).
1549
1550 **Compatibility:** Firefox 60, Firefox ESR 60\
1551 **CCK2 Equivalent:** `disableSync`\
1552 **Preferences Affected:** `identity.fxaccounts.enabled`
1553
1554 #### Windows (GPO)
1555 ```
1556 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1557 ```
1558 #### Windows (Intune)
1559 OMA-URI:
1560 ```
1561 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1562 ```
1563 Value (string):
1564 ```
1565 <enabled/> or <disabled/>
1566 ```
1567 #### macOS
1568 ```
1569 <dict>
1570 <key>DisableFirefoxAccounts</key>
1571 <true/> | <false/>
1572 </dict>
1573 ```
1574 #### policies.json
1575 ```
1576 {
1577 "policies": {
1578 "DisableFirefoxAccounts": true | false
1579 }
1580 }
1581 ```
1582 ### DisableFirefoxScreenshots
1583 Remove access to Firefox Screenshots.
1584
1585 **Compatibility:** Firefox 60, Firefox ESR 60\
1586 **CCK2 Equivalent:** N/A\
1587 **Preferences Affected:** `extensions.screenshots.disabled`
1588
1589 #### Windows (GPO)
1590 ```
1591 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1592 ```
1593 #### Windows (Intune)
1594 OMA-URI:
1595 ```
1596 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1597 ```
1598 Value (string):
1599 ```
1600 <enabled/> or <disabled/>
1601 ```
1602 #### macOS
1603 ```
1604 <dict>
1605 <key>DisableFirefoxScreenshots</key>
1606 <true/> | <false/>
1607 </dict>
1608 ```
1609 #### policies.json
1610 ```
1611 {
1612 "policies": {
1613 "DisableFirefoxScreenshots": true | false
1614 }
1615 }
1616 ```
1617 ### DisableFirefoxStudies
1618 Disable Firefox studies (Shield).
1619
1620 **Compatibility:** Firefox 60, Firefox ESR 60\
1621 **CCK2 Equivalent:** N/A\
1622 **Preferences Affected:** N/A
1623
1624 #### Windows (GPO)
1625 ```
1626 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1627 ```
1628 #### Windows (Intune)
1629 OMA-URI:
1630 ```
1631 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1632 ```
1633 Value (string):
1634 ```
1635 <enabled/> or <disabled/>
1636 ```
1637 #### macOS
1638 ```
1639 <dict>
1640 <key>DisableFirefoxStudies</key>
1641 <true/> | <false/>
1642 </dict>
1643 ```
1644 #### policies.json
1645 ```
1646 {
1647 "policies": {
1648 "DisableFirefoxStudies": true | false
1649 }
1650 }
1651 ```
1652 ### DisableForgetButton
1653 Disable the "Forget" button.
1654
1655 **Compatibility:** Firefox 60, Firefox ESR 60\
1656 **CCK2 Equivalent:** `disableForget`\
1657 **Preferences Affected:** N/A
1658
1659 #### Windows (GPO)
1660 ```
1661 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1662 ```
1663 #### Windows (Intune)
1664 OMA-URI:
1665 ```
1666 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1667 ```
1668 Value (string):
1669 ```
1670 <enabled/> or <disabled/>
1671 ```
1672 #### macOS
1673 ```
1674 <dict>
1675 <key>DisableForgetButton</key>
1676 <true/> | <false/>
1677 </dict>
1678 ```
1679 #### policies.json
1680 ```
1681 {
1682 "policies": {
1683 "DisableForgetButton": true | false
1684 }
1685 }
1686 ```
1687 ### DisableFormHistory
1688 Turn off saving information on web forms and the search bar.
1689
1690 **Compatibility:** Firefox 60, Firefox ESR 60\
1691 **CCK2 Equivalent:** `disableFormFill`\
1692 **Preferences Affected:** `browser.formfill.enable`
1693
1694 #### Windows (GPO)
1695 ```
1696 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1697 ```
1698 #### Windows (Intune)
1699 OMA-URI:
1700 ```
1701 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1702 ```
1703 Value (string):
1704 ```
1705 <enabled/> or <disabled/>
1706 ```
1707 #### macOS
1708 ```
1709 <dict>
1710 <key>DisableFormHistory</key>
1711 <true/> | <false/>
1712 </dict>
1713 ```
1714 #### policies.json
1715 ```
1716 {
1717 "policies": {
1718 "DisableFormHistory": true | false
1719 }
1720 }
1721 ```
1722 ### DisableMasterPasswordCreation
1723 Remove the master password functionality.
1724
1725 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1726
1727 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1728
1729 **Compatibility:** Firefox 60, Firefox ESR 60\
1730 **CCK2 Equivalent:** `noMasterPassword`\
1731 **Preferences Affected:** N/A
1732
1733 #### Windows (GPO)
1734 ```
1735 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1736 ```
1737 #### Windows (Intune)
1738 OMA-URI:
1739 ```
1740 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1741 ```
1742 Value (string):
1743 ```
1744 <enabled/> or <disabled/>
1745 ```
1746 #### macOS
1747 ```
1748 <dict>
1749 <key>DisableMasterPasswordCreation</key>
1750 <true/> | <false/>
1751 </dict>
1752 ```
1753 #### policies.json
1754 ```
1755 {
1756 "policies": {
1757 "DisableMasterPasswordCreation": true | false
1758 }
1759 }
1760 ```
1761 ### DisablePasswordReveal
1762 Do not allow passwords to be shown in saved logins
1763
1764 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1765 **CCK2 Equivalent:** N/A
1766 **Preferences Affected:** N/A
1767
1768 #### Windows (GPO)
1769 ```
1770 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1771 ```
1772 #### Windows (Intune)
1773 OMA-URI:
1774 ```
1775 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1776 ```
1777 Value (string):
1778 ```
1779 <enabled/> or <disabled/>
1780 ```
1781 #### macOS
1782 ```
1783 <dict>
1784 <key>DisablePasswordReveal</key>
1785 <true/> | <false/>
1786 </dict>
1787 ```
1788 #### policies.json
1789 ```
1790 {
1791 "policies": {
1792 "DisablePasswordReveal": true | false
1793 }
1794 }
1795 ```
1796 ### DisablePocket
1797 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1798
1799 **Compatibility:** Firefox 60, Firefox ESR 60\
1800 **CCK2 Equivalent:** `disablePocket`\
1801 **Preferences Affected:** `extensions.pocket.enabled`
1802
1803 #### Windows (GPO)
1804 ```
1805 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1806 ```
1807 #### Windows (Intune)
1808 OMA-URI:
1809 ```
1810 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1811 ```
1812 Value (string):
1813 ```
1814 <enabled/> or <disabled/>
1815 ```
1816 #### macOS
1817 ```
1818 <dict>
1819 <key>DisablePocket</key>
1820 <true/> | <false/>
1821 </dict>
1822 ```
1823 #### policies.json
1824 ```
1825 {
1826 "policies": {
1827 "DisablePocket": true | false
1828 }
1829 }
1830 ```
1831 ### DisablePrivateBrowsing
1832 Remove access to private browsing.
1833
1834 **Compatibility:** Firefox 60, Firefox ESR 60\
1835 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1836 **Preferences Affected:** N/A
1837
1838 #### Windows (GPO)
1839 ```
1840 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1841 ```
1842 #### Windows (Intune)
1843 OMA-URI:
1844 ```
1845 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1846 ```
1847 Value (string):
1848 ```
1849 <enabled/> or <disabled/>
1850 ```
1851 #### macOS
1852 ```
1853 <dict>
1854 <key>DisablePrivateBrowsing</key>
1855 <true/> | <false/>
1856 </dict>
1857 ```
1858 #### policies.json
1859 ```
1860 {
1861 "policies": {
1862 "DisablePrivateBrowsing": true | false
1863 }
1864 }
1865 ```
1866 ### DisableProfileImport
1867 Disables the "Import data from another browser" option in the bookmarks window.
1868
1869 **Compatibility:** Firefox 60, Firefox ESR 60\
1870 **CCK2 Equivalent:** N/A\
1871 **Preferences Affected:** N/A
1872
1873 #### Windows (GPO)
1874 ```
1875 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1876 ```
1877 #### Windows (Intune)
1878 OMA-URI:
1879 ```
1880 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1881 ```
1882 Value (string):
1883 ```
1884 <enabled/> or <disabled/>
1885 ```
1886 #### macOS
1887 ```
1888 <dict>
1889 <key>DisableProfileImport</key>
1890 <true/> | <false/>
1891 </dict>
1892 ```
1893 #### policies.json
1894 ```
1895 {
1896 "policies": {
1897 "DisableProfileImport": true | false
1898 }
1899 }
1900 ```
1901 ### DisableProfileRefresh
1902 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1903
1904 **Compatibility:** Firefox 60, Firefox ESR 60\
1905 **CCK2 Equivalent:** `disableResetFirefox`\
1906 **Preferences Affected:** `browser.disableResetPrompt`
1907
1908 #### Windows (GPO)
1909 ```
1910 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1911 ```
1912 #### Windows (Intune)
1913 OMA-URI:
1914 ```
1915 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1916 ```
1917 Value (string):
1918 ```
1919 <enabled/> or <disabled/>
1920 ```
1921 #### macOS
1922 ```
1923 <dict>
1924 <key>DisableProfileRefresh</key>
1925 <true/> | <false/>
1926 </dict>
1927 ```
1928 #### policies.json
1929 ```
1930 {
1931 "policies": {
1932 "DisableProfileRefresh": true | false
1933 }
1934 }
1935 ```
1936 ### DisableSafeMode
1937 Disable safe mode within the browser.
1938
1939 On Windows, this disables safe mode via the command line as well.
1940
1941 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1942 **CCK2 Equivalent:** `disableSafeMode`\
1943 **Preferences Affected:** N/A
1944
1945 #### Windows (GPO)
1946 ```
1947 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1948 ```
1949 #### Windows (Intune)
1950 OMA-URI:
1951 ```
1952 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1953 ```
1954 Value (string):
1955 ```
1956 <enabled/> or <disabled/>
1957 ```
1958 #### macOS
1959 ```
1960 <dict>
1961 <key>DisableSafeMode</key>
1962 <true/> | <false/>
1963 </dict>
1964 ```
1965 #### policies.json
1966 ```
1967 {
1968 "policies": {
1969 "DisableSafeMode": true | false
1970 }
1971 }
1972 ```
1973 ### DisableSecurityBypass
1974 Prevent the user from bypassing security in certain cases.
1975
1976 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1977
1978 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1979
1980 **Compatibility:** Firefox 60, Firefox ESR 60\
1981 **CCK2 Equivalent:** N/A\
1982 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
1983
1984 #### Windows (GPO)
1985 ```
1986 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
1987 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
1988 ```
1989 #### Windows (Intune)
1990 OMA-URI:
1991 ```
1992 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
1993 ```
1994 Value (string):
1995 ```
1996 <enabled/> or <disabled/>
1997 ```
1998 OMA-URI:
1999 ```
2000 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2001 ```
2002 Value (string):
2003 ```
2004 <enabled/> or <disabled/>
2005 ```
2006
2007 #### macOS
2008 ```
2009 <dict>
2010 <key>DisableSecurityBypass</key>
2011 <dict>
2012 <key>InvalidCertificate</key>
2013 <true/> | <false/>
2014 <key>SafeBrowsing</key>
2015 <true/> | <false/>
2016 </dict>
2017 </dict>
2018 ```
2019 #### policies.json
2020 ```
2021 {
2022 "policies": {
2023 "DisableSecurityBypass": {
2024 "InvalidCertificate": true | false,
2025 "SafeBrowsing": true | false
2026 }
2027 }
2028 }
2029 ```
2030 ### DisableSetDesktopBackground
2031 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2032
2033 **Compatibility:** Firefox 60, Firefox ESR 60\
2034 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2035 **Preferences Affected:** N/A
2036
2037 #### Windows (GPO)
2038 ```
2039 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2040 ```
2041 #### Windows (Intune)
2042 OMA-URI:
2043 ```
2044 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2045 ```
2046 Value (string):
2047 ```
2048 <enabled/> or <disabled/>
2049 ```
2050 #### macOS
2051 ```
2052 <dict>
2053 <key>DisableSetDesktopBackground</key>
2054 <true/> | <false/>
2055 </dict>
2056 ```
2057 #### policies.json
2058 ```
2059 {
2060 "policies": {
2061 "DisableSetDesktopBackground": true | false
2062 }
2063 }
2064 ```
2065 ### DisableSystemAddonUpdate
2066 Prevent system add-ons from being installed or updated.
2067
2068 **Compatibility:** Firefox 60, Firefox ESR 60\
2069 **CCK2 Equivalent:** N/A\
2070 **Preferences Affected:** N/A
2071
2072 #### Windows (GPO)
2073 ```
2074 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2075 ```
2076 #### Windows (Intune)
2077 OMA-URI:
2078 ```
2079 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2080 ```
2081 Value (string):
2082 ```
2083 <enabled/> or <disabled/>
2084 ```
2085 #### macOS
2086 ```
2087 <dict>
2088 <key>DisableSystemAddonUpdate</key>
2089 <true/> | <false/>
2090 </dict>
2091 ```
2092 #### policies.json
2093 ```
2094 {
2095 "policies": {
2096 "DisableSystemAddonUpdate": true | false
2097 }
2098 }
2099 ```
2100 ### DisableTelemetry
2101 Prevent the upload of telemetry data.
2102
2103 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2104
2105 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2106
2107 **Compatibility:** Firefox 60, Firefox ESR 60\
2108 **CCK2 Equivalent:** `disableTelemetry`\
2109 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2110
2111 #### Windows (GPO)
2112 ```
2113 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2114 ```
2115 #### Windows (Intune)
2116 OMA-URI:
2117 ```
2118 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2119 ```
2120 Value (string):
2121 ```
2122 <enabled/> or <disabled/>
2123 ```
2124 #### macOS
2125 ```
2126 <dict>
2127 <key>DisableTelemetry</key>
2128 <true/> | <false/>
2129 </dict>
2130 ```
2131 #### policies.json
2132 ```
2133 {
2134 "policies": {
2135 "DisableTelemetry": true | false
2136 }
2137 }
2138 ```
2139 ### DisableThirdPartyModuleBlocking
2140 Do not allow blocking third-party modules from the `about:third-party` page.
2141
2142 This policy only works on Windows through GPO (not policies.json).
2143
2144 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2145 **CCK2 Equivalent:** N/A\
2146 **Preferences Affected:** N/A
2147
2148 #### Windows (GPO)
2149 ```
2150 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2151 ```
2152 #### Windows (Intune)
2153 OMA-URI:
2154 ```
2155 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2156 ```
2157 Value (string):
2158 ```
2159 <enabled/> or <disabled/>
2160 ```
2161 ### DisplayBookmarksToolbar
2162 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2163
2164 `always` means the bookmarks toolbar is always shown.
