]> git.p6c8.net - policy-templates.git/blob - docs/index.md
48d4ba9d2b65a8eac34db8e81d41ce604cf420d8
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
21 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
22 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
23 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
24 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
25 | **[`AutofillAddressEnabled`](#autofilladdressenabled)** | Enable autofill for addresses.
26 | **[`AutofillCreditCardEnabled`](#autofillcreditcardenabled)** | Enable autofill for payment methods.
27 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
28 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
29 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
30 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
31 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
32 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
33 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
34 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
35 | **[`Certificates`](#certificates)** |
36 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
37 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
38 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
39 | **[`Cookies`](#cookies)** | Configure cookie preferences.
40 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
41 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
42 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
43 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
44 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
45 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
46 | **[`DisableEncryptedClientHello`](#disableencryptedclienthello)** | Disable the TLS Feature Encrypted Client Hello (ECH).
47 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
48 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
49 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
50 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
51 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
52 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
53 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
54 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
55 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
56 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
57 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
58 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
59 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
60 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
61 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
62 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
63 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
64 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
65 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
66 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
67 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
68 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
69 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
70 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
71 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
72 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
73 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
74 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
75 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
76 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
77 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
78 | **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
79 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
80 | **[`Handlers`](#handlers)** | Configure default application handlers.
81 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
82 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
83 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
84 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
85 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
86 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
87 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
88 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
89 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
90 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
91 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
92 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
93 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
94 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
95 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
96 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
97 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
98 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
99 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
100 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
101 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
102 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
103 | **[`Preferences`](#preferences)** | Set and lock preferences.
104 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
105 | **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
106 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
107 | **[`Proxy`](#proxy)** | Configure proxy settings.
108 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
109 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
110 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
111 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
112 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
113 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
114 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
115 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
116 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
117 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
118 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
119 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
120 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
121 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
122 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
123 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
124 | **[`TranslateEnabled`](#translateenabled)** | Enable or disable webpage translation.
125 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
126 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
127 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
128 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
129
130 ### 3rdparty
131
132 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/enterprise-development/#how-to-add-policy).
133
134 For GPO and Intune, the extension developer should provide an ADMX file.
135
136 **Compatibility:** Firefox 68\
137 **CCK2 Equivalent:** N/A\
138 **Preferences Affected:** N/A
139
140 #### macOS
141 ```
142 <dict>
143 <key>3rdparty</key>
144 <dict>
145 <key>Extensions</key>
146 <dict>
147 <key>uBlock0@raymondhill.net</key>
148 <dict>
149 <key>adminSettings</key>
150 <dict>
151 <key>selectedFilterLists</key>
152 <array>
153 <string>ublock-privacy</string>
154 <string>ublock-badware</string>
155 <string>ublock-filters</string>
156 <string>user-filters</string>
157 </array>
158 </dict>
159 </dict>
160 </dict>
161 </dict>
162 </dict>
163 ```
164 #### policies.json
165 ```
166 {
167 "policies": {
168 "3rdparty": {
169 "Extensions": {
170 "uBlock0@raymondhill.net": {
171 "adminSettings": {
172 "selectedFilterLists": [
173 "ublock-privacy",
174 "ublock-badware",
175 "ublock-filters",
176 "user-filters"
177 ]
178 }
179 }
180 }
181 }
182 }
183 }
184 ```
185
186 ### AllowedDomainsForApps
187
188 Define domains allowed to access Google Workspace.
189
190 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
191
192 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
193
194 **Compatibility:** Firefox 89, Firefox ESR 78.11\
195 **CCK2 Equivalent:** N/A\
196 **Preferences Affected:** N/A
197
198 #### Windows (GPO)
199 ```
200 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
201 ```
202 #### Windows (Intune)
203 OMA-URI:
204 ```
205 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
206 ```
207 Value (string):
208 ```
209 <enabled/>
210 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
211 ```
212 #### macOS
213 ```
214 <dict>
215 <key>AllowedDomainsForApps</key>
216 <string>managedfirefox.com,example.com</string>
217 </dict>
218 ```
219 #### policies.json
220 ```
221 {
222 "policies": {
223 "AllowedDomainsForApps": "managedfirefox.com,example.com"
224 }
225 }
226 ```
227 ### AllowFileSelectionDialogs
228
229 Enable or disable file selection dialogs.
230
231 **Compatibility:** Firefox 124\
232 **CCK2 Equivalent:** N/A\
233 **Preferences Affected:** `widget.disable_file_pickers`
234
235 #### Windows (GPO)
236 ```
237 Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0
238 ```
239 #### Windows (Intune)
240 OMA-URI:
241 ```
242 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate
243 ```
244 Value (string):
245 ```
246 <enabled/> or <disabled/>
247 ```
248 #### macOS
249 ```
250 <dict>
251 <key>AllowFileSelectionDialogs</key>
252 <true/> | <false/>
253 </dict>
254 ```
255 #### policies.json
256 ```
257 {
258 "policies": {
259 "AllowFileSelectionDialogs": true | false
260 }
261 }
262 ```
263 ### AppAutoUpdate
264
265 Enable or disable **automatic** application update.
266
267 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
268
269 If set to false, application updates are downloaded but the user can choose when to install the update.
270
271 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
272
273 **Compatibility:** Firefox 75, Firefox ESR 68.7\
274 **CCK2 Equivalent:** N/A\
275 **Preferences Affected:** `app.update.auto`
276
277 #### Windows (GPO)
278 ```
279 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
280 ```
281 #### Windows (Intune)
282 OMA-URI:
283 ```
284 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
285 ```
286 Value (string):
287 ```
288 <enabled/> or <disabled/>
289 ```
290 #### macOS
291 ```
292 <dict>
293 <key>AppAutoUpdate</key>
294 <true/> | <false/>
295 </dict>
296 ```
297 #### policies.json
298 ```
299 {
300 "policies": {
301 "AppAutoUpdate": true | false
302 }
303 }
304 ```
305 ### AppUpdatePin
306
307 Prevent Firefox from being updated beyond the specified version.
308
309 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
310
311 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
312
313 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
314
315 **Compatibility:** Firefox 102,\
316 **CCK2 Equivalent:** N/A\
317 **Preferences Affected:** N/A
318
319 #### Windows (GPO)
320 ```
321 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
322 ```
323 #### Windows (Intune)
324 OMA-URI:
325 ```
326 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
327 ```
328 Value (string):
329 ```
330 <enabled/>
331 <data id="AppUpdatePin" value="106."/>
332 ```
333 #### macOS
334 ```
335 <dict>
336 <key>AppUpdatePin</key>
337 <string>106.</string>
338 </dict>
339 ```
340 #### policies.json
341 ```
342 {
343 "policies": {
344 "AppUpdatePin": "106."
345 }
346 }
347 ```
348 ### AppUpdateURL
349
350 Change the URL for application update if you are providing Firefox updates from a custom update server.
351
352 **Compatibility:** Firefox 62, Firefox ESR 60.2\
353 **CCK2 Equivalent:** N/A\
354 **Preferences Affected:** `app.update.url`
355
356 #### Windows (GPO)
357 ```
358 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
359 ```
360 #### Windows (Intune)
361 OMA-URI:
362 ```
363 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
364 ```
365 Value (string):
366 ```
367 <enabled/>
368 <data id="AppUpdateURL" value="https://yoursite.com"/>
369 ```
370 #### macOS
371 ```
372 <dict>
373 <key>AppUpdateURL</key>
374 <string>https://yoursite.com</string>
375 </dict>
376 ```
377 #### policies.json
378 ```
379 {
380 "policies": {
381 "AppUpdateURL": "https://yoursite.com"
382 }
383 }
384 ```
385 ### Authentication
386
387 Configure sites that support integrated authentication.
388
389 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
390
391 `PrivateBrowsing` enables integrated authentication in private browsing.
392
393 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
394 **CCK2 Equivalent:** N/A\
395 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
396
397 #### Windows (GPO)
398 ```
399 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
400 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
401 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
402 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
403 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
404 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
405 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
406 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
407 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
408 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
409 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
410 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
411 ```
412 #### Windows (Intune)
413 OMA-URI:
414 ```
415 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
416 ```
417 Value (string):
418 ```
419 <enabled/>
420 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
421 ```
422 OMA-URI:
423 ```
424 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
425 ```
426 Value (string):
427 ```
428 <enabled/>
429 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
430 ```
431 OMA-URI:
432 ```
433 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
434 ```
435 Value (string):
436 ```
437 <enabled/>
438 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
439 ```
440 OMA-URI:
441 ```
442 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
443 ```
444 Value (string):
445 ```
446 <enabled/>
447 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
448 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
449 ```
450 OMA-URI:
451 ```
452 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
453 ```
454 Value (string):
455 ```
456 <enabled/> or <disabled/>
457 ```
458 OMA-URI:
459 ```
460 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
461 ```
462 Value (string):
463 ```
464 <enabled/> or <disabled/>
465 ```
466 #### macOS
467 ```
468 <dict>
469 <key>Authentication</key>
470 <dict>
471 <key>SPNEGO</key>
472 <array>
473 <string>mydomain.com</string>
474 <string>https://myotherdomain.com</string>
475 </array>
476 <key>Delegated</key>
477 <array>
478 <string>mydomain.com</string>
479 <string>https://myotherdomain.com</string>
480 </array>
481 <key>NTLM</key>
482 <array>
483 <string>mydomain.com</string>
484 <string>https://myotherdomain.com</string>
485 </array>
486 <key>AllowNonFQDN</key>
487 <dict>
488 <key>SPNEGO</key>
489 <true/> | <false/>
490 <key>NTLM</key>
491 <true/> | <false/>
492 </dict>
493 <key>AllowProxies</key>
494 <dict>
495 <key>SPNEGO</key>
496 <true/> | <false/>
497 <key>NTLM</key>
498 <true/> | <false/>
499 </dict>
500 <key>Locked</key>
501 <true/> | <false/>
502 <key>PrivateBrowsing</key>
503 <true/> | <false/>
504 </dict>
505 </dict>
506 ```
507 #### policies.json
508 ```
509 {
510 "policies": {
511 "Authentication": {
512 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
513 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
514 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
515 "AllowNonFQDN": {
516 "SPNEGO": true | false,
517 "NTLM": true | false
518 },
519 "AllowProxies": {
520 "SPNEGO": true | false,
521 "NTLM": true | false
522 },
523 "Locked": true | false,
524 "PrivateBrowsing": true | false
525 }
526 }
527 }
528 ```
529 ### AutofillAddressEnabled
530
531 Enables or disables autofill for addresses.
532
533 This only applies when address autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/automatically-fill-your-address-web-forms) for more information.