2165
2166 `never` means the bookmarks toolbar is not shown.
2167
2168 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2169
2170 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2171 **CCK2 Equivalent:** N/A\
2172 **Preferences Affected:** N/A
2173
2174 #### Windows (GPO)
2175 ```
2176 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2177 ```
2178 #### Windows (Intune)
2179 OMA-URI:
2180 ```
2181 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2182 ```
2183 Value (string):
2184 ```
2185 <enabled/>
2186 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2187 ```
2188 #### macOS
2189 ```
2190 <dict>
2191 <key>DisplayBookmarksToolbar</key>
2192 <string>always | never | newtab</string>
2193 </dict>
2194 ```
2195 #### policies.json
2196 ```
2197 {
2198 "policies": {
2199 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2200 }
2201 }
2202 ```
2203 ### DisplayMenuBar
2204 Set the state of the menubar.
2205
2206 `always` means the menubar is shown and cannot be hidden.
2207
2208 `never` means the menubar is hidden and cannot be shown.
2209
2210 `default-on` means the menubar is on by default but can be hidden.
2211
2212 `default-off` means the menubar is off by default but can be shown.
2213
2214 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2215 **CCK2 Equivalent:** `displayMenuBar`\
2216 **Preferences Affected:** N/A
2217
2218 #### Windows (GPO)
2219 ```
2220 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2221 ```
2222 #### Windows (Intune)
2223 OMA-URI:
2224 ```
2225 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2226 ```
2227 Value (string):
2228 ```
2229 <enabled/>
2230 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2231 ```
2232 #### macOS
2233 ```
2234 <dict>
2235 <key>DisplayMenuBar</key>
2236 <string>always | never | default-on | default-off</string>
2237 </dict>
2238 ```
2239 #### policies.json
2240 ```
2241 {
2242 "policies": {
2243 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2244 }
2245 }
2246 ```
2247 ### DNSOverHTTPS
2248 Configure DNS over HTTPS.
2249
2250 `Enabled` determines whether DNS over HTTPS is enabled
2251
2252 `ProviderURL` is a URL to another provider.
2253
2254 `Locked` prevents the user from changing DNS over HTTPS preferences.
2255
2256 `ExcludedDomains` excludes domains from DNS over HTTPS.
2257
2258 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
2259 **CCK2 Equivalent:** N/A\
2260 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2261
2262 #### Windows (GPO)
2263 ```
2264 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2265 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2266 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2267 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2268 ```
2269 #### Windows (Intune)
2270 OMA-URI:
2271 ```
2272 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2273 ```
2274 Value (string):
2275 ```
2276 <enabled/> or <disabled/>
2277 ```
2278 OMA-URI:
2279 ```
2280 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2281 ```
2282 Value (string):
2283 ```
2284 <enabled/>
2285 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2286 ```
2287 OMA-URI:
2288 ```
2289 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2290 ```
2291 Value (string):
2292 ```
2293 <enabled/> or <disabled/>
2294 ```
2295 OMA-URI:
2296 ```
2297 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2298 ```
2299 Value (string):
2300 ```
2301 <enabled/>
2302 <data id="List" value="1&#xF000;example.com"/>
2303 ```
2304 #### macOS
2305 ```
2306 <dict>
2307 <key>DNSOverHTTPS</key>
2308 <dict>
2309 <key>Enabled</key>
2310 <true/> | <false/>
2311 <key>ProviderURL</key>
2312 <string>URL_TO_ALTERNATE_PROVIDER</string>
2313 <key>Locked</key>
2314 <true/> | <false/>
2315 <key>ExcludedDomains</key>
2316 <array>
2317 <string>example.com</string>
2318 </array>
2319 </dict>
2320 </dict>
2321 ```
2322 #### policies.json
2323 ```
2324 {
2325 "policies": {
2326 "DNSOverHTTPS": {
2327 "Enabled": true | false,
2328 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2329 "Locked": true | false,
2330 "ExcludedDomains": ["example.com"]
2331 }
2332 }
2333 }
2334 ```
2335 ### DontCheckDefaultBrowser
2336 Don't check if Firefox is the default browser at startup.
2337
2338 **Compatibility:** Firefox 60, Firefox ESR 60\
2339 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2340 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2341
2342 #### Windows (GPO)
2343 ```
2344 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2345 ```
2346 #### Windows (Intune)
2347 OMA-URI:
2348 ```
2349 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2350 ```
2351 Value (string):
2352 ```
2353 <enabled/> or <disabled/>
2354 ```
2355 #### macOS
2356 ```
2357 <dict>
2358 <key>DontCheckDefaultBrowser</key>
2359 <true/> | <false/>
2360 </dict>
2361 ```
2362 #### policies.json
2363 ```
2364 {
2365 "policies": {
2366 "DontCheckDefaultBrowser": true | false
2367 }
2368 }
2369 ```
2370 ### DownloadDirectory
2371 Set and lock the download directory.
2372
2373 You can use ${home} for the native home directory.
2374
2375 **Compatibility:** Firefox 68, Firefox ESR 68\
2376 **CCK2 Equivalent:** N/A\
2377 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2378
2379 #### Windows (GPO)
2380 ```
2381 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2382 ```
2383 #### Windows (Intune)
2384 OMA-URI:
2385 ```
2386 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2387 ```
2388 Value (string):
2389 ```
2390 <enabled/>
2391 <data id="Preferences_String" value="${home}\Downloads"/>
2392 ```
2393 #### macOS
2394 ```
2395 <dict>
2396 <key>DownloadDirectory</key>
2397 <string>${home}/Downloads</string>
2398 </dict>
2399 ```
2400 #### policies.json (macOS and Linux)
2401 ```
2402 {
2403 "policies": {
2404 "DownloadDirectory": "${home}/Downloads"
2405 }
2406 ```
2407 #### policies.json (Windows)
2408 ```
2409 {
2410 "policies": {
2411 "DownloadDirectory": "${home}\\Downloads"
2412 }
2413 ```
2414 ### EnableTrackingProtection
2415 Configure tracking protection.
2416
2417 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2418
2419 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2420
2421 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2422
2423 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2424
2425 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2426
2427 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2428
2429 `Exceptions` are origins for which tracking protection is not enabled.
2430
2431 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2432 **CCK2 Equivalent:** N/A\
2433 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2434
2435 #### Windows (GPO)
2436 ```
2437 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2438 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2439 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2440 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2441 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2442 ```
2443 #### Windows (Intune)
2444 OMA-URI:
2445 ```
2446 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2447 ```
2448 Value (string):
2449 ```
2450 <enabled/> or <disabled/>
2451 ```
2452 OMA-URI:
2453 ```
2454 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2455 ```
2456 Value (string):
2457 ```
2458 <enabled/> or <disabled/>
2459 ```
2460 OMA-URI:
2461 ```
2462 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2463 ```
2464 Value (string):
2465 ```
2466 <enabled/> or <disabled/>
2467 ```
2468 OMA-URI:
2469 ```
2470 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2471 ```
2472 Value (string):
2473 ```
2474 <enabled/>
2475 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2476 ```
2477 OMA-URI:
2478 ```
2479 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2480 ```
2481 Value (string):
2482 ```
2483 <enabled/> or <disabled/>
2484 ```
2485 #### macOS
2486 ```
2487 <dict>
2488 <key>EnableTrackingProtection</key>
2489 <dict>
2490 <key>Value</key>
2491 <true/> | <false/>
2492 <key>Locked</key>
2493 <true/> | <false/>
2494 <key>Cryptomining</key>
2495 <true/> | <false/>
2496 <key>Fingerprinting</key>
2497 <true/> | <false/>
2498 <key>Exceptions</key>
2499 <array>
2500 <string>https://example.com</string>
2501 </array>
2502 </dict>
2503 </dict>
2504 ```
2505 #### policies.json
2506 ```
2507 {
2508 "policies": {
2509 "EnableTrackingProtection": {
2510 "Value": true | false,
2511 "Locked": true | false,
2512 "Cryptomining": true | false,
2513 "Fingerprinting": true | false,
2514 "Exceptions": ["https://example.com"]
2515 }
2516 }
2517 }
2518 ```
2519 ### EncryptedMediaExtensions
2520 Enable or disable Encrypted Media Extensions and optionally lock it.
2521
2522 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2523
2524 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2525
2526 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2527 **CCK2 Equivalent:** N/A\
2528 **Preferences Affected:** `media.eme.enabled`
2529
2530 #### Windows (GPO)
2531 ```
2532 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2533 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2534 ```
2535 #### Windows (Intune)
2536 OMA-URI:
2537 ```
2538 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2539 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2540 ```
2541 Value (string):
2542 ```
2543 <enabled/>or <disabled/>
2544 ```
2545 #### macOS
2546 ```
2547 <dict>
2548 <key>EncryptedMediaExtensions</key>
2549 <dict>
2550 <key>Enabled</key>
2551 <true/> | <false/>
2552 <key>Locked</key>
2553 <true/> | <false/>
2554 </dict>
2555 </dict>
2556 ```
2557 #### policies.json
2558 ```
2559 {
2560 "policies": {
2561 "EncryptedMediaExtensions": {
2562 "Enabled": true | false,
2563 "Locked": true | false
2564 }
2565 }
2566 }
2567 ```
2568 ### EnterprisePoliciesEnabled
2569 Enable policy support on macOS.
2570
2571 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2572 **CCK2 Equivalent:** N/A\
2573 **Preferences Affected:** N/A
2574
2575 #### macOS
2576 ```
2577 <dict>
2578 <key>EnterprisePoliciesEnabled</key>
2579 <true/>
2580 </dict>
2581 ```
2582 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2583
2584 Disable warnings based on file extension for specific file types on domains.
2585
2586 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2587
2588 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2589
2590 **Compatibility:** Firefox 102\
2591 **CCK2 Equivalent:** N/A\
2592 **Preferences Affected:** N/A
2593
2594 #### Windows (GPO)
2595 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2596 ```
2597 [
2598 {
2599 "file_extension": "jnlp",
2600 "domains": ["example.com"]
2601 }
2602 ]
2603 ```
2604 #### Windows (Intune)
2605 OMA-URI:
2606 ```
2607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2608 ```
2609 Value (string):
2610 ```
2611 <enabled/>
2612 <data id="JSON" value='
2613 [
2614 {
2615 "file_extension": "jnlp",
2616 "domains": ["example.com"]
2617 }
2618 ]
2619 '/>
2620 ```
2621 #### macOS
2622 ```
2623 <dict>
2624 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2625 <array>
2626 <dict>
2627 <key>file_extension</key>
2628 <string>jnlp</string>
2629 <key>domains</key>
2630 <array>
2631 <string>example.com</string>
2632 </array>
2633 </dict>
2634 </array>
2635 </dict>
2636 ```
2637 #### policies.json
2638 ```
2639 {
2640 "policies": {
2641 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2642 "file_extension": "jnlp",
2643 "domains": ["example.com"]
2644 }]
2645 }
2646 }
2647 ```
2648 ### Extensions
2649 Control the installation, uninstallation and locking of extensions.
2650
2651 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2652
2653 `Install` is a list of URLs or native paths for extensions to be installed.
2654
2655 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2656
2657 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2658
2659 **Compatibility:** Firefox 60, Firefox ESR 60\
2660 **CCK2 Equivalent:** `addons`\
2661 **Preferences Affected:** N/A
2662
2663 #### Windows (GPO)
2664 ```
2665 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2666 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2667 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2668 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2669 ```
2670 #### Windows (Intune)
2671 OMA-URI:
2672 ```
2673 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2674 ```
2675 Value (string):
2676 ```
2677 <enabled/>
2678 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2679 ```
2680 OMA-URI:
2681 ```
2682 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2683 ```
2684 Value (string):
2685 ```
2686 <enabled/>
2687 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2688 ```
2689 OMA-URI:
2690 ```
2691 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2692 ```
2693 Value (string):
2694 ```
2695 <enabled/>
2696 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2697 ```
2698 #### macOS
2699 ```
2700 <dict>
2701 <key>Extensions</key>
2702 <dict>
2703 <key>Install</key>
2704 <array>
2705 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2706 <string>//path/to/xpi</string>
2707 </array>
2708 <key>Uninstall</key>
2709 <array>
2710 <string>bad_addon_id@mozilla.org</string>
2711 </array>
2712 <key>Locked</key>
2713 <array>
2714 <string>addon_id@mozilla.org</string>
2715 </array>
2716 </dict>
2717 </dict>
2718 ```
2719 #### policies.json
2720 ```
2721 {
2722 "policies": {
2723 "Extensions": {
2724 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2725 "Uninstall": ["bad_addon_id@mozilla.org"],
2726 "Locked": ["addon_id@mozilla.org"]
2727 }
2728 }
2729 }
2730 ```
2731 ### ExtensionSettings
2732 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2733
2734 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2735
2736 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2737
2738 The configuration for each extension is another dictionary that can contain the fields documented below.
2739
2740 | Name | Description |
2741 | --- | --- |
2742 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2743 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2744 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2745 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2746 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2747 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2748 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2749 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2750 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2751 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2752 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2753
2754 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2755 **CCK2 Equivalent:** N/A\
2756 **Preferences Affected:** N/A
2757
2758 #### Windows (GPO)
2759 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2760 ```
2761 {
2762 "*": {
2763 "blocked_install_message": "Custom error message.",
2764 "install_sources": ["https://yourwebsite.com/*"],
2765 "installation_mode": "blocked",
2766 "allowed_types": ["extension"]
2767 },
2768 "uBlock0@raymondhill.net": {
2769 "installation_mode": "force_installed",
2770 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2771 },
2772 "https-everywhere@eff.org": {
2773 "installation_mode": "allowed"
2774 }
2775 }
2776 ```
2777 #### Windows (Intune)
2778 OMA-URI:
2779 ```
2780 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2781 ```
2782 Value (string):
2783 ```
2784 <enabled/>
2785 <data id="ExtensionSettings" value='
2786 {
2787 "*": {
2788 "blocked_install_message": "Custom error message.",
2789 "install_sources": ["https://yourwebsite.com/*"],
2790 "installation_mode": "blocked",
2791 "allowed_types": ["extension"]
2792 },
2793 "uBlock0@raymondhill.net": {
2794 "installation_mode": "force_installed",
2795 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2796 },
2797 "https-everywhere@eff.org": {
2798 "installation_mode": "allowed"
2799 }
2800 }'/>
2801 ```
2802 #### macOS
2803 ```
2804 <dict>
2805 <key>ExtensionSettings</key>
2806 <dict>
2807 <key>*</key>
2808 <dict>
2809 <key>blocked_install_message</key>
2810 <string>Custom error message.</string>
2811 <key>install_sources</key>
2812 <array>
2813 <string>"https://yourwebsite.com/*"</string>
2814 </array>
2815 <key>installation_mode</key>
2816 <string>blocked</string>
2817 <key>allowed_types</key>
2818 <array>
2819 <string>extension</string>
2820 </array>
2821 </dict>
2822 <key>uBlock0@raymondhill.net</key>
2823 <dict>
2824 <key>installation_mode</key>
2825 <string>force_installed</string>
2826 <key>install_url</key>
2827 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2828 </dict>
2829 <key>https-everywhere@eff.org</key>
2830 <dict>
2831 <key>installation_mode</key>
2832 <string>allowed</string>
2833 </dict>
2834 </dict>
2835 </dict>
2836 ```
2837 #### policies.json
2838 ```
2839 {
2840 "policies": {
2841 "ExtensionSettings": {
2842 "*": {
2843 "blocked_install_message": "Custom error message.",
2844 "install_sources": ["https://yourwebsite.com/*"],
2845 "installation_mode": "blocked",
2846 "allowed_types": ["extension"]
2847 },
2848 "uBlock0@raymondhill.net": {
2849 "installation_mode": "force_installed",
2850 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2851 },
2852 "https-everywhere@eff.org": {
2853 "installation_mode": "allowed"
2854 }
2855 }
2856 }
2857 }
2858 ```
2859 ### ExtensionUpdate
2860 Control extension updates.
2861
2862 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2863 **CCK2 Equivalent:** N/A\
2864 **Preferences Affected:** `extensions.update.enabled`
2865
2866 #### Windows (GPO)
2867 ```
2868 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2869 ```
2870 #### Windows (Intune)
2871 OMA-URI:
2872 ```
2873 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2874 ```
2875 Value (string):
2876 ```
2877 <enabled/> or <disabled/>
2878 ```
2879 #### macOS
2880 ```
2881 <dict>
2882 <key>ExtensionUpdate</key>
2883 <true/> | <false/>
2884 </dict>
2885 ```
2886 #### policies.json
2887 ```
2888 {
2889 "policies": {
2890 "ExtensionUpdate": true | false
2891 }
2892 }
2893 ```
2894 ### FirefoxHome
2895 Customize the Firefox Home page.
2896
2897 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
2898 **CCK2 Equivalent:** N/A\
2899 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
2900
2901 #### Windows (GPO)
2902 ```
2903 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2904 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2905 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
2906 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2907 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2908 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
2909 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2910 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2911 ```
2912 #### Windows (Intune)
2913 OMA-URI:
2914 ```
2915 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2916 ```
2917 Value (string):
2918 ```
2919 <enabled/>
2920 <data id="FirefoxHome_Search" value="true | false"/>
2921 <data id="FirefoxHome_TopSites" value="true | false"/>
2922 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
2923 <data id="FirefoxHome_Highlights" value="true | false"/>
2924 <data id="FirefoxHome_Pocket" value="true | false"/>
2925 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
2926 <data id="FirefoxHome_Snippets" value="true | false"/>
2927 <data id="FirefoxHome_Locked" value="true | false"/>
2928 ```
2929 #### macOS
2930 ```
2931 <dict>
2932 <key>FirefoxHome</key>
2933 <dict>
2934 <key>Search</key>
2935 <true/> | <false/>
2936 <key>TopSites</key>
2937 <true/> | <false/>
2938 <key>SponsoredTopSites</key>
2939 <true/> | <false/>
2940 <key>Highlights</key>
2941 <true/> | <false/>
2942 <key>Pocket</key>
2943 <true/> | <false/>
2944 <key>SponsoredPocket</key>
2945 <true/> | <false/>
2946 <key>Snippets</key>
2947 <true/> | <false/>
2948 <key>Locked</key>
2949 <true/> | <false/>
2950 </dict>
2951 </dict>
2952 ```
2953 #### policies.json
2954 ```
2955 {
2956 "policies": {
2957 "FirefoxHome": {
2958 "Search": true | false,
2959 "TopSites": true | false,
2960 "SponsoredTopSites": true | false,
2961 "Highlights": true | false,
2962 "Pocket": true | false,
2963 "SponsoredPocket": true | false,
2964 "Snippets": true | false,
2965 "Locked": true | false
2966 }
2967 }
2968 }
2969 ```
2970 ### GoToIntranetSiteForSingleWordEntryInAddressBar
2971 Whether to always go through the DNS server before sending a single word search string to a search engine.
2972
2973 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
2974
2975 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
2976
2977 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
2978
2979 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
2980
2981 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
2982
2983 **Compatibility:** Firefox 104, Firefox ESR 102.2\
2984 **CCK2 Equivalent:** `N/A`\
2985 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
2986
2987 #### Windows (GPO)
2988 ```
2989 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
2990 ```
2991 #### Windows (Intune)
2992 OMA-URI:
2993 ```
2994 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
2995 ```
2996 Value (string):
2997 ```
2998 <enabled/> or <disabled/>
2999 ```
3000 #### macOS
3001 ```
3002 <dict>
3003 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3004 <true/> | <false/>
3005 </dict>
3006 ```
3007 #### policies.json
3008 ```
3009 {
3010 "policies": {
3011 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3012 }
3013 }
3014 ```
3015 ### Handlers
3016 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3017
3018 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3019
3020 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3021
3022 | Name | Description |
3023 | --- | --- |
3024 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3025 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3026 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3027 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3028 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3029 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3030
3031 **Compatibility:** Firefox 78, Firefox ESR 78\
3032 **CCK2 Equivalent:** N/A\
3033 **Preferences Affected:** N/A
3034
3035 #### Windows (GPO)
3036 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3037 ```
3038 {
3039 "mimeTypes": {
3040 "application/msword": {
3041 "action": "useSystemDefault",
3042 "ask": true | false
3043 }
3044 },
3045 "schemes": {
3046 "mailto": {
3047 "action": "useHelperApp",
3048 "ask": true | false,
3049 "handlers": [{
3050 "name": "Gmail",
3051 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3052 }]
3053 }
3054 },
3055 "extensions": {
3056 "pdf": {
3057 "action": "useHelperApp",
3058 "ask": true | false,
3059 "handlers": [{
3060 "name": "Adobe Acrobat",
3061 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3062 }]
3063 }
3064 }
3065 }
3066 ```
3067 #### Windows (Intune)
3068 OMA-URI:
3069 ```
3070 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3071 ```
3072 Value (string):
3073 ```
3074 <enabled/>
3075 <data id="Handlers" value='
3076 {
3077 "mimeTypes": {
3078 "application/msword": {
3079 "action": "useSystemDefault",
3080 "ask": true | false
3081 }
3082 },
3083 "schemes": {
3084 "mailto": {
3085 "action": "useHelperApp",
3086 "ask": true | false,
3087 "handlers": [{
3088 "name": "Gmail",
3089 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3090 }]
3091 }
3092 },
3093 "extensions": {
3094 "pdf": {
3095 "action": "useHelperApp",
3096 "ask": true | false,
3097 "handlers": [{
3098 "name": "Adobe Acrobat",
3099 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3100 }]
3101 }
3102 }
3103 }
3104 '/>
3105 ```
3106 #### macOS
3107 ```
3108 <dict>
3109 <key>Handlers</key>
3110 <dict>
3111 <key>mimeTypes</key>
3112 <dict>
3113 <key>application/msword</key>
3114 <dict>
3115 <key>action</key>
3116 <string>useSystemDefault</string>
3117 <key>ask</key>
3118 <true/> | <false/>
3119 </dict>
3120 </dict>
3121 <key>schemes</key>
3122 <dict>
3123 <key>mailto</key>
3124 <dict>
3125 <key>action</key>
3126 <string>useHelperApp</string>
3127 <key>ask</key>
3128 <true/> | <false/>
3129 <key>handlers</key>
3130 <array>
3131 <dict>
3132 <key>name</key>
3133 <string>Gmail</string>
3134 <key>uriTemplate</key>
3135 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3136 </dict>
3137 </array>
3138 </dict>
3139 </dict>
3140 <key>extensions</key>
3141 <dict>
3142 <key>pdf</key>
3143 <dict>
3144 <key>action</key>
3145 <string>useHelperApp</string>
3146 <key>ask</key>
3147 <true/> | <false/>
3148 <key>handlers</key>
3149 <array>
3150 <dict>
3151 <key>name</key>
3152 <string>Adobe Acrobat</string>
3153 <key>path</key>
3154 <string>/System/Applications/Preview.app</string>
3155 </dict>
3156 </array>
3157 </dict>
3158 </dict>
3159 </dict>
3160 </dict>
3161 ```
3162 #### policies.json
3163 ```
3164 {
3165 "policies": {
3166 "Handlers": {
3167 "mimeTypes": {
3168 "application/msword": {
3169 "action": "useSystemDefault",
3170 "ask": false
3171 }
3172 },
3173 "schemes": {
3174 "mailto": {
3175 "action": "useHelperApp",
3176 "ask": true | false,
3177 "handlers": [{
3178 "name": "Gmail",
3179 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3180 }]
3181 }
3182 },
3183 "extensions": {
3184 "pdf": {
3185 "action": "useHelperApp",
3186 "ask": true | false,
3187 "handlers": [{
3188 "name": "Adobe Acrobat",
3189 "path": "/usr/bin/acroread"
3190 }]
3191 }
3192 }
3193 }
3194 }
3195 }
3196 ```
3197 ### HardwareAcceleration
3198 Control hardware acceleration.
3199
3200 **Compatibility:** Firefox 60, Firefox ESR 60\
3201 **CCK2 Equivalent:** N/A\
3202 **Preferences Affected:** `layers.acceleration.disabled`
3203
3204 #### Windows (GPO)
3205 ```
3206 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3207 ```
3208 #### Windows (Intune)
3209 OMA-URI:
3210 ```
3211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3212 ```
3213 Value (string):
3214 ```
3215 <enabled/> or <disabled/>
3216 ```
3217 #### macOS
3218 ```
3219 <dict>
3220 <key>HardwareAcceleration</key>
3221 <true/> | <false/>
3222 </dict>
3223 ```
3224 #### policies.json
3225 ```
3226 {
3227 "policies": {
3228 "HardwareAcceleration": true | false
3229 }
3230 }
3231 ```
3232 ### Homepage
3233 Configure the default homepage and how Firefox starts.
3234
3235 `URL` is the default homepage.