534
535 **Compatibility:** Firefox 125, Firefox ESR 115.10\
536 **CCK2 Equivalent:** N/A\
537 **Preferences Affected:** `extensions.formautofill.addresses.enabled`
538
539 #### Windows (GPO)
540 ```
541 Software\Policies\Mozilla\Firefox\AutofillAddressEnabled = 0x1 | 0x0
542 ```
543 #### Windows (Intune)
544 OMA-URI:
545 ```
546 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillAddressEnabled
547 ```
548 Value (string):
549 ```
550 <enabled/> or <disabled/>
551 ```
552 #### macOS
553 ```
554 <dict>
555 <key>AutofillAddressEnabled</key>
556 <true/> | <false/>
557 </dict>
558 ```
559 #### policies.json
560 ```
561 {
562 "policies": {
563 "AutofillAddressEnabled": true | false
564 }
565 }
566 ```
567 ### AutofillCreditCardEnabled
568
569 Enables or disables autofill for payment methods.
570
571 This only applies when payment method autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/credit-card-autofill) for more information.
572
573 **Compatibility:** Firefox 125, Firefox ESR 115.10\
574 **CCK2 Equivalent:** N/A\
575 **Preferences Affected:** `extensions.formautofill.creditCards.enabled`
576
577 #### Windows (GPO)
578 ```
579 Software\Policies\Mozilla\Firefox\AutofillCreditCardEnabled = 0x1 | 0x0
580 ```
581 #### Windows (Intune)
582 OMA-URI:
583 ```
584 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillCreditCardEnabled
585 ```
586 Value (string):
587 ```
588 <enabled/> or <disabled/>
589 ```
590 #### macOS
591 ```
592 <dict>
593 <key>AutofillCreditCardEnabled</key>
594 <true/> | <false/>
595 </dict>
596 ```
597 #### policies.json
598 ```
599 {
600 "policies": {
601 "AutofillCreditCardEnabled": true | false
602 }
603 }
604 ```
605 ### AutoLaunchProtocolsFromOrigins
606 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
607
608 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
609
610 The schema is:
611 ```
612 {
613 "items": {
614 "properties": {
615 "allowed_origins": {
616 "items": {
617 "type": "string"
618 },
619 "type": "array"
620 },
621 "protocol": {
622 "type": "string"
623 }
624 },
625 "required": [
626 "protocol",
627 "allowed_origins"
628 ],
629 "type": "object"
630 },
631 "type": "array"
632 }
633 ```
634 **Compatibility:** Firefox 90, Firefox ESR 78.12\
635 **CCK2 Equivalent:** N/A\
636 **Preferences Affected:** N/A
637
638 #### Windows (GPO)
639 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
640 ```
641 [
642 {
643 "protocol": "zoommtg",
644 "allowed_origins": [
645 "https://somesite.zoom.us"
646 ]
647 }
648 ]
649 ```
650 #### Windows (Intune)
651 OMA-URI:
652 ```
653 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
654 ```
655 Value (string):
656 ```
657 <enabled/>
658 <data id="JSON" value='
659 [
660 {
661 "protocol": "zoommtg",
662 "allowed_origins": [
663 "https://somesite.zoom.us"
664 ]
665 }
666 ]'/>
667 ```
668 #### macOS
669 ```
670 <dict>
671 <key>AutoLaunchProtocolsFromOrigins</key>
672 <array>
673 <dict>
674 <key>protocol</key>
675 <string>zoommtg</string>
676 <key>allowed_origins</key>
677 <array>
678 <string>https://somesite.zoom.us</string>
679 </array>
680 </dict>
681 </array>
682 </dict>
683 ```
684 #### policies.json
685 ```
686 {
687 "policies": {
688 "AutoLaunchProtocolsFromOrigins": [{
689 "protocol": "zoommtg",
690 "allowed_origins": [
691 "https://somesite.zoom.us"
692 ]
693 }]
694 }
695 }
696 ```
697 ### BackgroundAppUpdate
698
699 Enable or disable **automatic** application update **in the background**, when the application is not running.
700
701 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
702
703 If set to false, the application will not try to install updates when the application is not running.
704
705 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
706
707 If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows).
708
709 **Compatibility:** Firefox 90 (Windows only)\
710 **CCK2 Equivalent:** N/A\
711 **Preferences Affected:** `app.update.background.enabled`
712
713 #### Windows (GPO)
714 ```
715 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
716 ```
717 #### Windows (Intune)
718 OMA-URI:
719 ```
720 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
721 ```
722 Value (string):
723 ```
724 <enabled/> or <disabled/>
725 ```
726 #### macOS
727 ```
728 <dict>
729 <key>BackgroundAppUpdate</key>
730 <true/> | <false/>
731 </dict>
732 ```
733 #### policies.json
734 ```
735 {
736 "policies": {
737 "BackgroundAppUpdate": true | false
738 }
739 }
740 ```
741 ### BlockAboutAddons
742
743 Block access to the Add-ons Manager (about:addons).
744
745 **Compatibility:** Firefox 60, Firefox ESR 60\
746 **CCK2 Equivalent:** `disableAddonsManager`\
747 **Preferences Affected:** N/A
748
749 #### Windows (GPO)
750 ```
751 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
752 ```
753 #### Windows (Intune)
754 OMA-URI:
755 ```
756 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
757 ```
758 Value (string):
759 ```
760 <enabled/> or <disabled/>
761 ```
762 #### macOS
763 ```
764 <dict>
765 <key>BlockAboutAddons</key>
766 <true/> | <false/>
767 </dict>
768 ```
769 #### policies.json
770 ```
771 {
772 "policies": {
773 "BlockAboutAddons": true | false
774 }
775 }
776 ```
777 ### BlockAboutConfig
778
779 Block access to about:config.
780
781 **Compatibility:** Firefox 60, Firefox ESR 60\
782 **CCK2 Equivalent:** `disableAboutConfig`\
783 **Preferences Affected:** N/A
784
785 #### Windows (GPO)
786 ```
787 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
788 ```
789 #### Windows (Intune)
790 OMA-URI:
791 ```
792 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
793 ```
794 Value (string):
795 ```
796 <enabled/> or <disabled/>
797 ```
798 #### macOS
799 ```
800 <dict>
801 <key>BlockAboutConfig</key>
802 <true/> | <false/>
803 </dict>
804 ```
805 #### policies.json
806 ```
807 {
808 "policies": {
809 "BlockAboutConfig": true | false
810 }
811 }
812 ```
813 ### BlockAboutProfiles
814
815 Block access to About Profiles (about:profiles).
816
817 **Compatibility:** Firefox 60, Firefox ESR 60\
818 **CCK2 Equivalent:** `disableAboutProfiles`\
819 **Preferences Affected:** N/A
820
821 #### Windows (GPO)
822 ```
823 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
824 ```
825 #### Windows (Intune)
826 OMA-URI:
827 ```
828 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
829 ```
830 Value (string):
831 ```
832 <enabled/> or <disabled/>
833 ```
834 #### macOS
835 ```
836 <dict>
837 <key>BlockAboutProfiles</key>
838 <true/> | <false/>
839 </dict>
840 ```
841 #### policies.json
842 ```
843 {
844 "policies": {
845 "BlockAboutProfiles": true | false
846 }
847 }
848 ```
849 ### BlockAboutSupport
850
851 Block access to Troubleshooting Information (about:support).
852
853 **Compatibility:** Firefox 60, Firefox ESR 60\
854 **CCK2 Equivalent:** `disableAboutSupport`\
855 **Preferences Affected:** N/A
856
857 #### Windows (GPO)
858 ```
859 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
860 ```
861 #### Windows (Intune)
862 OMA-URI:
863 ```
864 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
865 ```
866 Value (string):
867 ```
868 <enabled/> or <disabled/>
869 ```
870 #### macOS
871 ```
872 <dict>
873 <key>BlockAboutSupport</key>
874 <true/> | <false/>
875 </dict>
876 ```
877 #### policies.json
878 ```
879 {
880 "policies": {
881 "BlockAboutSupport": true | false
882 }
883 }
884 ```
885 ### Bookmarks
886
887 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
888
889 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
890
891 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
892
893 **Compatibility:** Firefox 60, Firefox ESR 60\
894 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
895 **Preferences Affected:** N/A
896
897 #### Windows (GPO)
898 ```
899 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
900 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
901 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
902 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
903 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
904
905 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
906 ```
907 []
908 ```
909
910 ```
911 #### Windows (Intune)
912 OMA-URI:
913 ```
914 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
915 ```
916 Value (string):
917 ```
918 <enabled/>
919 <data id="BookmarkTitle" value="Example"/>
920 <data id="BookmarkURL" value="https://example.com"/>
921 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
922 <data id="BookmarkPlacement" value="toolbar | menu"/>
923 <data id="BookmarkFolder" value="FolderName"/>
924 ```
925 OMA-URI:
926 ```
927 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
928 ```
929 Value (string):
930 ```
931 <enabled/>
932 <data id="JSON" value='[]'/>
933 ```
934 #### macOS
935 ```
936 <dict>
937 <key>Bookmarks</key>
938 <array>
939 <dict>
940 <key>Title</key>
941 <string>Example</string>
942 <key>URL</key>
943 <string>https://example.com</string>
944 <key>Favicon</key>
945 <string>https://example.com/favicon.ico</string>
946 <key>Placement</key>
947 <string>toolbar | menu</string>
948 <key>Folder</key>
949 <string>FolderName</string>
950 </dict>
951 </array>
952 </dict>
953 ```
954 #### policies.json
955 ```
956 {
957 "policies": {
958 "Bookmarks": [
959 {
960 "Title": "Example",
961 "URL": "https://example.com",
962 "Favicon": "https://example.com/favicon.ico",
963 "Placement": "toolbar" | "menu",
964 "Folder": "FolderName"
965 }
966 ]
967 }
968 }
969 ```
970 ### CaptivePortal
971 Enable or disable the detection of captive portals.
972
973 **Compatibility:** Firefox 67, Firefox ESR 60.7\
974 **CCK2 Equivalent:** N/A\
975 **Preferences Affected:** `network.captive-portal-service.enabled`
976
977 #### Windows (GPO)
978 ```
979 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
980 ```
981 #### Windows (Intune)
982 OMA-URI:
983 ```
984 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
985 ```
986 Value (string):
987 ```
988 <enabled/> or <disabled/>
989 ```
990 #### macOS
991 ```
992 <dict>
993 <key>CaptivePortal</key>
994 <true/> | <false/>
995 </dict>
996 ```
997 #### policies.json
998 ```
999 {
1000 "policies": {
1001 "CaptivePortal": true | false
1002 }
1003 }
1004 ```
1005 ### Certificates
1006
1007 ### Certificates | ImportEnterpriseRoots
1008
1009 Trust certificates that have been added to the operating system certificate store by a user or administrator.
1010
1011 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
1012
1013 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
1014
1015 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
1016 **CCK2 Equivalent:** N/A\
1017 **Preferences Affected:** `security.enterprise_roots.enabled`
1018
1019 #### Windows (GPO)
1020 ```
1021 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
1022 ```
1023 #### Windows (Intune)
1024 OMA-URI:
1025 ```
1026 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
1027 ```
1028 Value (string):
1029 ```
1030 <enabled/> or <disabled/>
1031 ```
1032 #### macOS
1033 ```
1034 <dict>
1035 <key>Certificates</key>
1036 <dict>
1037 <key>ImportEnterpriseRoots</key>
1038 <true/> | <false/>
1039 </dict>
1040 </dict>
1041 ```
1042 #### policies.json
1043 ```
1044 {
1045 "policies": {
1046 "Certificates": {
1047 "ImportEnterpriseRoots": true | false
1048 }
1049 }
1050 }
1051 ```
1052 ### Certificates | Install
1053
1054 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
1055
1056 - Windows
1057 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
1058 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
1059 - macOS
1060 - /Library/Application Support/Mozilla/Certificates
1061 - ~/Library/Application Support/Mozilla/Certificates
1062 - Linux
1063 - /usr/lib/mozilla/certificates
1064 - /usr/lib64/mozilla/certificates
1065 - ~/.mozilla/certificates
1066
1067 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
1068
1069 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
1070
1071 Certificates are installed using the trust string `CT,CT,`.
1072
1073 Binary (DER) and ASCII (PEM) certificates are both supported.
1074
1075 **Compatibility:** Firefox 64, Firefox ESR 64\
1076 **CCK2 Equivalent:** `certs.ca`\
1077 **Preferences Affected:** N/A
1078
1079 #### Windows (GPO)
1080 ```
1081 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
1082 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
1083 ```
1084 #### Windows (Intune)
1085 OMA-URI:
1086 ```
1087 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
1088 ```
1089 Value (string):
1090 ```
1091 <enabled/>
1092 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
1093 ```
1094 #### macOS
1095 ```
1096 <dict>
1097 <key>Certificates</key>
1098 <dict>
1099 <key>Install</key>
1100 <array>
1101 <string>cert1.der</string>
1102 <string>/Users/username/cert2.pem</string>
1103 </array>
1104 </dict>
1105 </dict>
1106 ```
1107 #### policies.json
1108 ```
1109 {
1110 "policies": {
1111 "Certificates": {
1112 "Install": ["cert1.der", "/home/username/cert2.pem"]
1113 }
1114 }
1115 }
1116 ```
1117 ### Containers
1118 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1119
1120 Currently you can set the initial set of containers.
1121
1122 For each container, you can specify the name, icon, and color.
1123
1124 | Name | Description |
1125 | --- | --- |
1126 | `name`| Name of container
1127 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1128 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1129
1130 **Compatibility:** Firefox 113\
1131 **CCK2 Equivalent:** N/A\
1132 **Preferences Affected:** N/A
1133
1134 #### Windows (GPO)
1135 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1136 ```
1137 {
1138 "Default": [
1139 {
1140 "name": "My container",
1141 "icon": "pet",
1142 "color": "turquoise"
1143 }
1144 ]
1145 }
1146 ```
1147 #### Windows (Intune)
1148 OMA-URI:
1149 ```
1150 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1151 ```
1152 Value (string):
1153 ```
1154 <enabled/>
1155 <data id="JSON" value='
1156 {
1157 "Default": [
1158 {
1159 "name": "My container",
1160 "icon": "pet",
1161 "color": "turquoise"
1162 }
1163 ]
1164 }
1165 '/>
1166 ```
1167 #### macOS
1168 ```
1169 <dict>
1170 <key>Default</key>
1171 <dict>
1172 <key>Containers</key>
1173 <array>
1174 <dict>
1175 <key>name</key>
1176 <string>My container</string>
1177 <key>icon</key>
1178 <string>pet</string>
1179 <key>color</key>
1180 <string>turquoise</string>
1181 </dict>
1182 </array>
1183 </dict>
1184 </dict>
1185 ```
1186 #### policies.json
1187 ```
1188 {
1189 "policies": {
1190 "Containers": {
1191 "Default": [
1192 {
1193 "name": "My container",
1194 "icon": "pet",
1195 "color": "turquoise"
1196 }
1197 ]
1198 }
1199 }
1200 }
1201 ```
1202 ### Cookies
1203 Configure cookie preferences.
1204
1205 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1206
1207 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1208
1209 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1210
1211 `Behavior` sets the default behavior for cookies based on the values below.
1212
1213 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1214
1215 | Value | Description
1216 | --- | --- |
1217 | accept | Accept all cookies
1218 | reject-foreign | Reject third party cookies
1219 | reject | Reject all cookies
1220 | limit-foreign | Reject third party cookies for sites you haven't visited
1221 | reject-tracker | Reject cookies for known trackers (default)
1222 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1223
1224 `Locked` prevents the user from changing cookie preferences.
1225
1226 `Default` determines whether cookies are accepted at all. (*Deprecated*. Use `Behavior` instead)
1227
1228 `AcceptThirdParty` determines how third-party cookies are handled. (*Deprecated*. Use `Behavior` instead)
1229
1230 `RejectTracker` only rejects cookies for trackers. (*Deprecated*. Use `Behavior` instead)
1231
1232 `ExpireAtSessionEnd` determines when cookies expire. (*Deprecated*. Use [`SanitizeOnShutdown`](#sanitizeonshutdown-selective) instead)
1233
1234 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1235 **CCK2 Equivalent:** N/A\
1236 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1237
1238 #### Windows (GPO)
1239 ```
1240 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1241 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1242 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1243 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1244 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1245 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1246 ```
1247 #### Windows (Intune)
1248 OMA-URI:
1249 ```
1250 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1251 ```
1252 Value (string):
1253 ```
1254 <enabled/>
1255 <data id="Permissions" value="1&#xF000;https://example.com"/>
1256 ```
1257 OMA-URI:
1258 ```
1259 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1260 ```
1261 Value (string):
1262 ```
1263 <enabled/>
1264 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1265 ```
1266 OMA-URI:
1267 ```
1268 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1269 ```
1270 Value (string):
1271 ```
1272 <enabled/>
1273 <data id="Permissions" value="1&#xF000;https://example.org"/>
1274 ```
1275 OMA-URI:
1276 ```
1277 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1278 ```
1279 Value (string):
1280 ```
1281 <enabled/> or <disabled/>
1282 ```
1283 OMA-URI:
1284 ```
1285 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1286 ```
1287 Value (string):
1288 ```
1289 <enabled/>
1290 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1291 ```
1292 OMA-URI:
1293 ```
1294 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1295 ```
1296 Value (string):
1297 ```
1298 <enabled/>
1299 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1300 ```
1301 #### macOS
1302 ```
1303 <dict>
1304 <key>Cookies</key>
1305 <dict>
1306 <key>Allow</key>
1307 <array>
1308 <string>http://example.com</string>
1309 </array>
1310 <key>AllowSession</key>
1311 <array>
1312 <string>http://example.edu</string>
1313 </array>
1314 <key>Block</key>
1315 <array>
1316 <string>http://example.org</string>
1317 </array>
1318 <key>Locked</key>
1319 <true/> | <false/>
1320 <key>Behavior</key>
1321 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1322 <key>BehaviorPrivateBrowsing</key>
1323 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1324 </dict>
1325 </dict>
1326 ```
1327 #### policies.json
1328 ```
1329 {
1330 "policies": {
1331 "Cookies": {
1332 "Allow": ["http://example.org/"],
1333 "AllowSession": ["http://example.edu/"],
1334 "Block": ["http://example.edu/"],
1335 "Locked": true | false,
1336 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1337 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1338 }