3236
3237 `Locked` prevents the user from changing homepage preferences.
3238
3239 `Additional` allows for more than one homepage.
3240
3241 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3242
3243 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3244
3245 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3246 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3247 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3248
3249 #### Windows (GPO)
3250 ```
3251 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3252 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3253 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3254 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3255 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3256 ```
3257 #### Windows (Intune)
3258 OMA-URI:
3259 ```
3260 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3261 ```
3262 Value (string):
3263 ```
3264 <enabled/>
3265
3266 <data id="HomepageURL" value="https://example.com"/>
3267 <data id="HomepageLocked" value="true | false"/>
3268 ```
3269 OMA-URI:
3270 ```
3271 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3272 ```
3273 Value (string):
3274 ```
3275 <enabled/>
3276
3277 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3278 ```
3279 OMA-URI:
3280 ```
3281 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3282 ```
3283 Value (string):
3284 ```
3285 <enabled/>
3286
3287 <data id="StartPage" value="none | homepage | previous-session"/>
3288 ```
3289 #### macOS
3290 ```
3291 <dict>
3292 <key>Homepage</key>
3293 <dict>
3294 <key>URL</key>
3295 <string>http://example.com</string>
3296 <key>Locked</key>
3297 <true/> | <false/>
3298 <key>Additional</key>
3299 <array>
3300 <string>http://example.org</string>
3301 <string>http://example.edu</string>
3302 </array>
3303 <key>StartPage</key>
3304 <string>none | homepage | previous-session | homepage-locked</string>
3305 </dict>
3306 </dict>
3307 ```
3308 #### policies.json
3309 ```
3310 {
3311 "policies": {
3312 "Homepage": {
3313 "URL": "http://example.com/",
3314 "Locked": true | false,
3315 "Additional": ["http://example.org/",
3316 "http://example.edu/"],
3317 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3318 }
3319 }
3320 }
3321 ```
3322 ### InstallAddonsPermission
3323 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3324
3325 `Allow` is a list of origins where extension installs are allowed.
3326
3327 `Default` determines whether or not extension installs are allowed by default.
3328
3329 **Compatibility:** Firefox 60, Firefox ESR 60\
3330 **CCK2 Equivalent:** `permissions.install`\
3331 **Preferences Affected:** `xpinstall.enabled`
3332
3333 #### Windows (GPO)
3334 ```
3335 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3336 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3337 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3338 ```
3339 #### Windows (Intune)
3340 OMA-URI:
3341 ```
3342 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3343 ```
3344 Value (string):
3345 ```
3346 <enabled/>
3347 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3348 ```
3349 OMA-URI:
3350 ```
3351 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3352 ```
3353 Value (string):
3354 ```
3355 <enabled/>
3356 ```
3357 #### macOS
3358 ```
3359 <dict>
3360 <key>InstallAddonsPermission</key>
3361 <dict>
3362 <key>Allow</key>
3363 <array>
3364 <string>http://example.org</string>
3365 <string>http://example.edu</string>
3366 </array>
3367 <key>Default</key>
3368 <true/> | <false/>
3369 </dict>
3370 </dict>
3371 ```
3372 #### policies.json
3373 ```
3374 {
3375 "policies": {
3376 "InstallAddonsPermission": {
3377 "Allow": ["http://example.org/",
3378 "http://example.edu/"],
3379 "Default": true | false
3380 }
3381 }
3382 }
3383 ```
3384 ### LegacyProfiles
3385 Disable the feature enforcing a separate profile for each installation.
3386
3387 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3388
3389 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3390
3391 This policy only work on Windows via GPO (not policies.json).
3392
3393 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3394 **CCK2 Equivalent:** N/A\
3395 **Preferences Affected:** N/A
3396
3397 #### Windows (GPO)
3398 ```
3399 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3400 ```
3401 #### Windows (Intune)
3402 OMA-URI:
3403 ```
3404 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3405 ```
3406 Value (string):
3407 ```
3408 <enabled/> or <disabled/>
3409 ```
3410 ### LegacySameSiteCookieBehaviorEnabled
3411 Enable default legacy SameSite cookie behavior setting.
3412
3413 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3414
3415 **Compatibility:** Firefox 96\
3416 **CCK2 Equivalent:** N/A\
3417 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3418
3419 #### Windows (GPO)
3420 ```
3421 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3422 ```
3423 #### Windows (Intune)
3424 OMA-URI:
3425 ```
3426 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3427 ```
3428 Value (string):
3429 ```
3430 <enabled/> or <disabled/>
3431 ```
3432 #### macOS
3433 ```
3434 <dict>
3435 <key>LegacySameSiteCookieBehaviorEnabled</key>
3436 <true/> | <false/>
3437 </dict>
3438 ```
3439 #### policies.json
3440 ```
3441 {
3442 "policies": {
3443 "LegacySameSiteCookieBehaviorEnabled": true | false
3444 }
3445 ```
3446 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3447 Revert to legacy SameSite behavior for cookies on specified sites.
3448
3449 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3450
3451 **Compatibility:** Firefox 96\
3452 **CCK2 Equivalent:** N/A\
3453 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3454
3455 #### Windows (GPO)
3456 ```
3457 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3458 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3459 ```
3460 #### Windows (Intune)
3461 OMA-URI:
3462 ```
3463 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3464 ```
3465 Value (string):
3466 ```
3467 <enabled/>
3468 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3469 ```
3470 #### macOS
3471 ```
3472 <dict>
3473 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3474 <array>
3475 <string>example.org</string>
3476 <string>example.edu</string>
3477 </array>
3478 </dict>
3479 ```
3480 #### policies.json
3481 ```
3482 {
3483 "policies": {
3484 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3485 "example.edu"]
3486 }
3487 }
3488 ```
3489 ### LocalFileLinks
3490 Enable linking to local files by origin.
3491
3492 **Compatibility:** Firefox 68, Firefox ESR 68\
3493 **CCK2 Equivalent:** N/A\
3494 **Preferences Affected:** `capability.policy.localfilelinks.*`
3495
3496 #### Windows (GPO)
3497 ```
3498 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3499 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3500 ```
3501 #### Windows (Intune)
3502 OMA-URI:
3503 ```
3504 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3505 ```
3506 Value (string):
3507 ```
3508 <enabled/>
3509 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3510 ```
3511 #### macOS
3512 ```
3513 <dict>
3514 <key>LocalFileLinks</key>
3515 <array>
3516 <string>http://example.org</string>
3517 <string>http://example.edu</string>
3518 </array>
3519 </dict>
3520 ```
3521 #### policies.json
3522 ```
3523 {
3524 "policies": {
3525 "LocalFileLinks": ["http://example.org/",
3526 "http://example.edu/"]
3527 }
3528 }
3529 ```
3530 ### ManagedBookmarks
3531 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3532
3533 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3534
3535 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3536 ```
3537 {
3538 "items": {
3539 "id": "BookmarkType",
3540 "properties": {
3541 "children": {
3542 "items": {
3543 "$ref": "BookmarkType"
3544 },
3545 "type": "array"
3546 },
3547 "name": {
3548 "type": "string"
3549 },
3550 "toplevel_name": {
3551 "type": "string"
3552 },
3553 "url": {
3554 "type": "string"
3555 }
3556 },
3557 "type": "object"
3558 },
3559 "type": "array"
3560 }
3561 ```
3562 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3563 **CCK2 Equivalent:** N/A\
3564 **Preferences Affected:** N/A
3565
3566 #### Windows (GPO)
3567 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3568 ```
3569 [
3570 {
3571 "toplevel_name": "My managed bookmarks folder"
3572 },
3573 {
3574 "url": "example.com",
3575 "name": "Example"
3576 },
3577 {
3578 "name": "Mozilla links",
3579 "children": [
3580 {
3581 "url": "https://mozilla.org",
3582 "name": "Mozilla.org"
3583 },
3584 {
3585 "url": "https://support.mozilla.org/",
3586 "name": "SUMO"
3587 }
3588 ]
3589 }
3590 ]
3591 ```
3592 #### Windows (Intune)
3593 OMA-URI:
3594 ```
3595 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3596 ```
3597 Value (string):
3598 ```
3599 <enabled/>
3600 <data id="JSON" value='
3601 [
3602 {
3603 "toplevel_name": "My managed bookmarks folder"
3604 },
3605 {
3606 "url": "example.com",
3607 "name": "Example"
3608 },
3609 {
3610 "name": "Mozilla links",
3611 "children": [
3612 {
3613 "url": "https://mozilla.org",
3614 "name": "Mozilla.org"
3615 },
3616 {
3617 "url": "https://support.mozilla.org/",
3618 "name": "SUMO"
3619 }
3620 ]
3621 }
3622 ]'/>
3623 ```
3624 #### macOS
3625 ```
3626 <dict>
3627 <key>ManagedBookmarks</key>
3628 <array>
3629 <dict>
3630 <key>toplevel_name</key>
3631 <string>My managed bookmarks folder</string>
3632 <dict>
3633 <key>url</key>
3634 <string>example.com</string>
3635 <key>name</key>
3636 <string>Example</string>
3637 </dict>
3638 <dict>
3639 <key>name</key>
3640 <string>Mozilla links</string>
3641 <key>children</key>
3642 <array>
3643 <dict>
3644 <key>url</key>
3645 <string>https://mozilla.org</string>
3646 <key>name</key>
3647 <string>Mozilla</string>
3648 </dict>
3649 <dict>
3650 <key>url</key>
3651 <string>https://support.mozilla.org/</string>
3652 <key>name</key>
3653 <string>SUMO</string>
3654 </dict>
3655 </array>
3656 </dict>
3657 </array>
3658 </dict>
3659 ```
3660 #### policies.json
3661 ```
3662 {
3663 "policies": {
3664 "ManagedBookmarks": [
3665 {
3666 "toplevel_name": "My managed bookmarks folder"
3667 },
3668 {
3669 "url": "example.com",
3670 "name": "Example"
3671 },
3672 {
3673 "name": "Mozilla links",
3674 "children": [
3675 {
3676 "url": "https://mozilla.org",
3677 "name": "Mozilla.org"
3678 },
3679 {
3680 "url": "https://support.mozilla.org/",
3681 "name": "SUMO"
3682 }
3683 ]
3684 }
3685 ]
3686 }
3687 }
3688 ```
3689 ### ManualAppUpdateOnly
3690
3691 Switch to manual updates only.
3692
3693 If this policy is enabled:
3694 1. The user will never be prompted to install updates
3695 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3696 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3697
3698 This policy is primarily intended for advanced end users, not for enterprises.
3699
3700 **Compatibility:** Firefox 87\
3701 **CCK2 Equivalent:** N/A\
3702 **Preferences Affected:** N/A
3703
3704 #### policies.json
3705 ```
3706 {
3707 "policies": {
3708 "ManualAppUpdateOnly": true | false
3709 }
3710 }
3711 ```
3712 ### NetworkPrediction
3713 Enable or disable network prediction (DNS prefetching).
3714
3715 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3716 **CCK2 Equivalent:** N/A\
3717 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3718
3719 #### Windows (GPO)
3720 ```
3721 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3722 ```
3723 #### Windows (Intune)
3724 OMA-URI:
3725 ```
3726 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3727 ```
3728 Value (string):
3729 ```
3730 <enabled/> or <disabled/>
3731 ```
3732 #### macOS
3733 ```
3734 <dict>
3735 <key>NetworkPrediction</key>
3736 <true/> | <false/>
3737 </dict>
3738 ```
3739 #### policies.json
3740 ```
3741 {
3742 "policies": {
3743 "NetworkPrediction": true | false
3744 }
3745 ```
3746 ### NewTabPage
3747 Enable or disable the New Tab page.
3748
3749 **Compatibility:** Firefox 68, Firefox ESR 68\
3750 **CCK2 Equivalent:** N/A\
3751 **Preferences Affected:** `browser.newtabpage.enabled`
3752
3753 #### Windows (GPO)
3754 ```
3755 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3756 ```
3757 #### Windows (Intune)