1339 }
1340 }
1341 ```
1342 ### DefaultDownloadDirectory
1343 Set the default download directory.
1344
1345 You can use ${home} for the native home directory.
1346
1347 **Compatibility:** Firefox 68, Firefox ESR 68\
1348 **CCK2 Equivalent:** N/A\
1349 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1350
1351 #### Windows (GPO)
1352 ```
1353 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1354 ```
1355 #### Windows (Intune)
1356 OMA-URI:
1357 ```
1358 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1359 ```
1360 Value (string):
1361 ```
1362 <enabled/>
1363 <data id="Preferences_String" value="${home}\Downloads"/>
1364 ```
1365 #### macOS
1366 ```
1367 <dict>
1368 <key>DefaultDownloadDirectory</key>
1369 <string>${home}/Downloads</string>
1370 </dict>
1371 ```
1372 #### policies.json (macOS and Linux)
1373 ```
1374 {
1375 "policies": {
1376 "DefaultDownloadDirectory": "${home}/Downloads"
1377 }
1378 }
1379 ```
1380 #### policies.json (Windows)
1381 ```
1382 {
1383 "policies": {
1384 "DefaultDownloadDirectory": "${home}\\Downloads"
1385 }
1386 }
1387 ```
1388 ### DisableAppUpdate
1389 Turn off application updates within Firefox.
1390
1391 **Compatibility:** Firefox 60, Firefox ESR 60\
1392 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1393 **Preferences Affected:** N/A
1394
1395 #### Windows (GPO)
1396 ```
1397 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1398 ```
1399 #### Windows (Intune)
1400 OMA-URI:
1401 ```
1402 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1403 ```
1404 Value (string):
1405 ```
1406 <enabled/> or <disabled/>
1407 ```
1408 #### macOS
1409 ```
1410 <dict>
1411 <key>DisableAppUpdate</key>
1412 <true/> | <false/>
1413 </dict>
1414 ```
1415 #### policies.json
1416 ```
1417 {
1418 "policies": {
1419 "DisableAppUpdate": true | false
1420 }
1421 }
1422 ```
1423 ### DisableBuiltinPDFViewer
1424 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1425
1426 **Compatibility:** Firefox 60, Firefox ESR 60\
1427 **CCK2 Equivalent:** `disablePDFjs`\
1428 **Preferences Affected:** `pdfjs.disabled`
1429
1430 #### Windows (GPO)
1431 ```
1432 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1433 ```
1434 #### Windows (Intune)
1435 OMA-URI:
1436 ```
1437 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1438 ```
1439 Value (string):
1440 ```
1441 <enabled/> or <disabled/>
1442 ```
1443 #### macOS
1444 ```
1445 <dict>
1446 <key>DisableBuiltinPDFViewer</key>
1447 <true/> | <false/>
1448 </dict>
1449 ```
1450 #### policies.json
1451 ```
1452 {
1453 "policies": {
1454 "DisableBuiltinPDFViewer": true | false
1455 }
1456 }
1457 ```
1458 ### DisabledCiphers
1459 Disable specific cryptographic ciphers, listed below.
1460
1461 ```
1462 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1463 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1464 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1465 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1466 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1467 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1468 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1469 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1470 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1471 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1472 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1473 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1474 TLS_RSA_WITH_AES_128_GCM_SHA256
1475 TLS_RSA_WITH_AES_256_GCM_SHA384
1476 TLS_RSA_WITH_AES_128_CBC_SHA
1477 TLS_RSA_WITH_AES_256_CBC_SHA
1478 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1479 ```
1480
1481 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1482
1483 ---
1484 **Note:**
1485
1486 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1487
1488 ---
1489 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1490 **CCK2 Equivalent:** N/A\
1491 **Preferences Affected:** N/A
1492
1493 #### Windows (GPO)
1494 ```
1495 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1496 ```
1497 #### Windows (Intune)
1498 OMA-URI:
1499 ```
1500 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1501
1502 ```
1503 Value (string):
1504 ```
1505 <enabled/> or <disabled/>
1506 ```
1507 #### macOS
1508 ```
1509 <dict>
1510 <key>DisabledCiphers</key>
1511 <dict>
1512 <key>CIPHER_NAME</key>
1513 <true/> | <false/>
1514 </dict>
1515 </dict>
1516 ```
1517 #### policies.json
1518 ```
1519 {
1520 "policies": {
1521 "DisabledCiphers": {
1522 "CIPHER_NAME": true | false,
1523 }
1524 }
1525 }
1526 ```
1527 ### DisableDefaultBrowserAgent
1528 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1529
1530 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1531
1532 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1533 **CCK2 Equivalent:** N/A\
1534 **Preferences Affected:** N/A
1535
1536 #### Windows (GPO)
1537 ```
1538 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1539 ```
1540 #### Windows (Intune)
1541 OMA-URI:
1542 ```
1543 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1544 ```
1545 Value (string):
1546 ```
1547 <enabled/> or <disabled/>
1548 ```
1549 #### policies.json
1550 ```
1551 {
1552 "policies": {
1553 "DisableDefaultBrowserAgent": true | false
1554 }
1555 }
1556 ```
1557 ### DisableDeveloperTools
1558 Remove access to all developer tools.
1559
1560 **Compatibility:** Firefox 60, Firefox ESR 60\
1561 **CCK2 Equivalent:** `removeDeveloperTools`\
1562 **Preferences Affected:** `devtools.policy.disabled`
1563
1564 #### Windows (GPO)
1565 ```
1566 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1567 ```
1568 #### Windows (Intune)
1569 OMA-URI:
1570 ```
1571 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1572 ```
1573 Value (string):
1574 ```
1575 <enabled/> or <disabled/>
1576 ```
1577 #### macOS
1578 ```
1579 <dict>
1580 <key>DisableDeveloperTools</key>
1581 <true/> | <false/>
1582 </dict>
1583 ```
1584 #### policies.json
1585 ```
1586 {
1587 "policies": {
1588 "DisableDeveloperTools": true | false
1589 }
1590 }
1591 ```
1592 ### DisableFeedbackCommands
1593 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1594
1595 **Compatibility:** Firefox 60, Firefox ESR 60\
1596 **CCK2 Equivalent:** N/A\
1597 **Preferences Affected:** N/A
1598
1599 #### Windows (GPO)
1600 ```
1601 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1602 ```
1603 #### Windows (Intune)
1604 OMA-URI:
1605 ```
1606 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1607 ```
1608 Value (string):
1609 ```
1610 <enabled/> or <disabled/>
1611 ```
1612 #### macOS
1613 ```
1614 <dict>
1615 <key>DisableFeedbackCommands</key>
1616 <true/> | <false/>
1617 </dict>
1618 ```
1619 #### policies.json
1620 ```
1621 {
1622 "policies": {
1623 "DisableFeedbackCommands": true | false
1624 }
1625 }
1626 ```
1627 ### DisableEncryptedClientHello
1628 Disable the TLS Feature for Encrypted Client Hello. Note that TLS Client Hellos will still contain an ECH extension, but this extension will not be used by Firefox during the TLS handshake.
1629
1630 **Compatibility:** Firefox 127, Firefox ESR 128\
1631 **CCK2 Equivalent:** N/A\
1632 **Preferences Affected:** `network.dns.echconfig.enabled`, `network.dns.http3_echconfig.enabled`
1633
1634 #### Windows (GPO)
1635 ```
1636 Software\Policies\Mozilla\Firefox\DisableEncryptedClientHello = 0x1 | 0x0
1637 ```
1638 #### Windows (Intune)
1639 OMA-URI:
1640 ```
1641 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableEncryptedClientHello
1642 ```
1643 Value (string):
1644 ```
1645 <enabled/> or <disabled/>
1646 ```
1647 #### macOS
1648 ```
1649 <dict>
1650 <key>DisableEncryptedClientHello</key>
1651 <true/> | <false/>
1652 </dict>
1653 ```
1654 #### policies.json
1655 ```
1656 {
1657 "policies": {
1658 "DisableEncryptedClientHello": true | false
1659 }
1660 }
1661 ```
1662 ### DisableFirefoxAccounts
1663 Disable Firefox Accounts integration (Sync).
1664
1665 **Compatibility:** Firefox 60, Firefox ESR 60\
1666 **CCK2 Equivalent:** `disableSync`\
1667 **Preferences Affected:** `identity.fxaccounts.enabled`
1668
1669 #### Windows (GPO)
1670 ```
1671 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1672 ```
1673 #### Windows (Intune)
1674 OMA-URI:
1675 ```
1676 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1677 ```
1678 Value (string):
1679 ```
1680 <enabled/> or <disabled/>
1681 ```
1682 #### macOS
1683 ```
1684 <dict>
1685 <key>DisableFirefoxAccounts</key>
1686 <true/> | <false/>
1687 </dict>
1688 ```
1689 #### policies.json
1690 ```
1691 {
1692 "policies": {
1693 "DisableFirefoxAccounts": true | false
1694 }
1695 }
1696 ```
1697 ### DisableFirefoxScreenshots
1698 Remove access to Firefox Screenshots.
1699
1700 **Compatibility:** Firefox 60, Firefox ESR 60\
1701 **CCK2 Equivalent:** N/A\
1702 **Preferences Affected:** `extensions.screenshots.disabled`
1703
1704 #### Windows (GPO)
1705 ```
1706 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1707 ```
1708 #### Windows (Intune)
1709 OMA-URI:
1710 ```
1711 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1712 ```
1713 Value (string):
1714 ```
1715 <enabled/> or <disabled/>
1716 ```
1717 #### macOS
1718 ```
1719 <dict>
1720 <key>DisableFirefoxScreenshots</key>
1721 <true/> | <false/>
1722 </dict>
1723 ```
1724 #### policies.json
1725 ```
1726 {
1727 "policies": {
1728 "DisableFirefoxScreenshots": true | false
1729 }
1730 }
1731 ```
1732 ### DisableFirefoxStudies
1733 Disable Firefox studies (Shield).
1734
1735 **Compatibility:** Firefox 60, Firefox ESR 60\
1736 **CCK2 Equivalent:** N/A\
1737 **Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
1738
1739 #### Windows (GPO)
1740 ```
1741 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1742 ```
1743 #### Windows (Intune)
1744 OMA-URI:
1745 ```
1746 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1747 ```
1748 Value (string):
1749 ```
1750 <enabled/> or <disabled/>
1751 ```
1752 #### macOS
1753 ```
1754 <dict>
1755 <key>DisableFirefoxStudies</key>
1756 <true/> | <false/>
1757 </dict>
1758 ```
1759 #### policies.json
1760 ```
1761 {
1762 "policies": {
1763 "DisableFirefoxStudies": true | false
1764 }
1765 }
1766 ```
1767 ### DisableForgetButton
1768 Disable the "Forget" button.
1769
1770 **Compatibility:** Firefox 60, Firefox ESR 60\
1771 **CCK2 Equivalent:** `disableForget`\
1772 **Preferences Affected:** N/A
1773
1774 #### Windows (GPO)
1775 ```
1776 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1777 ```
1778 #### Windows (Intune)
1779 OMA-URI:
1780 ```
1781 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1782 ```
1783 Value (string):
1784 ```
1785 <enabled/> or <disabled/>
1786 ```
1787 #### macOS
1788 ```
1789 <dict>
1790 <key>DisableForgetButton</key>
1791 <true/> | <false/>
1792 </dict>
1793 ```
1794 #### policies.json
1795 ```
1796 {
1797 "policies": {
1798 "DisableForgetButton": true | false
1799 }
1800 }
1801 ```
1802 ### DisableFormHistory
1803 Turn off saving information on web forms and the search bar.
1804
1805 **Compatibility:** Firefox 60, Firefox ESR 60\
1806 **CCK2 Equivalent:** `disableFormFill`\
1807 **Preferences Affected:** `browser.formfill.enable`
1808
1809 #### Windows (GPO)
1810 ```
1811 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1812 ```
1813 #### Windows (Intune)
1814 OMA-URI:
1815 ```
1816 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1817 ```
1818 Value (string):
1819 ```
1820 <enabled/> or <disabled/>
1821 ```
1822 #### macOS
1823 ```
1824 <dict>
1825 <key>DisableFormHistory</key>
1826 <true/> | <false/>
1827 </dict>
1828 ```
1829 #### policies.json
1830 ```
1831 {
1832 "policies": {
1833 "DisableFormHistory": true | false
1834 }
1835 }
1836 ```
1837 ### DisableMasterPasswordCreation
1838 Remove the master password functionality.
1839
1840 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1841
1842 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1843
1844 **Compatibility:** Firefox 60, Firefox ESR 60\
1845 **CCK2 Equivalent:** `noMasterPassword`\
1846 **Preferences Affected:** N/A
1847
1848 #### Windows (GPO)
1849 ```
1850 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1851 ```
1852 #### Windows (Intune)
1853 OMA-URI:
1854 ```
1855 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1856 ```
1857 Value (string):
1858 ```
1859 <enabled/> or <disabled/>
1860 ```
1861 #### macOS
1862 ```
1863 <dict>
1864 <key>DisableMasterPasswordCreation</key>
1865 <true/> | <false/>
1866 </dict>
1867 ```
1868 #### policies.json
1869 ```
1870 {
1871 "policies": {
1872 "DisableMasterPasswordCreation": true | false
1873 }
1874 }
1875 ```
1876 ### DisablePasswordReveal
1877 Do not allow passwords to be shown in saved logins
1878
1879 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1880 **CCK2 Equivalent:** N/A
1881 **Preferences Affected:** N/A
1882
1883 #### Windows (GPO)
1884 ```
1885 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1886 ```
1887 #### Windows (Intune)
1888 OMA-URI:
1889 ```
1890 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1891 ```
1892 Value (string):
1893 ```
1894 <enabled/> or <disabled/>
1895 ```
1896 #### macOS
1897 ```
1898 <dict>
1899 <key>DisablePasswordReveal</key>
1900 <true/> | <false/>
1901 </dict>
1902 ```
1903 #### policies.json
1904 ```
1905 {
1906 "policies": {
1907 "DisablePasswordReveal": true | false
1908 }
1909 }
1910 ```
1911 ### DisablePocket
1912 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1913
1914 **Compatibility:** Firefox 60, Firefox ESR 60\
1915 **CCK2 Equivalent:** `disablePocket`\
1916 **Preferences Affected:** `extensions.pocket.enabled`
1917
1918 #### Windows (GPO)
1919 ```
1920 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1921 ```
1922 #### Windows (Intune)
1923 OMA-URI:
1924 ```
1925 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1926 ```
1927 Value (string):
1928 ```
1929 <enabled/> or <disabled/>
1930 ```
1931 #### macOS
1932 ```
1933 <dict>
1934 <key>DisablePocket</key>
1935 <true/> | <false/>
1936 </dict>
1937 ```
1938 #### policies.json
1939 ```
1940 {
1941 "policies": {
1942 "DisablePocket": true | false
1943 }
1944 }
1945 ```
1946 ### DisablePrivateBrowsing
1947 Remove access to private browsing.
1948
1949 **Compatibility:** Firefox 60, Firefox ESR 60\
1950 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1951 **Preferences Affected:** N/A
1952
1953 #### Windows (GPO)
1954 ```
1955 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1956 ```
1957 #### Windows (Intune)
1958 OMA-URI:
1959 ```
1960 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1961 ```
1962 Value (string):
1963 ```
1964 <enabled/> or <disabled/>
1965 ```
1966 #### macOS
1967 ```
1968 <dict>
1969 <key>DisablePrivateBrowsing</key>
1970 <true/> | <false/>
1971 </dict>
1972 ```
1973 #### policies.json
1974 ```
1975 {
1976 "policies": {
1977 "DisablePrivateBrowsing": true | false
1978 }
1979 }
1980 ```
1981 ### DisableProfileImport
1982 Disables the "Import data from another browser" option in the bookmarks window.
1983
1984 **Compatibility:** Firefox 60, Firefox ESR 60\
1985 **CCK2 Equivalent:** N/A\
1986 **Preferences Affected:** N/A
1987
1988 #### Windows (GPO)
1989 ```
1990 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1991 ```
1992 #### Windows (Intune)
1993 OMA-URI:
1994 ```
1995 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1996 ```
1997 Value (string):
1998 ```
1999 <enabled/> or <disabled/>
2000 ```
2001 #### macOS
2002 ```
2003 <dict>
2004 <key>DisableProfileImport</key>
2005 <true/> | <false/>
2006 </dict>
2007 ```
2008 #### policies.json
2009 ```
2010 {
2011 "policies": {
2012 "DisableProfileImport": true | false
2013 }
2014 }
2015 ```
2016 ### DisableProfileRefresh
2017 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
2018
2019 **Compatibility:** Firefox 60, Firefox ESR 60\
2020 **CCK2 Equivalent:** `disableResetFirefox`\
2021 **Preferences Affected:** `browser.disableResetPrompt`
2022
2023 #### Windows (GPO)
2024 ```
2025 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
2026 ```
2027 #### Windows (Intune)
2028 OMA-URI:
2029 ```
2030 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
2031 ```
2032 Value (string):
2033 ```
2034 <enabled/> or <disabled/>
2035 ```
2036 #### macOS
2037 ```
2038 <dict>
2039 <key>DisableProfileRefresh</key>
2040 <true/> | <false/>
2041 </dict>
2042 ```
2043 #### policies.json
2044 ```
2045 {
2046 "policies": {
2047 "DisableProfileRefresh": true | false
2048 }
2049 }
2050 ```
2051 ### DisableSafeMode
2052 Disable safe mode within the browser.
2053
2054 On Windows, this disables safe mode via the command line as well.
2055
2056 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
2057 **CCK2 Equivalent:** `disableSafeMode`\
2058 **Preferences Affected:** N/A
2059
2060 #### Windows (GPO)
2061 ```
2062 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
2063 ```
2064 #### Windows (Intune)