3758 OMA-URI:
3759 ```
3760 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3761 ```
3762 Value (string):
3763 ```
3764 <enabled/> or <disabled/>
3765 ```
3766 #### macOS
3767 ```
3768 <dict>
3769 <key>NewTabPage</key>
3770 <true/> | <false/>
3771 </dict>
3772 ```
3773 #### policies.json
3774 ```
3775 {
3776 "policies": {
3777 "NewTabPage": true | false
3778 }
3779 ```
3780 ### NoDefaultBookmarks
3781 Disable the creation of default bookmarks.
3782
3783 This policy is only effective if the user profile has not been created yet.
3784
3785 **Compatibility:** Firefox 60, Firefox ESR 60\
3786 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3787 **Preferences Affected:** N/A
3788
3789 #### Windows (GPO)
3790 ```
3791 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3792 ```
3793 #### Windows (Intune)
3794 OMA-URI:
3795 ```
3796 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3797 ```
3798 Value (string):
3799 ```
3800 <enabled/> or <disabled/>
3801 ```
3802 #### macOS
3803 ```
3804 <dict>
3805 <key>NoDefaultBookmarks</key>
3806 <true/> | <false/>
3807 </dict>
3808 ```
3809 #### policies.json
3810 ```
3811 {
3812 "policies": {
3813 "NoDefaultBookmarks": true | false
3814 }
3815 }
3816 ```
3817 ### OfferToSaveLogins
3818 Control whether or not Firefox offers to save passwords.
3819
3820 **Compatibility:** Firefox 60, Firefox ESR 60\
3821 **CCK2 Equivalent:** `dontRememberPasswords`\
3822 **Preferences Affected:** `signon.rememberSignons`
3823
3824 #### Windows (GPO)
3825 ```
3826 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3827 ```
3828 #### Windows (Intune)
3829 OMA-URI:
3830 ```
3831 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3832 ```
3833 Value (string):
3834 ```
3835 <enabled/> or <disabled/>
3836 ```
3837 #### macOS
3838 ```
3839 <dict>
3840 <key>OfferToSaveLogins</key>
3841 <true/> | <false/>
3842 </dict>
3843 ```
3844 #### policies.json
3845 ```
3846 {
3847 "policies": {
3848 "OfferToSaveLogins": true | false
3849 }
3850 }
3851 ```
3852 ### OfferToSaveLoginsDefault
3853 Sets the default value of signon.rememberSignons without locking it.
3854
3855 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3856 **CCK2 Equivalent:** `dontRememberPasswords`\
3857 **Preferences Affected:** `signon.rememberSignons`
3858
3859 #### Windows (GPO)
3860 ```
3861 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
3862 ```
3863 #### Windows (Intune)
3864 OMA-URI:
3865 ```
3866 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
3867 ```
3868 Value (string):
3869 ```
3870 <enabled/> or <disabled/>
3871 ```
3872 #### macOS
3873 ```
3874 <dict>
3875 <key>OfferToSaveLoginsDefault</key>
3876 <true/> | <false/>
3877 </dict>
3878 ```
3879 #### policies.json
3880 ```
3881 {
3882 "policies": {
3883 "OfferToSaveLoginsDefault": true | false
3884 }
3885 }
3886 ```
3887 ### OverrideFirstRunPage
3888 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
3889
3890 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
3891
3892 **Compatibility:** Firefox 60, Firefox ESR 60\
3893 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
3894 **Preferences Affected:** `startup.homepage_welcome_url`
3895
3896 #### Windows (GPO)
3897 ```
3898 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
3899 ```
3900 #### Windows (Intune)
3901 OMA-URI:
3902 ```
3903 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
3904 ```
3905 Value (string):
3906 ```
3907 <enabled/>
3908 <data id="OverridePage" value="https://example.com"/>
3909 ```
3910 #### macOS
3911 ```
3912 <dict>
3913 <key>OverrideFirstRunPage</key>
3914 <string>http://example.org</string>
3915 </dict>
3916 ```
3917 #### policies.json
3918 ```
3919 {
3920 "policies": {
3921 "OverrideFirstRunPage": "http://example.org"
3922 }
3923 }
3924 ```
3925 ### OverridePostUpdatePage
3926 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
3927
3928 **Compatibility:** Firefox 60, Firefox ESR 60\
3929 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
3930 **Preferences Affected:** `startup.homepage_override_url`
3931
3932 #### Windows (GPO)
3933 ```
3934 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
3935 ```
3936 #### Windows (Intune)
3937 OMA-URI:
3938 ```
3939 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
3940 ```
3941 Value (string):
3942 ```
3943 <enabled/>
3944 <data id="OverridePage" value="https://example.com"/>
3945 ```
3946 #### macOS
3947 ```
3948 <dict>
3949 <key>OverridePostUpdatePage</key>
3950 <string>http://example.org</string>
3951 </dict>
3952 ```
3953 #### policies.json
3954 ```
3955 {
3956 "policies": {
3957 "OverridePostUpdatePage": "http://example.org"
3958 }
3959 }
3960 ```
3961 ### PasswordManagerEnabled
3962 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
3963
3964 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3965 **CCK2 Equivalent:** N/A\
3966 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
3967
3968 #### Windows (GPO)
3969 ```
3970 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
3971 ```
3972 #### Windows (Intune)
3973 OMA-URI:
3974 ```
3975 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
3976 ```
3977 Value (string):
3978 ```
3979 <enabled/> or <disabled/>
3980 ```
3981 #### macOS
3982 ```
3983 <dict>
3984 <key>PasswordManagerEnabled</key>
3985 <true/> | <false/>
3986 </dict>
3987 ```
3988 #### policies.json
3989 ```
3990 {
3991 "policies": {
3992 "PasswordManagerEnabled": true | false
3993 }
3994 }
3995 ```
3996 ### PasswordManagerExceptions
3997 Prevent Firefox from saving passwords for specific sites.
3998
3999 The sites are specified as a list of origins.
4000
4001 **Compatibility:** Firefox 101\
4002 **CCK2 Equivalent:** N/A\
4003 **Preferences Affected:** N/A
4004
4005 #### Windows (GPO)
4006 ```
4007 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4008 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4009 ```
4010 #### Windows (Intune)
4011 OMA-URI:
4012 ```
4013 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4014 ```
4015 Value (string):
4016 ```
4017 <enabled/>
4018 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4019 ```
4020 #### macOS
4021 ```
4022 <dict>
4023 <key>PasswordManagerExceptions</key>
4024 <array>
4025 <string>https://example.org</string>
4026 <string>https://example.edu</string>
4027 </array>
4028 </dict>
4029 ```
4030 #### policies.json
4031 ```
4032 {
4033 "policies": {
4034 "PasswordManagerExceptions": ["https://example.org",
4035 "https://example.edu"]
4036 }
4037 }
4038 ```
4039
4040 ### PDFjs
4041 Disable or configure PDF.js, the built-in PDF viewer.
4042
4043 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4044
4045 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4046
4047 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4048
4049 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4050 **CCK2 Equivalent:** N/A\
4051 **Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
4052
4053 #### Windows (GPO)
4054 ```
4055 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4056 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4057 ```
4058 #### Windows (Intune)
4059 OMA-URI:
4060 ```
4061 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4062 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4063 ```
4064 Value (string):
4065 ```
4066 <enabled/>or <disabled/>
4067 ```
4068 #### macOS
4069 ```
4070 <dict>
4071 <key>PDFjs</key>
4072 <dict>
4073 <key>Enabled</key>
4074 <true/> | <false/>
4075 <key>EnablePermissions</key>
4076 <true/> | <false/>
4077 </dict>
4078 </dict>
4079 ```
4080 #### policies.json
4081 ```
4082 {
4083 "policies": {
4084 "PDFjs": {
4085 "Enabled": true | false,
4086 "EnablePermissions": true | false
4087 }
4088 }
4089 }
4090 ```
4091 ### Permissions
4092 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4093
4094 `Allow` is a list of origins where the feature is allowed.
4095
4096 `Block` is a list of origins where the feature is not allowed.
4097
4098 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4099
4100 `Locked` prevents the user from changing preferences for the feature.
4101
4102 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4103
4104 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4105 **CCK2 Equivalent:** N/A\
4106 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4107
4108 #### Windows (GPO)
4109 ```
4110 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4111 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4112 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4113 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4114 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4115 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4116 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4117 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4118 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4119 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4120 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4121 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4122 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4123 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4124 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4125 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4126 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4127 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4128 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4129 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4130 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4131 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4132 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4133 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4134 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4135 ```
4136 #### Windows (Intune)
4137 OMA-URI:
4138 ```
4139 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4140 ```
4141 Value (string):
4142 ```
4143 <enabled/> or <disabled/>
4144 ```
4145 OMA-URI:
4146 ```
4147 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4148 ```
4149 Value (string):
4150 ```
4151 <enabled/> or <disabled/>
4152 ```
4153 OMA-URI:
4154 ```
4155 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4156 ```
4157 Value (string):
4158 ```
4159 <enabled/>
4160 <data id="Permissions" value="1&#xF000;https://example.org"/>
4161 ```
4162 OMA-URI:
4163 ```
4164 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4165 ```
4166 Value (string):
4167 ```
4168 <enabled/> or <disabled/>
4169 ```
4170 OMA-URI:
4171 ```
4172 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4173 ```
4174 Value (string):
4175 ```
4176 <enabled/> or <disabled/>
4177 ```
4178 OMA-URI:
4179 ```
4180 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4181 ```
4182 Value (string):
4183 ```
4184 <enabled/>
4185 <data id="Permissions" value="1&#xF000;https://example.org"/>
4186 ```
4187 OMA-URI:
4188 ```
4189 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4190 ```
4191 Value (string):
4192 ```
4193 <enabled/>
4194 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4195 ```
4196 OMA-URI:
4197 ```
4198 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4199 ```
4200 Value (string):
4201 ```
4202 <enabled/>
4203 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4204 ```
4205 OMA-URI:
4206 ```
4207 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4208 ```
4209 Value (string):
4210 ```
4211 <enabled/> or <disabled/>
4212 ```
4213 OMA-URI:
4214 ```
4215 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4216 ```
4217 Value (string):
4218 ```
4219 <enabled/>
4220 <data id="Permissions" value="1&#xF000;https://example.org"/>
4221 ```
4222 OMA-URI:
4223 ```
4224 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4225 ```
4226 Value (string):
4227 ```
4228 <enabled/>
4229 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4230 ```
4231 OMA-URI:
4232 ```
4233 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4234 ```
4235 Value (string):
4236 ```
4237 <enabled/> or <disabled/>
4238 ```
4239 OMA-URI:
4240 ```
4241 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4242 ```
4243 Value (string):
4244 ```
4245 <enabled/> or <disabled/>
4246 ```
4247 #### macOS
4248 ```
4249 <dict>
4250 <key>Permissions</key>
4251 <dict>
4252 <key>Camera</key>
4253 <dict>
4254 <key>Allow</key>
4255 <array>
4256 <string>https://example.org</string>
4257 <string>https://example.org:1234</string>
4258 </array>
4259 <key>Block</key>
4260 <array>
4261 <string>https://example.edu</string>
4262 </array>
4263 <key>BlockNewRequests</key>
4264 <true/> | <false/>
4265 <key>Locked</key>
4266 <true/> | <false/>
4267 </dict>
4268 <key>Microphone</key>
4269 <dict>
4270 <key>Allow</key>
4271 <array>
4272 <string>https://example.org</string>
4273 </array>
4274 <key>Block</key>
4275 <array>
4276 <string>https://example.edu</string>
4277 </array>
4278 <key>BlockNewRequests</key>
4279 <true/> | <false/>
4280 <key>Locked</key>
4281 <true/> | <false/>
4282 </dict>
4283 <key>Location</key>
4284 <dict>
4285 <key>Allow</key>
4286 <array>
4287 <string>https://example.org</string>
4288 </array>
4289 <key>Block</key>
4290 <array>
4291 <string>https://example.edu</string>
4292 </array>
4293 <key>BlockNewRequests</key>
4294 <true/> | <false/>
4295 <key>Locked</key>
4296 <true/> | <false/>
4297 </dict>
4298 <key>Notifications</key>
4299 <dict>
4300 <key>Allow</key>
4301 <array>
4302 <string>https://example.org</string>
4303 </array>
4304 <key>Block</key>
4305 <array>
4306 <string>https://example.edu</string>
4307 </array>
4308 <key>BlockNewRequests</key>
4309 <true/>
4310 <key>Locked</key>
4311 <true/>
4312 </dict>
4313 <key>Autoplay</key>
4314 <dict>
4315 <key>Allow</key>
4316 <array>
4317 <string>https://example.org</string>
4318 </array>
4319 <key>Block</key>
4320 <array>
4321 <string>https://example.edu</string>
4322 </array>
4323 <key>Default</key>
4324 <string>allow-audio-video | block-audio | block-audio-video</string>
4325 <key>Locked</key>
4326 <true/> | <false/>
4327 </dict>
4328 </dict>
4329 </dict>
4330 ```
4331 #### policies.json
4332 ```
4333 {
4334 "policies": {
4335 "Permissions": {
4336 "Camera": {
4337 "Allow": ["https://example.org","https://example.org:1234"],
4338 "Block": ["https://example.edu"],
4339 "BlockNewRequests": true | false,
4340 "Locked": true | false
4341 },
4342 "Microphone": {
4343 "Allow": ["https://example.org"],
4344 "Block": ["https://example.edu"],
4345 "BlockNewRequests": true | false,
4346 "Locked": true | false
4347 },
4348 "Location": {
4349 "Allow": ["https://example.org"],
4350 "Block": ["https://example.edu"],
4351 "BlockNewRequests": true | false,
4352 "Locked": true | false
4353 },
4354 "Notifications": {
4355 "Allow": ["https://example.org"],
4356 "Block": ["https://example.edu"],
4357 "BlockNewRequests": true | false,
4358 "Locked": true | false
4359 },
4360 "Autoplay": {
4361 "Allow": ["https://example.org"],
4362 "Block": ["https://example.edu"],
4363 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4364 "Locked": true | false
4365 }
4366 }
4367 }
4368 }
4369 ```
4370 ### PictureInPicture
4371
4372 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4373
4374 **Compatibility:** Firefox 78, Firefox ESR 78\
4375 **CCK2 Equivalent:** N/A\
4376 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4377
4378 #### Windows (GPO)
4379 ```
4380 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4381 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4382
4383 ```
4384 #### Windows (Intune)
4385 OMA-URI:
4386 ```
4387 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4388 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4389 ```
4390 Value (string):
4391 ```
4392 <enabled/> or <disabled/>
4393 ```
4394 #### macOS
4395 ```
4396 <dict>
4397 <key>PictureInPicture</key>
4398 <dict>
4399 <key>Enabled</key>
4400 <true/> | <false/>
4401 <key>Locked</key>
4402 <true/> | <false/>
4403 </dict>
4404 </dict>
4405 ```
4406 #### policies.json
4407 ```
4408 {
4409 "policies": {
4410 "PictureInPicture": {
4411 "Enabled": true | false,
4412 "Locked": true | false
4413 }
4414 }
4415 }
4416 ```
4417 ### PopupBlocking
4418 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4419
4420 `Allow` is a list of origins where popup-windows are allowed.