2065 OMA-URI:
2066 ```
2067 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
2068 ```
2069 Value (string):
2070 ```
2071 <enabled/> or <disabled/>
2072 ```
2073 #### macOS
2074 ```
2075 <dict>
2076 <key>DisableSafeMode</key>
2077 <true/> | <false/>
2078 </dict>
2079 ```
2080 #### policies.json
2081 ```
2082 {
2083 "policies": {
2084 "DisableSafeMode": true | false
2085 }
2086 }
2087 ```
2088 ### DisableSecurityBypass
2089 Prevent the user from bypassing security in certain cases.
2090
2091 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
2092
2093 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
2094
2095 These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
2096
2097 **Compatibility:** Firefox 60, Firefox ESR 60\
2098 **CCK2 Equivalent:** N/A\
2099 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
2100
2101 #### Windows (GPO)
2102 ```
2103 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2104 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2105 ```
2106 #### Windows (Intune)
2107 OMA-URI:
2108 ```
2109 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2110 ```
2111 Value (string):
2112 ```
2113 <enabled/> or <disabled/>
2114 ```
2115 OMA-URI:
2116 ```
2117 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2118 ```
2119 Value (string):
2120 ```
2121 <enabled/> or <disabled/>
2122 ```
2123
2124 #### macOS
2125 ```
2126 <dict>
2127 <key>DisableSecurityBypass</key>
2128 <dict>
2129 <key>InvalidCertificate</key>
2130 <true/> | <false/>
2131 <key>SafeBrowsing</key>
2132 <true/> | <false/>
2133 </dict>
2134 </dict>
2135 ```
2136 #### policies.json
2137 ```
2138 {
2139 "policies": {
2140 "DisableSecurityBypass": {
2141 "InvalidCertificate": true | false,
2142 "SafeBrowsing": true | false
2143 }
2144 }
2145 }
2146 ```
2147 ### DisableSetDesktopBackground
2148 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2149
2150 **Compatibility:** Firefox 60, Firefox ESR 60\
2151 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2152 **Preferences Affected:** N/A
2153
2154 #### Windows (GPO)
2155 ```
2156 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2157 ```
2158 #### Windows (Intune)
2159 OMA-URI:
2160 ```
2161 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2162 ```
2163 Value (string):
2164 ```
2165 <enabled/> or <disabled/>
2166 ```
2167 #### macOS
2168 ```
2169 <dict>
2170 <key>DisableSetDesktopBackground</key>
2171 <true/> | <false/>
2172 </dict>
2173 ```
2174 #### policies.json
2175 ```
2176 {
2177 "policies": {
2178 "DisableSetDesktopBackground": true | false
2179 }
2180 }
2181 ```
2182 ### DisableSystemAddonUpdate
2183 Prevent system add-ons from being installed or updated.
2184
2185 **Compatibility:** Firefox 60, Firefox ESR 60\
2186 **CCK2 Equivalent:** N/A\
2187 **Preferences Affected:** N/A
2188
2189 #### Windows (GPO)
2190 ```
2191 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2192 ```
2193 #### Windows (Intune)
2194 OMA-URI:
2195 ```
2196 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2197 ```
2198 Value (string):
2199 ```
2200 <enabled/> or <disabled/>
2201 ```
2202 #### macOS
2203 ```
2204 <dict>
2205 <key>DisableSystemAddonUpdate</key>
2206 <true/> | <false/>
2207 </dict>
2208 ```
2209 #### policies.json
2210 ```
2211 {
2212 "policies": {
2213 "DisableSystemAddonUpdate": true | false
2214 }
2215 }
2216 ```
2217 ### DisableTelemetry
2218 Prevent the upload of telemetry data.
2219
2220 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2221
2222 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2223
2224 **Compatibility:** Firefox 60, Firefox ESR 60\
2225 **CCK2 Equivalent:** `disableTelemetry`\
2226 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2227
2228 #### Windows (GPO)
2229 ```
2230 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2231 ```
2232 #### Windows (Intune)
2233 OMA-URI:
2234 ```
2235 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2236 ```
2237 Value (string):
2238 ```
2239 <enabled/> or <disabled/>
2240 ```
2241 #### macOS
2242 ```
2243 <dict>
2244 <key>DisableTelemetry</key>
2245 <true/> | <false/>
2246 </dict>
2247 ```
2248 #### policies.json
2249 ```
2250 {
2251 "policies": {
2252 "DisableTelemetry": true | false
2253 }
2254 }
2255 ```
2256 ### DisableThirdPartyModuleBlocking
2257 Do not allow blocking third-party modules from the `about:third-party` page.
2258
2259 This policy only works on Windows through GPO (not policies.json).
2260
2261 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2262 **CCK2 Equivalent:** N/A\
2263 **Preferences Affected:** N/A
2264
2265 #### Windows (GPO)
2266 ```
2267 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2268 ```
2269 #### Windows (Intune)
2270 OMA-URI:
2271 ```
2272 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2273 ```
2274 Value (string):
2275 ```
2276 <enabled/> or <disabled/>
2277 ```
2278 ### DisplayBookmarksToolbar
2279 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2280
2281 `always` means the bookmarks toolbar is always shown.
2282
2283 `never` means the bookmarks toolbar is not shown.
2284
2285 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2286
2287 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2288 **CCK2 Equivalent:** N/A\
2289 **Preferences Affected:** N/A
2290
2291 #### Windows (GPO)
2292 ```
2293 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2294 ```
2295 #### Windows (Intune)
2296 OMA-URI:
2297 ```
2298 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2299 ```
2300 Value (string):
2301 ```
2302 <enabled/>
2303 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2304 ```
2305 #### macOS
2306 ```
2307 <dict>
2308 <key>DisplayBookmarksToolbar</key>
2309 <string>always | never | newtab</string>
2310 </dict>
2311 ```
2312 #### policies.json
2313 ```
2314 {
2315 "policies": {
2316 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2317 }
2318 }
2319 ```
2320 ### DisplayMenuBar
2321 Set the state of the menubar.
2322
2323 `always` means the menubar is shown and cannot be hidden.
2324
2325 `never` means the menubar is hidden and cannot be shown.
2326
2327 `default-on` means the menubar is on by default but can be hidden.
2328
2329 `default-off` means the menubar is off by default but can be shown.
2330
2331 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2332 **CCK2 Equivalent:** `displayMenuBar`\
2333 **Preferences Affected:** N/A
2334
2335 #### Windows (GPO)
2336 ```
2337 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2338 ```
2339 #### Windows (Intune)
2340 OMA-URI:
2341 ```
2342 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2343 ```
2344 Value (string):
2345 ```
2346 <enabled/>
2347 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2348 ```
2349 #### macOS
2350 ```
2351 <dict>
2352 <key>DisplayMenuBar</key>
2353 <string>always | never | default-on | default-off</string>
2354 </dict>
2355 ```
2356 #### policies.json
2357 ```
2358 {
2359 "policies": {
2360 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2361 }
2362 }
2363 ```
2364 ### DNSOverHTTPS
2365 Configure DNS over HTTPS.
2366
2367 `Enabled` determines whether DNS over HTTPS is enabled
2368
2369 `ProviderURL` is a URL to another provider.
2370
2371 `Locked` prevents the user from changing DNS over HTTPS preferences.
2372
2373 `ExcludedDomains` excludes domains from DNS over HTTPS.
2374
2375 `Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider.
2376
2377 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\
2378 **CCK2 Equivalent:** N/A\
2379 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2380
2381 #### Windows (GPO)
2382 ```
2383 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2384 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2385 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2386 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2387 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0
2388 ```
2389 #### Windows (Intune)
2390 OMA-URI:
2391 ```
2392 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2393 ```
2394 Value (string):
2395 ```
2396 <enabled/> or <disabled/>
2397 ```
2398 OMA-URI:
2399 ```
2400 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2401 ```
2402 Value (string):
2403 ```
2404 <enabled/>
2405 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2406 ```
2407 OMA-URI:
2408 ```
2409 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2410 ```
2411 Value (string):
2412 ```
2413 <enabled/> or <disabled/>
2414 ```
2415 OMA-URI:
2416 ```
2417 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2418 ```
2419 Value (string):
2420 ```
2421 <enabled/>
2422 <data id="List" value="1&#xF000;example.com"/>
2423 ```
2424 OMA-URI:
2425 ```
2426 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback
2427 ```
2428 Value (string):
2429 ```
2430 <enabled/> or <disabled/>
2431 ```
2432 #### macOS
2433 ```
2434 <dict>
2435 <key>DNSOverHTTPS</key>
2436 <dict>
2437 <key>Enabled</key>
2438 <true/> | <false/>
2439 <key>ProviderURL</key>
2440 <string>URL_TO_ALTERNATE_PROVIDER</string>
2441 <key>Locked</key>
2442 <true/> | <false/>
2443 <key>ExcludedDomains</key>
2444 <array>
2445 <string>example.com</string>
2446 </array>
2447 <key>Fallback</key>
2448 <true/> | <false/>
2449 </dict>
2450 </dict>
2451 ```
2452 #### policies.json
2453 ```
2454 {
2455 "policies": {
2456 "DNSOverHTTPS": {
2457 "Enabled": true | false,
2458 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2459 "Locked": true | false,
2460 "ExcludedDomains": ["example.com"],
2461 "Fallback": true | false,
2462 }
2463 }
2464 }
2465 ```
2466 ### DontCheckDefaultBrowser
2467 Don't check if Firefox is the default browser at startup.
2468
2469 **Compatibility:** Firefox 60, Firefox ESR 60\
2470 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2471 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2472
2473 #### Windows (GPO)
2474 ```
2475 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2476 ```
2477 #### Windows (Intune)
2478 OMA-URI:
2479 ```
2480 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2481 ```
2482 Value (string):
2483 ```
2484 <enabled/> or <disabled/>
2485 ```
2486 #### macOS
2487 ```
2488 <dict>
2489 <key>DontCheckDefaultBrowser</key>
2490 <true/> | <false/>
2491 </dict>
2492 ```
2493 #### policies.json
2494 ```
2495 {
2496 "policies": {
2497 "DontCheckDefaultBrowser": true | false
2498 }
2499 }
2500 ```
2501 ### DownloadDirectory
2502 Set and lock the download directory.
2503
2504 You can use ${home} for the native home directory.
2505
2506 **Compatibility:** Firefox 68, Firefox ESR 68\
2507 **CCK2 Equivalent:** N/A\
2508 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2509
2510 #### Windows (GPO)
2511 ```
2512 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2513 ```
2514 #### Windows (Intune)
2515 OMA-URI:
2516 ```
2517 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2518 ```
2519 Value (string):
2520 ```
2521 <enabled/>
2522 <data id="Preferences_String" value="${home}\Downloads"/>
2523 ```
2524 #### macOS
2525 ```
2526 <dict>
2527 <key>DownloadDirectory</key>
2528 <string>${home}/Downloads</string>
2529 </dict>
2530 ```
2531 #### policies.json (macOS and Linux)
2532 ```
2533 {
2534 "policies": {
2535 "DownloadDirectory": "${home}/Downloads"
2536 }
2537 ```
2538 #### policies.json (Windows)
2539 ```
2540 {
2541 "policies": {
2542 "DownloadDirectory": "${home}\\Downloads"
2543 }
2544 ```
2545 ### EnableTrackingProtection
2546 Configure tracking protection.
2547
2548 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2549
2550 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2551
2552 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2553
2554 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2555
2556 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2557
2558 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2559
2560 `Exceptions` are origins for which tracking protection is not enabled.