4421
4422 `Default` determines whether or not pop-up windows are allowed by default.
4423
4424 `Locked` prevents the user from changing pop-up preferences.
4425
4426 **Compatibility:** Firefox 60, Firefox ESR 60\
4427 **CCK2 Equivalent:** `permissions.popup`\
4428 **Preferences Affected:** `dom.disable_open_during_load`
4429
4430 #### Windows (GPO)
4431 ```
4432 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4433 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4434 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4435 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4436 ```
4437 #### Windows (Intune)
4438 OMA-URI:
4439 ```
4440 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4441 ```
4442 Value (string):
4443 ```
4444 <enabled/>
4445 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4446 ```
4447 OMA-URI:
4448 ```
4449 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4450 ```
4451 Value (string):
4452 ```
4453 <enabled/> or <disabled/>
4454 ```
4455 OMA-URI:
4456 ```
4457 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4458 ```
4459 Value (string):
4460 ```
4461 <enabled/> or <disabled/>
4462 ```
4463 #### macOS
4464 ```
4465 <dict>
4466 <key>PopupBlocking</key>
4467 <dict>
4468 <key>Allow</key>
4469 <array>
4470 <string>http://example.org</string>
4471 <string>http://example.edu</string>
4472 </array>
4473 <key>Default</key>
4474 <true/> | <false/>
4475 <key>Locked</key>
4476 <true/> | <false/>
4477 </dict>
4478 </dict>
4479 ```
4480 #### policies.json
4481 ```
4482 {
4483 "policies": {
4484 "PopupBlocking": {
4485 "Allow": ["http://example.org/",
4486 "http://example.edu/"],
4487 "Default": true | false,
4488 "Locked": true | false
4489 }
4490 }
4491 }
4492 ```
4493 ### Preferences
4494 Set and lock preferences.
4495
4496 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4497
4498 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4499
4500 Preferences that start with the following prefixes are supported:
4501 ```
4502 accessibility.
4503 app.update.* (Firefox 86, Firefox 78.8)
4504 browser.
4505 datareporting.policy.
4506 dom.
4507 extensions.
4508 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4509 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4510 geo.
4511 gfx.
4512 intl.
4513 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4514 layers.
4515 layout.
4516 media.
4517 network.
4518 pdfjs. (Firefox 84, Firefox ESR 78.6)
4519 places.
4520 print.
4521 signon. (Firefox 83, Firefox ESR 78.5)
4522 spellchecker. (Firefox 84, Firefox ESR 78.6)
4523 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4524 ui.
4525 widget.
4526 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4527 ```
4528 as well as the following security preferences:
4529
4530 | Preference | Type | Default
4531 | --- | --- | --- |
4532 | security.default_personal_cert | string | Ask Every Time
4533 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4534 | security.insecure_connection_text.enabled | bool | false
4535 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4536 | security.insecure_connection_text.pbmode.enabled | bool | false
4537 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4538 | security.mixed_content.block_active_content | boolean | true
4539 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4540 | security.osclientcerts.autoload | boolean | false
4541 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4542 | security.OCSP.enabled | integer | 1
4543 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
4544 | security.OCSP.require | boolean | false
4545 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4546 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4547 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
4548 | security.ssl.enable_ocsp_stapling | boolean | true
4549 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4550 | security.ssl.errorReporting.enabled | boolean | true
4551 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4552 | security.tls.enable_0rtt_data | boolean | true
4553 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
4554 | security.tls.hello_downgrade_check | boolean | true
4555 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4556 | security.tls.version.enable-deprecated | boolean | false
4557 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
4558 | security.warn_submit_secure_to_insecure | boolean | true
4559 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4560
4561 Using the preference as the key, set the `Value` to the corresponding preference value.
4562
4563 `Status` can be "default", "locked", "user" or "clear"
4564
4565 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4566 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4567 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4568 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4569
4570 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4571
4572 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4573
4574 See the examples below for more detail.
4575
4576 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4577
4578 Status
4579 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4580 **CCK2 Equivalent:** `preferences`\
4581 **Preferences Affected:** Many
4582
4583 #### Windows (GPO)
4584 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4585 ```
4586 {
4587 "accessibility.force_disabled": {
4588 "Value": 1,
4589 "Status": "default"
4590 },
4591 "browser.cache.disk.parent_directory": {
4592 "Value": "SOME_NATIVE_PATH",
4593 "Status": "user"
4594 },
4595 "browser.tabs.warnOnClose": {
4596 "Value": false,
4597 "Status": "locked"
4598 }
4599 }
4600 ```
4601 #### Windows (Intune)
4602 OMA-URI:
4603 ```
4604 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4605 ```
4606 Value (string):
4607 ```
4608 <enabled/>
4609 <data id="JSON" value='
4610 {
4611 "accessibility.force_disabled": {
4612 "Value": 1,
4613 "Status": "default"
4614 },
4615 "browser.cache.disk.parent_directory": {
4616 "Value": "SOME_NATIVE_PATH",
4617 "Status": "user"
4618 },
4619 "browser.tabs.warnOnClose": {
4620 "Value": false,
4621 "Status": "locked"
4622 }
4623 }'/>
4624 ```
4625 #### macOS
4626 ```
4627 <dict>
4628 <key>Preferences</key>
4629 <dict>
4630 <key>accessibility.force_disabled</key>
4631 <dict>
4632 <key>Value</key>
4633 <integer>1</integer>
4634 <key>Status</key>
4635 <string>default</string>
4636 </dict>
4637 <key>browser.cache.disk.parent_directory</key>
4638 <dict>
4639 <key>Value</key>
4640 <string>SOME_NATIVE_PATH</string>
4641 <key>Status</key>
4642 <string>user</string>
4643 </dict>
4644 <key>browser.tabs.warnOnClose</key>
4645 <dict>
4646 <key>Value</key>
4647 <false/>
4648 <key>Status</key>
4649 <string>locked</string>
4650 </dict>
4651 </dict>
4652 </dict>
4653 ```
4654 #### policies.json
4655 ```
4656 {
4657 "policies": {
4658 "Preferences": {
4659 "accessibility.force_disabled": {
4660 "Value": 1,
4661 "Status": "default"
4662 },
4663 "browser.cache.disk.parent_directory": {
4664 "Value": "SOME_NATIVE_PATH",
4665 "Status": "user"
4666 },
4667 "browser.tabs.warnOnClose": {
4668 "Value": false,
4669 "Status": "locked"
4670 }
4671 }
4672 }
4673 }
4674 ```
4675 ### PrimaryPassword
4676 Require or prevent using a primary (formerly master) password.
4677
4678 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4679
4680 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4681
4682 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4683 **CCK2 Equivalent:** `noMasterPassword`\
4684 **Preferences Affected:** N/A
4685
4686 #### Windows (GPO)
4687 ```
4688 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4689 ```
4690 #### Windows (Intune)
4691 OMA-URI:
4692 ```
4693 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4694 ```
4695 Value (string):
4696 ```
4697 <enabled/> or <disabled/>
4698 ```
4699 #### macOS
4700 ```
4701 <dict>
4702 <key>PrimaryPassword</key>
4703 <true/> | <false/>
4704 </dict>
4705 ```
4706 #### policies.json
4707 ```
4708 {
4709 "policies": {
4710 "PrimaryPassword": true | false
4711 }
4712 }
4713 ```
4714 ### PromptForDownloadLocation
4715 Ask where to save each file before downloading.
4716
4717 **Compatibility:** Firefox 68, Firefox ESR 68\
4718 **CCK2 Equivalent:** N/A\
4719 **Preferences Affected:** `browser.download.useDownloadDir`
4720
4721 #### Windows (GPO)
4722 ```
4723 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4724 ```
4725 #### Windows (Intune)
4726 OMA-URI:
4727 ```
4728 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4729 ```
4730 Value (string):
4731 ```
4732 <enabled/> or <disabled/>
4733 ```
4734 #### macOS
4735 ```
4736 <dict>
4737 <key>PromptForDownloadLocation</key>
4738 <true/> | <false/>
4739 </dict>
4740 ```
4741 #### policies.json
4742 ```
4743 {
4744 "policies": {
4745 "PromptForDownloadLocation": true | false
4746 }
4747 }
4748 ```
4749 ### Proxy
4750 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
4751 To specify ports, append them to the hostnames with a colon (:).
4752
4753 Unless you lock this policy, changes the user already has in place will take effect.
4754
4755 `Mode` is the proxy method being used.
4756
4757 `Locked` is whether or not proxy settings can be changed.
4758
4759 `HTTPProxy` is the HTTP proxy server.
4760
4761 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
4762
4763 `SSLProxy` is the SSL proxy server.
4764
4765 `FTPProxy` is the FTP proxy server.
4766
4767 `SOCKSProxy` is the SOCKS proxy server
4768
4769 `SOCKSVersion` is the SOCKS version (4 or 5)
4770
4771 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
4772
4773 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
4774
4775 `AutoLogin` means do not prompt for authentication if password is saved.
4776
4777 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
4778
4779 **Compatibility:** Firefox 60, Firefox ESR 60\
4780 **CCK2 Equivalent:** `networkProxy*`\
4781 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
4782
4783 #### Windows (GPO)
4784 ```
4785 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
4786 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
4787 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
4788 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
4789 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
4790 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
4791 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
4792 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
4793 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
4794 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
4795 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
4796 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
4797 ```
4798 #### Windows (Intune)