2561
2562 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2563 **CCK2 Equivalent:** N/A\
2564 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2565
2566 #### Windows (GPO)
2567 ```
2568 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2569 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2570 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2571 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2572 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2573 ```
2574 #### Windows (Intune)
2575 OMA-URI:
2576 ```
2577 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2578 ```
2579 Value (string):
2580 ```
2581 <enabled/> or <disabled/>
2582 ```
2583 OMA-URI:
2584 ```
2585 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2586 ```
2587 Value (string):
2588 ```
2589 <enabled/> or <disabled/>
2590 ```
2591 OMA-URI:
2592 ```
2593 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2594 ```
2595 Value (string):
2596 ```
2597 <enabled/> or <disabled/>
2598 ```
2599 OMA-URI:
2600 ```
2601 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2602 ```
2603 Value (string):
2604 ```
2605 <enabled/>
2606 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2607 ```
2608 OMA-URI:
2609 ```
2610 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2611 ```
2612 Value (string):
2613 ```
2614 <enabled/> or <disabled/>
2615 ```
2616 #### macOS
2617 ```
2618 <dict>
2619 <key>EnableTrackingProtection</key>
2620 <dict>
2621 <key>Value</key>
2622 <true/> | <false/>
2623 <key>Locked</key>
2624 <true/> | <false/>
2625 <key>Cryptomining</key>
2626 <true/> | <false/>
2627 <key>Fingerprinting</key>
2628 <true/> | <false/>
2629 <key>Exceptions</key>
2630 <array>
2631 <string>https://example.com</string>
2632 </array>
2633 </dict>
2634 </dict>
2635 ```
2636 #### policies.json
2637 ```
2638 {
2639 "policies": {
2640 "EnableTrackingProtection": {
2641 "Value": true | false,
2642 "Locked": true | false,
2643 "Cryptomining": true | false,
2644 "Fingerprinting": true | false,
2645 "Exceptions": ["https://example.com"]
2646 }
2647 }
2648 }
2649 ```
2650 ### EncryptedMediaExtensions
2651 Enable or disable Encrypted Media Extensions and optionally lock it.
2652
2653 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2654
2655 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2656
2657 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2658 **CCK2 Equivalent:** N/A\
2659 **Preferences Affected:** `media.eme.enabled`
2660
2661 #### Windows (GPO)
2662 ```
2663 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2664 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2665 ```
2666 #### Windows (Intune)
2667 OMA-URI:
2668 ```
2669 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2670 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2671 ```
2672 Value (string):
2673 ```
2674 <enabled/>or <disabled/>
2675 ```
2676 #### macOS
2677 ```
2678 <dict>
2679 <key>EncryptedMediaExtensions</key>
2680 <dict>
2681 <key>Enabled</key>
2682 <true/> | <false/>
2683 <key>Locked</key>
2684 <true/> | <false/>
2685 </dict>
2686 </dict>
2687 ```
2688 #### policies.json
2689 ```
2690 {
2691 "policies": {
2692 "EncryptedMediaExtensions": {
2693 "Enabled": true | false,
2694 "Locked": true | false
2695 }
2696 }
2697 }
2698 ```
2699 ### EnterprisePoliciesEnabled
2700 Enable policy support on macOS.
2701
2702 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2703 **CCK2 Equivalent:** N/A\
2704 **Preferences Affected:** N/A
2705
2706 #### macOS
2707 ```
2708 <dict>
2709 <key>EnterprisePoliciesEnabled</key>
2710 <true/>
2711 </dict>
2712 ```
2713 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2714
2715 Disable warnings based on file extension for specific file types on domains.
2716
2717 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2718
2719 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2720
2721 **Compatibility:** Firefox 102\
2722 **CCK2 Equivalent:** N/A\
2723 **Preferences Affected:** N/A
2724
2725 #### Windows (GPO)
2726 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2727 ```
2728 [
2729 {
2730 "file_extension": "jnlp",
2731 "domains": ["example.com"]
2732 }
2733 ]
2734 ```
2735 #### Windows (Intune)
2736 OMA-URI:
2737 ```
2738 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2739 ```
2740 Value (string):
2741 ```
2742 <enabled/>
2743 <data id="JSON" value='
2744 [
2745 {
2746 "file_extension": "jnlp",
2747 "domains": ["example.com"]
2748 }
2749 ]
2750 '/>
2751 ```
2752 #### macOS
2753 ```
2754 <dict>
2755 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2756 <array>
2757 <dict>
2758 <key>file_extension</key>
2759 <string>jnlp</string>
2760 <key>domains</key>
2761 <array>
2762 <string>example.com</string>
2763 </array>
2764 </dict>
2765 </array>
2766 </dict>
2767 ```
2768 #### policies.json
2769 ```
2770 {
2771 "policies": {
2772 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2773 "file_extension": "jnlp",
2774 "domains": ["example.com"]
2775 }]
2776 }
2777 }
2778 ```
2779 ### Extensions
2780 Control the installation, uninstallation and locking of extensions.
2781
2782 We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2783
2784 This method will be deprecated in the near future.
2785
2786 `Install` is a list of URLs or native paths for extensions to be installed.
2787
2788 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2789
2790 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2791
2792 **Compatibility:** Firefox 60, Firefox ESR 60\
2793 **CCK2 Equivalent:** `addons`\
2794 **Preferences Affected:** N/A
2795
2796 #### Windows (GPO)
2797 ```
2798 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2799 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2800 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2801 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2802 ```
2803 #### Windows (Intune)
2804 OMA-URI:
2805 ```
2806 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2807 ```
2808 Value (string):
2809 ```
2810 <enabled/>
2811 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2812 ```
2813 OMA-URI:
2814 ```
2815 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2816 ```
2817 Value (string):
2818 ```
2819 <enabled/>
2820 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2821 ```
2822 OMA-URI:
2823 ```
2824 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2825 ```
2826 Value (string):
2827 ```
2828 <enabled/>
2829 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2830 ```
2831 #### macOS
2832 ```
2833 <dict>
2834 <key>Extensions</key>
2835 <dict>
2836 <key>Install</key>
2837 <array>
2838 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2839 <string>//path/to/xpi</string>
2840 </array>
2841 <key>Uninstall</key>
2842 <array>
2843 <string>bad_addon_id@mozilla.org</string>
2844 </array>
2845 <key>Locked</key>
2846 <array>
2847 <string>addon_id@mozilla.org</string>
2848 </array>
2849 </dict>
2850 </dict>
2851 ```
2852 #### policies.json
2853 ```
2854 {
2855 "policies": {
2856 "Extensions": {
2857 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2858 "Uninstall": ["bad_addon_id@mozilla.org"],
2859 "Locked": ["addon_id@mozilla.org"]
2860 }
2861 }
2862 }
2863 ```
2864 ### ExtensionSettings
2865 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2866
2867 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2868
2869 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2870
2871 The configuration for each extension is another dictionary that can contain the fields documented below.
2872
2873 | Name | Description |
2874 | --- | --- |
2875 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2876 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2877 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2878 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2879 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2880 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2881 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2882 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2883 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2884 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2885 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2886 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2887 | `temporarily_allow_weak_signatures`| (Firefox 127) A boolean that indicates whether to allow installing extensions signed using deprecated signature algorithms.