4799 **Note**
4800 These setttings were moved to a category to make them easier to configure via Intune.
4801
4802 OMA-URI:
4803 ```
4804 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
4805 ```
4806 Value (string):
4807 ```
4808 <enabled/> or <disabled/>
4809 ```
4810 OMA-URI:
4811 ```
4812 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
4813 ```
4814 Value (string):
4815 ```
4816 <enabled/>
4817 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4818 ```
4819 OMA-URI:
4820 ```
4821 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
4822 ```
4823 Value (string):
4824 ```
4825 <enabled/>
4826 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
4827 ```
4828 OMA-URI:
4829 ```
4830 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
4831 ```
4832 Value (string):
4833 ```
4834 <enabled/> or <disabled/>
4835 ```
4836 OMA-URI:
4837 ```
4838 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
4839 ```
4840 Value (string):
4841 ```
4842 <enabled/>
4843 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
4844 ```
4845 OMA-URI:
4846 ```
4847 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
4848 ```
4849 Value (string):
4850 ```
4851 <enabled/>
4852 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
4853 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
4854 ```
4855 OMA-URI:
4856 ```
4857 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
4858 ```
4859 Value (string):
4860 ```
4861 <enabled/>
4862 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4863 ```
4864 OMA-URI:
4865 ```
4866 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
4867 ```
4868 Value (string):
4869 ```
4870 <enabled/>
4871 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
4872 ```
4873 OMA-URI:
4874 ```
4875 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
4876 ```
4877 Value (string):
4878 ```
4879 <enabled/> or <disabled/>
4880 ```
4881 OMA-URI:
4882 ```
4883 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
4884 ```
4885 Value (string):
4886 ```
4887 <enabled/> or <disabled/>
4888 ```
4889 OMA-URI (Old way):
4890 ```
4891 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
4892 ```
4893 Value (string):
4894 ```
4895 <enabled/>
4896 <data id="ProxyLocked" value="true | false"/>
4897 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4898 <data id="HTTPProxy" value="httpproxy.example.com"/>
4899 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
4900 <data id="SSLProxy" value="sslproxy.example.com"/>
4901 <data id="FTPProxy" value="ftpproxy.example.com"/>
4902 <data id="SOCKSProxy" value="socksproxy.example.com"/>
4903 <data id="SOCKSVersion" value="4 | 5"/>
4904 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4905 <data id="Passthrough" value="<local>"/>
4906 <data id="AutoLogin" value="true | false"/>
4907 <data id="UseProxyForDNS" value="true | false"/>
4908 ```
4909 #### macOS
4910 ```
4911 <dict>
4912 <key>Proxy</key>
4913 <dict>
4914 <key>Mode</key>
4915 <string>none | system | manual | autoDetect | autoConfig</string>
4916 <key>Locked</key>
4917 <true> | </false>
4918 <key>HTTPProxy</key>
4919 <string>https://httpproxy.example.com</string>
4920 <key>UseHTTPProxyForAllProtocols</key>
4921 <true> | </false>
4922 <key>SSLProxy</key>
4923 <string>https://sslproxy.example.com</string>
4924 <key>FTPProxy</key>
4925 <string>https://ftpproxy.example.com</string>
4926 <key>SOCKSProxy</key>
4927 <string>https://socksproxy.example.com</string>
4928 <key>SOCKSVersion</key>
4929 <string>4 | 5</string>
4930 <key>Passthrough</key>
4931 <string>&lt;local>&gt;</string>
4932 <key>AutoConfigURL</key>
4933 <string>URL_TO_AUTOCONFIG</string>
4934 <key>AutoLogin</key>
4935 <true> | </false>
4936 <key>UseProxyForDNS</key>
4937 <true> | </false>
4938 </dict>
4939 </dict>
4940 ```
4941 #### policies.json
4942 ```
4943 {
4944 "policies": {
4945 "Proxy": {
4946 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
4947 "Locked": true | false,
4948 "HTTPProxy": "hostname",
4949 "UseHTTPProxyForAllProtocols": true | false,
4950 "SSLProxy": "hostname",
4951 "FTPProxy": "hostname",
4952 "SOCKSProxy": "hostname",
4953 "SOCKSVersion": 4 | 5,
4954 "Passthrough": "<local>",
4955 "AutoConfigURL": "URL_TO_AUTOCONFIG",
4956 "AutoLogin": true | false,
4957 "UseProxyForDNS": true | false
4958 }
4959 }
4960 }
4961 ```
4962 ### RequestedLocales
4963 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
4964
4965 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
4966
4967 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
4968 **CCK2 Equivalent:** N/A\
4969 **Preferences Affected:** N/A
4970 #### Windows (GPO)
4971 ```
4972 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
4973 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
4974
4975 or
4976
4977 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
4978 ```
4979 #### Windows (Intune)
4980 OMA-URI:
4981 ```
4982 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
4983 ```
4984 Value (string):
4985 ```
4986 <enabled/>
4987 <data id="Preferences_String" value="de,en-US"/>
4988 ```
4989 #### macOS
4990 ```
4991 <dict>
4992 <key>RequestedLocales</key>
4993 <array>
4994 <string>de</string>
4995 <string>en-US</string>
4996 </array>
4997 </dict>
4998
4999 or
5000
5001 <dict>
5002 <key>RequestedLocales</key>
5003 <string>de,en-US</string>
5004 </dict>
5005
5006 ```
5007 #### policies.json
5008 ```
5009 {
5010 "policies": {
5011 "RequestedLocales": ["de", "en-US"]
5012 }
5013 }
5014
5015 or
5016
5017 {
5018 "policies": {
5019 "RequestedLocales": "de,en-US"
5020 }
5021 }
5022 ```
5023 <a name="SanitizeOnShutdown"></a>
5024
5025 ### SanitizeOnShutdown (Selective)
5026 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5027
5028 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5029
5030 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5031 **CCK2 Equivalent:** N/A\
5032 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5033 #### Windows (GPO)
5034 ```
5035 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5036 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5037 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5038 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5039 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5040 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5041 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5042 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5043 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5044 ```
5045 #### Windows (Intune)
5046 OMA-URI:
5047 ```
5048 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5049 ```
5050 Value (string):
5051 ```
5052 <enabled/> or <disabled/>
5053 ```
5054 OMA-URI:
5055 ```
5056 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5057 ```
5058 Value (string):
5059 ```
5060 <enabled/> or <disabled/>
5061 ```
5062 OMA-URI:
5063 ```
5064 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5065 ```
5066 Value (string):
5067 ```
5068 <enabled/> or <disabled/>
5069 ```
5070 OMA-URI:
5071 ```
5072 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5073 ```
5074 Value (string):
5075 ```
5076 <enabled/> or <disabled/>
5077 ```
5078 OMA-URI:
5079 ```
5080 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5081 ```
5082 Value (string):
5083 ```
5084 <enabled/> or <disabled/>
5085 ```
5086 OMA-URI:
5087 ```
5088 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5089 ```
5090 Value (string):
5091 ```
5092 <enabled/> or <disabled/>
5093 ```
5094 OMA-URI:
5095 ```
5096 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5097 ```
5098 Value (string):
5099 ```
5100 <enabled/> or <disabled/>
5101 ```
5102 OMA-URI:
5103 ```
5104 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5105 ```
5106 Value (string):
5107 ```
5108 <enabled/> or <disabled/>
5109 ```
5110 OMA-URI:
5111 ```
5112 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5113 ```
5114 Value (string):
5115 ```
5116 <enabled/> or <disabled/>
5117 ```
5118 #### macOS
5119 ```
5120 <dict>
5121 <key>SanitizeOnShutdown</key>
5122 <dict>
5123 <key>Cache</key>
5124 <true/> | <false/>
5125 <key>Cookies</key>
5126 <true/> | <false/>
5127 <key>Downloads</key>
5128 <true/> | <false/>
5129 <key>FormData</key>
5130 <true/> | <false/>
5131 <key>History</key>
5132 <true/> | <false/>
5133 <key>Sessions</key>
5134 <true/> | <false/>
5135 <key>SiteSettings</key>
5136 <true/> | <false/>
5137 <key>OfflineApps</key>
5138 <true/> | <false/>
5139 <key>Locked</key>
5140 <true/> | <false/>
5141 </dict>
5142 </dict>
5143 ```
5144 #### policies.json
5145 ```
5146 {
5147 "policies": {
5148 "SanitizeOnShutdown": {
5149 "Cache": true | false,
5150 "Cookies": true | false,
5151 "Downloads": true | false,
5152 "FormData": true | false,
5153 "History": true | false,
5154 "Sessions": true | false,
5155 "SiteSettings": true | false,
5156 "OfflineApps": true | false,
5157 "Locked": true | false
5158 }
5159 }
5160 }
5161 ```
5162 ### SanitizeOnShutdown (All)
5163 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5164
5165 **Compatibility:** Firefox 60, Firefox ESR 60\
5166 **CCK2 Equivalent:** N/A\
5167 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5168 #### Windows (GPO)
5169 ```
5170 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5171 ```
5172 #### Windows (Intune)
5173 OMA-URI:
5174 ```
5175 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5176 ```
5177 Value (string):
5178 ```
5179 <enabled/> or <disabled/>
5180 ```
5181 #### macOS
5182 ```
5183 <dict>
5184 <key>SanitizeOnShutdown</key>
5185 <true/> | <false/>
5186 </dict>
5187 ```
5188 #### policies.json
5189 ```
5190 {
5191 "policies": {
5192 "SanitizeOnShutdown": true | false
5193 }
5194 }
5195 ```
5196 ### SearchBar
5197 Set whether or not search bar is displayed.
5198
5199 **Compatibility:** Firefox 60, Firefox ESR 60\
5200 **CCK2 Equivalent:** `showSearchBar`\
5201 **Preferences Affected:** N/A
5202
5203 #### Windows (GPO)
5204 ```
5205 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5206 ```
5207
5208 #### Windows (Intune)
5209 OMA-URI:
5210 ```
5211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5212 ```
5213 Value (string):
5214 ```
5215 <enabled/>
5216 <data id="SearchBar" value="unified | separate"/>
5217 ```
5218 #### macOS
5219 ```
5220 <dict>
5221 <key>SearchBar</key>
5222 <string>unified | separate</string>
5223 </dict>
5224 ```
5225 #### policies.json
5226 ```
5227 {
5228 "policies": {
5229 "SearchBar": "unified" | "separate"
5230 }
5231 }
5232 ```
5233 <a name="SearchEngines"></a>
5234
5235 ### SearchEngines (This policy is only available on the ESR.)
5236
5237 ### SearchEngines | Add
5238
5239 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5240
5241 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5242
5243 `Name` is the name of the search engine.
5244
5245 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5246
5247 `Method` is either GET or POST
5248
5249 `IconURL` is a URL for the icon to use.
5250
5251 `Alias` is a keyword to use for the engine.
5252
5253 `Description` is a description of the search engine.
5254
5255 `PostData` is the POST data as name value pairs separated by &.
5256
5257 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5258
5259 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5260
5261 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5262 **CCK2 Equivalent:** `searchplugins`\
5263 **Preferences Affected:** N/A
5264
5265 #### Windows (GPO)
5266 ```
5267 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5268 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5269 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5270 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5271 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5272 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5273 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5274 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5275 ```
5276 #### Windows (Intune)
5277 OMA-URI:
5278 ```
5279 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5280 ```
5281 Value (string):
5282 ```
5283 <enabled/>
5284 <data id="SearchEngine_Name" value="Example1"/>
5285 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5286 <data id="SearchEngine_Method" value="GET | POST"/>
5287 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5288 <data id="SearchEngine_Alias" value="example"/>
5289 <data id="SearchEngine_Description" value="Example Description"/>
5290 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5291 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5292 ```
5293 #### macOS
5294 ```
5295 <dict>
5296 <key>SearchEngines</key>
5297 <dict>
5298 <key>Add</key>
5299 <array>
5300 <dict>
5301 <key>Name</key>
5302 <string>Example1</string>
5303 <key>URLTemplate</key>
5304 <string>https://www.example.org/q={searchTerms}</string>
5305 <key>Method</key>
5306 <string>GET | POST </string>
5307 <key>IconURL</key>
5308 <string>https://www.example.org/favicon.ico</string>
5309 <key>Alias</key>
5310 <string>example</string>
5311 <key>Description</key>
5312 <string>Example Description</string>
5313 <key>SuggestURLTemplate</key>
5314 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5315 <key>PostData</key>
5316 <string>name=value&q={searchTerms}</string>
5317 </dict>
5318 <array>
5319 </dict>
5320 </dict>
5321 ```
5322 #### policies.json
5323 ```
5324 {
5325 "policies": {
5326 "SearchEngines": {
5327 "Add": [
5328 {
5329 "Name": "Example1",
5330 "URLTemplate": "https://www.example.org/q={searchTerms}",
5331 "Method": "GET" | "POST",
5332 "IconURL": "https://www.example.org/favicon.ico",
5333 "Alias": "example",
5334 "Description": "Description",
5335 "PostData": "name=value&q={searchTerms}",
5336 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5337 }
5338 ]
5339 }
5340 }
5341 }
5342 ```
5343 ### SearchEngines | Default
5344
5345 Set the default search engine. This policy is only available on the ESR.
5346
5347 **Compatibility:** Firefox ESR 60\
5348 **CCK2 Equivalent:** `defaultSearchEngine`\
5349 **Preferences Affected:** N/A
5350
5351 #### Windows (GPO)
5352 ```
5353 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5354 ```
5355 #### Windows (Intune)
5356 OMA-URI:
5357 ```
5358 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5359 ```
5360 Value (string):
5361 ```
5362 <enabled/>
5363 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5364 ```
5365 #### macOS
5366 ```
5367 <dict>
5368 <key>SearchEngines</key>
5369 <dict>
5370 <key>Default</key>
5371 <string>NAME_OF_SEARCH_ENGINE</string>
5372 </dict>
5373 </dict>
5374 ```
5375 #### policies.json
5376 ```
5377 {
5378 "policies": {
5379 "SearchEngines": {
5380 "Default": "NAME_OF_SEARCH_ENGINE"
5381 }
5382 }
5383 }
5384 ```
5385 ### SearchEngines | PreventInstalls
5386
5387 Prevent installing search engines from webpages.
5388
5389 **Compatibility:** Firefox ESR 60\
5390 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5391 **Preferences Affected:** N/A
5392
5393 #### Windows (GPO)
5394 ```
5395 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5396 ```
5397 #### Windows (Intune)
5398 OMA-URI:
5399 ```
5400 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5401 ```
5402 Value (string):
5403 ```
5404 <enabled/> or <disabled/>
5405 ```
5406 #### macOS
5407 ```
5408 <dict>
5409 <key>SearchEngines</key>
5410 <dict>
5411 <key>PreventInstalls</key>
5412 <true/> | <false/>
5413 </dict>
5414 </dict>
5415 ```
5416 #### policies.json
5417 ```
5418 {
5419 "policies": {
5420 "SearchEngines": {
5421 "PreventInstalls": true | false
5422 }
5423 }
5424 }
5425 ```
5426 ### SearchEngines | Remove
5427
5428 Hide built-in search engines. This policy is only available on the ESR.
5429
5430 **Compatibility:** Firefox ESR 60.2\
5431 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5432 **Preferences Affected:** N/A
5433
5434 #### Windows (GPO)
5435 ```
5436 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5437 ```
5438 #### Windows (Intune)
5439 OMA-URI:
5440 ```
5441 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5442 ```
5443 Value (string):
5444 ```
5445 <enabled/>
5446 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5447 ```
5448 #### macOS
5449 ```
5450 <dict>
5451 <key>SearchEngines</key>
5452 <dict>
5453 <key>Remove</key>
5454 <array>
5455 <string>NAME_OF_SEARCH_ENGINE</string>
5456 </array>
5457 </dict>
5458 </dict>
5459 ```
5460 #### policies.json
5461 ```
5462 {
5463 "policies": {
5464 "SearchEngines": {
5465 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5466 }
5467 }
5468 }
5469 ```
5470 ### SearchSuggestEnabled
5471
5472 Enable search suggestions.
5473
5474 **Compatibility:** Firefox 68, Firefox ESR 68\
5475 **CCK2 Equivalent:** N/A\
5476 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5477
5478 #### Windows (GPO)
5479 ```
5480 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5481 ```
5482 #### Windows (Intune)
5483 OMA-URI:
5484 ```
5485 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5486 ```
5487 Value (string):
5488 ```
5489 <enabled/> or <disabled/>
5490 ```
5491 #### macOS
5492 ```
5493 <dict>
5494 <key>SearchSuggestEnabled</key>
5495 <true/> | <false/>
5496 </dict>
5497 ```
5498 #### policies.json
5499 ```
5500 {
5501 "policies": {
5502 "SearchSuggestEnabled": true | false
5503 }
5504 }
5505 ```
5506 ### SecurityDevices
5507
5508 Add or delete PKCS #11 modules.
5509
5510 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5511 **CCK2 Equivalent:** N/A\
5512 **Preferences Affected:** N/A
5513
5514 #### Windows (GPO)
5515 ```
5516 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5517 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5518 ```
5519 #### Windows (Intune)
5520 OMA-URI:
5521 ```
5522 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5523 ```
5524 Value (string):
5525 ```
5526 <enabled/>
5527 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5528 ```
5529 OMA-URI:
5530 ```
5531 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5532 ```
5533 Value (string):
5534 ```
5535 <enabled/>
5536 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5537 ```
5538 #### macOS
5539 ```
5540 <dict>
5541 <key>SecurityDevices</key>
5542 <dict>
5543 <key>Add<key>
5544 <dict>
5545 <key>NAME_OF_DEVICE_TO_ADD</key>
5546 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5547 </dict>
5548 <key>Delete</add>
5549 <array>
5550 <string>NAME_OF_DEVICE_TO_DELETE</string>
5551 </array>
5552 </dict>
5553 </dict>
5554 ```
5555 #### policies.json
5556 ```
5557 {
5558 "policies": {
5559 "SecurityDevices": {
5560 "Add": {
5561 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5562 },
5563 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5564 }
5565 }
5566 }
5567 ```
5568 ### SecurityDevices (Deprecated)
5569
5570 Install PKCS #11 modules.
5571
5572 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5573 **CCK2 Equivalent:** `certs.devices`\
5574 **Preferences Affected:** N/A
5575
5576 #### Windows (GPO)
5577 ```
5578 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5579 ```
5580 #### Windows (Intune)
5581 OMA-URI:
5582 ```
5583 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5584 ```
5585 Value (string):
5586 ```
5587 <enabled/>
5588 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5589 ```
5590 #### macOS
5591 ```
5592 <dict>
5593 <key>SecurityDevices</key>
5594 <dict>
5595 <key>NAME_OF_DEVICE</key>
5596 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5597 </dict>
5598 </dict>
5599 ```
5600 #### policies.json
5601 ```
5602 {
5603 "policies": {
5604 "SecurityDevices": {
5605 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5606 }
5607 }
5608 }
5609 ```
5610 ### ShowHomeButton
5611 Show the home button on the toolbar.
5612
5613 Future versions of Firefox will not show the home button by default.
5614
5615 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5616 **CCK2 Equivalent:** N/A\
5617 **Preferences Affected:** N/A
5618
5619 #### Windows (GPO)
5620 ```
5621 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5622 ```
5623 #### Windows (Intune)
5624 OMA-URI:
5625 ```
5626 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5627 ```
5628 Value (string):
5629 ```
5630 <enabled/> or <disabled/>
5631 ```
5632 #### macOS
5633 ```
5634 <dict>
5635 <key>ShowHomeButton</key>
5636 <true/> | <false/>
5637 </dict>
5638 ```
5639 #### policies.json
5640 ```
5641 {
5642 "policies": {
5643 "ShowHomeButton": true | false
5644 }
5645 }
5646 ```
5647 ### SSLVersionMax
5648
5649 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5650
5651 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5652 **CCK2 Equivalent:** N/A\
5653 **Preferences Affected:** `security.tls.version.max`
5654
5655 #### Windows (GPO)
5656 ```
5657 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5658 ```
5659 #### Windows (Intune)
5660 OMA-URI:
5661 ```
5662 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5663 ```
5664 Value (string):
5665 ```
5666 <enabled/>
5667 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5668 ```
5669 #### macOS
5670 ```
5671 <dict>
5672 <key>SSLVersionMax</key>
5673 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5674 </dict>
5675 ```
5676
5677 #### policies.json
5678 ```
5679 {
5680 "policies": {
5681 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5682 }
5683 }
5684 ```
5685 ### SSLVersionMin
5686
5687 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5688
5689 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5690 **CCK2 Equivalent:** N/A\
5691 **Preferences Affected:** `security.tls.version.min`
5692
5693 #### Windows (GPO)
5694 ```
5695 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5696 ```
5697 #### Windows (Intune)
5698 OMA-URI:
5699 ```
5700 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5701 ```
5702 Value (string):
5703 ```
5704 <enabled/>
5705 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5706 ```
5707 #### macOS
5708 ```
5709 <dict>
5710 <key>SSLVersionMin</key>
5711 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5712 </dict>
5713 ```
5714
5715 #### policies.json
5716 ```
5717 {
5718 "policies": {
5719 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5720 }
5721 }
5722 ```
5723 ### SupportMenu
5724 Add a menuitem to the help menu for specifying support information.
5725
5726 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5727 **CCK2 Equivalent:** helpMenu\
5728 **Preferences Affected:** N/A
5729
5730 #### Windows (GPO)
5731 ```
5732 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5733 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5734 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5735 ```
5736 #### Windows (Intune)
5737 OMA-URI:
5738 ```
5739 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5740 ```
5741 Value (string):
5742 ```
5743 <enabled/>
5744 <data id="SupportMenuTitle" value="Support Menu"/>
5745 <data id="SupportMenuURL" value="http://example.com/support"/>
5746 <data id="SupportMenuAccessKey" value="S"/>
5747 ```
5748 #### macOS
5749 ```
5750 <dict>
5751 <key>SupportMenu</key>
5752 <dict>
5753 <key>Title</key>
5754 <string>SupportMenu</string>
5755 <key>URL</key>
5756 <string>http://example.com/support</string>
5757 <key>AccessKey</key>
5758 <string>S</string>
5759 </dict>
5760 </dict>
5761 ```
5762 #### policies.json
5763 ```
5764 {
5765 "policies": {
5766 "SupportMenu": {
5767 "Title": "Support Menu",
5768 "URL": "http://example.com/support",
5769 "AccessKey": "S"
5770 }
5771 }
5772 }
5773 ```
5774 ### StartDownloadsInTempDirectory
5775 Force downloads to start off in a local, temporary location rather than the default download directory.
5776
5777 **Compatibility:** Firefox 102\
5778 **CCK2 Equivalent:** N/A\
5779 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
5780
5781 #### Windows (GPO)
5782 ```
5783 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
5784 ```
5785 #### Windows (Intune)
5786 OMA-URI:
5787 ```
5788 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
5789 ```
5790 Value (string):
5791 ```
5792 <enabled/> or <disabled/>
5793 ```
5794 #### macOS
5795 ```
5796 <dict>
5797 <key>StartDownloadsInTempDirectory</key>
5798 <true/> | <false/>
5799 </dict>
5800 ```
5801 #### policies.json
5802 ```
5803 {
5804 "policies": {
5805 "StartDownloadsInTempDirectory": true | false
5806 }
5807 ```
5808 ### UserMessaging
5809
5810 Prevent Firefox from messaging the user in certain situations.
5811
5812 `WhatsNew` Remove the "What's New" icon and menuitem.
5813
5814 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
5815
5816 `FeatureRecommendations` If false, don't recommend browser features.
5817
5818 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
5819
5820 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
5821
5822 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
5823
5824 `Locked` prevents the user from changing user messaging preferences.
5825
5826 **Compatibility:** Firefox 75, Firefox ESR 68.7\
5827 **CCK2 Equivalent:** N/A\
5828 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
5829
5830 #### Windows (GPO)
5831 ```
5832 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
5833 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
5834 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
5835 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
5836 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
5837 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
5838 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
5839 ```
5840 #### Windows (Intune)
5841 OMA-URI:
5842 ```
5843 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
5844 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
5845 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
5846 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
5847 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
5848 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
5849 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
5850 ```
5851 Value (string):
5852 ```
5853 <enabled/> or <disabled/>
5854 ```
5855 #### macOS
5856 ```
5857 <dict>
5858 <key>UserMessaging</key>
5859 <dict>
5860 <key>WhatsNew</key>
5861 <true/> | <false/>
5862 <key>ExtensionRecommendations</key>
5863 <true/> | <false/>
5864 <key>FeatureRecommendations</key>
5865 <true/> | <false/>
5866 <key>UrlbarInterventions</key>
5867 <true/> | <false/>
5868 <key>SkipOnboarding</key>
5869 <true/> | <false/>
5870 <key>MoreFromMozilla</key>
5871 <true/> | <false/>
5872 <key>Locked</key>
5873 <true/> | <false/>
5874 </dict>
5875 </dict>
5876 ```
5877 #### policies.json
5878 ```
5879 {
5880 "policies": {
5881 "UserMessaging": {
5882 "WhatsNew": true | false,
5883 "ExtensionRecommendations": true | false,
5884 "FeatureRecommendations": true | false,
5885 "UrlbarInterventions": true | false,
5886 "SkipOnboarding": true | false,
5887 "MoreFromMozilla": true | false,
5888 "Locked": true | false
5889 }
5890 }
5891 }
5892 ```
5893 ### UseSystemPrintDialog
5894 Use the system print dialog instead of the print preview window.
5895
5896 **Compatibility:** Firefox 102\
5897 **CCK2 Equivalent:** N/A\
5898 **Preferences Affected:** `print.prefer_system_dialog`
5899
5900 #### Windows (GPO)
5901 ```
5902 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
5903 ```
5904 #### Windows (Intune)
5905 OMA-URI:
5906 ```
5907 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
5908 ```
5909 Value (string):
5910 ```
5911 <enabled/> or <disabled/>
5912 ```
5913 #### macOS
5914 ```
5915 <dict>
5916 <key>UseSystemPrintDialog</key>
5917 <true/> | <false/>
5918 </dict>
5919 ```
5920 #### policies.json
5921 ```
5922 {
5923 "policies": {
5924 "UseSystemPrintDialog": true | false
5925 }
5926 }
5927 ```
5928 ### WebsiteFilter
5929 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
5930 The arrays are limited to 1000 entries each.
5931
5932 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
5933
5934 For specific protocols, use `https://*/*` or `http://*/*`.
5935
5936 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
5937
5938 **Compatibility:** Firefox 60, Firefox ESR 60\
5939 **CCK2 Equivalent:** N/A\
5940 **Preferences Affected:** N/A
5941
5942 #### Windows (GPO)
5943 ```
5944 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
5945 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
5946 ```
5947 #### Windows (Intune)
5948 OMA-URI:
5949 ```
5950 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
5951 ```
5952 Value (string):
5953 ```
5954 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
5955 ```
5956 OMA-URI:
5957 ```
5958 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
5959 ```
5960 Value (string):
5961 ```
5962 <enabled/>
5963 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
5964 ```
5965 #### macOS
5966 ```
5967 <dict>
5968 <key>WebsiteFilter</key>
5969 <dict>
5970 <key>Block</key>
5971 <array>
5972 <string><all_urls></string>
5973 </array>
5974 <key>Exceptions</key>
5975 <array>
5976 <string>http://example.org/*</string>
5977 </array>
5978 </dict>
5979
5980 </dict>
5981 ```
5982 #### policies.json
5983 ```
5984 {
5985 "policies": {
5986 "WebsiteFilter": {
5987 "Block": ["<all_urls>"],
5988 "Exceptions": ["http://example.org/*"]
5989 }
5990 }
5991 }
5992 ```
5993 ### WindowsSSO
5994 Allow Windows single sign-on for Microsoft, work, and school accounts.
5995
5996 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
5997
5998 **Compatibility:** Firefox 91\
5999 **CCK2 Equivalent:** N/A\
6000 **Preferences Affected:** `network.http.windows-sso.enabled`
6001
6002 #### Windows (GPO)
6003 ```
6004 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6005 ```
6006 #### Windows (Intune)
6007 OMA-URI:
6008 ```
6009 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6010 ```
6011 Value (string):
6012 ```
6013 <enabled/> or <disabled/>
6014 ```
6015 #### policies.json
6016 ```
6017 {
6018 "policies": {
6019 "WindowsSSO": true | false
6020 }
6021 }
6022 ```

patrick-canterino.de