2888
2889 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2890 **CCK2 Equivalent:** N/A\
2891 **Preferences Affected:** N/A
2892
2893 #### Windows (GPO)
2894 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2895 ```
2896 {
2897 "*": {
2898 "blocked_install_message": "Custom error message.",
2899 "install_sources": ["https://yourwebsite.com/*"],
2900 "installation_mode": "blocked",
2901 "allowed_types": ["extension"]
2902 },
2903 "uBlock0@raymondhill.net": {
2904 "installation_mode": "force_installed",
2905 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2906 },
2907 "https-everywhere@eff.org": {
2908 "installation_mode": "allowed",
2909 "updates_disabled": false
2910 }
2911 }
2912 ```
2913 #### Windows (Intune)
2914 OMA-URI:
2915 ```
2916 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2917 ```
2918 Value (string):
2919 ```
2920 <enabled/>
2921 <data id="ExtensionSettings" value='
2922 {
2923 "*": {
2924 "blocked_install_message": "Custom error message.",
2925 "install_sources": ["https://yourwebsite.com/*"],
2926 "installation_mode": "blocked",
2927 "allowed_types": ["extension"]
2928 },
2929 "uBlock0@raymondhill.net": {
2930 "installation_mode": "force_installed",
2931 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2932 },
2933 "https-everywhere@eff.org": {
2934 "installation_mode": "allowed",
2935 "updates_disabled": false
2936 }
2937 }'/>
2938 ```
2939 #### macOS
2940 ```
2941 <dict>
2942 <key>ExtensionSettings</key>
2943 <dict>
2944 <key>*</key>
2945 <dict>
2946 <key>blocked_install_message</key>
2947 <string>Custom error message.</string>
2948 <key>install_sources</key>
2949 <array>
2950 <string>"https://yourwebsite.com/*"</string>
2951 </array>
2952 <key>installation_mode</key>
2953 <string>blocked</string>
2954 <key>allowed_types</key>
2955 <array>
2956 <string>extension</string>
2957 </array>
2958 </dict>
2959 <key>uBlock0@raymondhill.net</key>
2960 <dict>
2961 <key>installation_mode</key>
2962 <string>force_installed</string>
2963 <key>install_url</key>
2964 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2965 </dict>
2966 <key>https-everywhere@eff.org</key>
2967 <dict>
2968 <key>installation_mode</key>
2969 <string>allowed</string>
2970 <key>updates_disabled</key>
2971 <true/> | <false/>
2972 </dict>
2973 </dict>
2974 </dict>
2975 ```
2976 #### policies.json
2977 ```
2978 {
2979 "policies": {
2980 "ExtensionSettings": {
2981 "*": {
2982 "blocked_install_message": "Custom error message.",
2983 "install_sources": ["https://yourwebsite.com/*"],
2984 "installation_mode": "blocked",
2985 "allowed_types": ["extension"]
2986 },
2987 "uBlock0@raymondhill.net": {
2988 "installation_mode": "force_installed",
2989 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2990 },
2991 "https-everywhere@eff.org": {
2992 "installation_mode": "allowed",
2993 "updates_disabled": false
2994 }
2995 }
2996 }
2997 }
2998 ```
2999 ### ExtensionUpdate
3000 Control extension updates.
3001
3002 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3003 **CCK2 Equivalent:** N/A\
3004 **Preferences Affected:** `extensions.update.enabled`
3005
3006 #### Windows (GPO)
3007 ```
3008 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
3009 ```
3010 #### Windows (Intune)
3011 OMA-URI:
3012 ```
3013 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
3014 ```
3015 Value (string):
3016 ```
3017 <enabled/> or <disabled/>
3018 ```
3019 #### macOS
3020 ```
3021 <dict>
3022 <key>ExtensionUpdate</key>
3023 <true/> | <false/>
3024 </dict>
3025 ```
3026 #### policies.json
3027 ```
3028 {
3029 "policies": {
3030 "ExtensionUpdate": true | false
3031 }
3032 }
3033 ```
3034 ### FirefoxHome
3035 Customize the Firefox Home page.
3036
3037 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
3038 **CCK2 Equivalent:** N/A\
3039 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
3040
3041 #### Windows (GPO)
3042 ```
3043 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
3044 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
3045 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
3046 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
3047 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
3048 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
3049 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
3050 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
3051 ```
3052 #### Windows (Intune)
3053 OMA-URI:
3054 ```
3055 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
3056 ```
3057 Value (string):
3058 ```
3059 <enabled/>
3060 <data id="FirefoxHome_Search" value="true | false"/>
3061 <data id="FirefoxHome_TopSites" value="true | false"/>
3062 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3063 <data id="FirefoxHome_Highlights" value="true | false"/>
3064 <data id="FirefoxHome_Pocket" value="true | false"/>
3065 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3066 <data id="FirefoxHome_Snippets" value="true | false"/>
3067 <data id="FirefoxHome_Locked" value="true | false"/>
3068 ```
3069 #### macOS
3070 ```
3071 <dict>
3072 <key>FirefoxHome</key>
3073 <dict>
3074 <key>Search</key>
3075 <true/> | <false/>
3076 <key>TopSites</key>
3077 <true/> | <false/>
3078 <key>SponsoredTopSites</key>
3079 <true/> | <false/>
3080 <key>Highlights</key>
3081 <true/> | <false/>
3082 <key>Pocket</key>
3083 <true/> | <false/>
3084 <key>SponsoredPocket</key>
3085 <true/> | <false/>
3086 <key>Snippets</key>
3087 <true/> | <false/>
3088 <key>Locked</key>
3089 <true/> | <false/>
3090 </dict>
3091 </dict>
3092 ```
3093 #### policies.json
3094 ```
3095 {
3096 "policies": {
3097 "FirefoxHome": {
3098 "Search": true | false,
3099 "TopSites": true | false,
3100 "SponsoredTopSites": true | false,
3101 "Highlights": true | false,
3102 "Pocket": true | false,
3103 "SponsoredPocket": true | false,
3104 "Snippets": true | false,
3105 "Locked": true | false
3106 }
3107 }
3108 }
3109 ```
3110 ### FirefoxSuggest
3111 Customize Firefox Suggest (US only).
3112
3113 **Compatibility:** Firefox 118, Firefox ESR 115.3.
3114 **CCK2 Equivalent:** N/A\
3115 **Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
3116
3117 #### Windows (GPO)
3118 ```
3119 Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
3120 Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
3121 Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
3122 Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
3123 ```
3124 #### Windows (Intune)
3125 OMA-URI:
3126 ```
3127 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
3128 ```
3129 Value (string):
3130 ```
3131 <enabled/> or <disabled/>
3132 ```
3133 OMA-URI:
3134 ```
3135 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
3136 ```
3137 Value (string):
3138 ```
3139 <enabled/> or <disabled/>
3140 ```
3141 OMA-URI:
3142 ```
3143 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
3144 ```
3145 Value (string):
3146 ```
3147 <enabled/> or <disabled/>
3148 ```
3149 OMA-URI:
3150 ```
3151 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
3152 ```
3153 Value (string):
3154 ```
3155 <enabled/> or <disabled/>
3156 ```
3157 #### macOS
3158 ```
3159 <dict>
3160 <key>FirefoxSuggest</key>
3161 <dict>
3162 <key>WebSuggestions</key>
3163 <true/> | <false/>
3164 <key>SponsoredSuggestions</key>
3165 <true/> | <false/>
3166 <key>ImproveSuggest</key>
3167 <true/> | <false/>
3168 <key>Locked</key>
3169 <true/> | <false/>
3170 </dict>
3171 </dict>
3172 ```
3173 #### policies.json
3174 ```
3175 {
3176 "policies": {
3177 "FirefoxSuggest": {
3178 "WebSuggestions": true | false,
3179 "SponsoredSuggestions": true | false,
3180 "ImproveSuggest": true | false,
3181 "Locked": true | false
3182 }
3183 }
3184 }
3185 ```
3186 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3187 Whether to always go through the DNS server before sending a single word search string to a search engine.
3188
3189 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3190
3191 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3192
3193 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3194
3195 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3196
3197 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3198
3199 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3200 **CCK2 Equivalent:** `N/A`\
3201 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3202
3203 #### Windows (GPO)
3204 ```
3205 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3206 ```
3207 #### Windows (Intune)
3208 OMA-URI:
3209 ```
3210 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3211 ```
3212 Value (string):
3213 ```
3214 <enabled/> or <disabled/>
3215 ```
3216 #### macOS
3217 ```
3218 <dict>
3219 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3220 <true/> | <false/>
3221 </dict>
3222 ```
3223 #### policies.json
3224 ```
3225 {
3226 "policies": {
3227 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3228 }
3229 }
3230 ```
3231 ### Handlers
3232 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3233
3234 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3235
3236 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3237
3238 | Name | Description |
3239 | --- | --- |
3240 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3241 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3242 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3243 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3244 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3245 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3246
3247 **Compatibility:** Firefox 78, Firefox ESR 78\
3248 **CCK2 Equivalent:** N/A\
3249 **Preferences Affected:** N/A
3250
3251 #### Windows (GPO)
3252 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3253 ```
3254 {
3255 "mimeTypes": {
3256 "application/msword": {
3257 "action": "useSystemDefault",
3258 "ask": true | false
3259 }
3260 },
3261 "schemes": {
3262 "mailto": {
3263 "action": "useHelperApp",
3264 "ask": true | false,
3265 "handlers": [{
3266 "name": "Gmail",
3267 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3268 }]
3269 }
3270 },
3271 "extensions": {
3272 "pdf": {
3273 "action": "useHelperApp",
3274 "ask": true | false,
3275 "handlers": [{
3276 "name": "Adobe Acrobat",
3277 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3278 }]
3279 }
3280 }
3281 }
3282 ```
3283 #### Windows (Intune)
3284 OMA-URI:
3285 ```
3286 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3287 ```
3288 Value (string):
3289 ```
3290 <enabled/>
3291 <data id="Handlers" value='
3292 {
3293 "mimeTypes": {
3294 "application/msword": {
3295 "action": "useSystemDefault",
3296 "ask": true | false
3297 }
3298 },
3299 "schemes": {
3300 "mailto": {
3301 "action": "useHelperApp",
3302 "ask": true | false,
3303 "handlers": [{
3304 "name": "Gmail",
3305 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3306 }]
3307 }
3308 },
3309 "extensions": {
3310 "pdf": {
3311 "action": "useHelperApp",
3312 "ask": true | false,
3313 "handlers": [{
3314 "name": "Adobe Acrobat",
3315 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3316 }]
3317 }
3318 }
3319 }
3320 '/>
3321 ```
3322 #### macOS
3323 ```
3324 <dict>
3325 <key>Handlers</key>
3326 <dict>
3327 <key>mimeTypes</key>
3328 <dict>
3329 <key>application/msword</key>
3330 <dict>
3331 <key>action</key>
3332 <string>useSystemDefault</string>
3333 <key>ask</key>
3334 <true/> | <false/>
3335 </dict>
3336 </dict>
3337 <key>schemes</key>
3338 <dict>
3339 <key>mailto</key>
3340 <dict>
3341 <key>action</key>
3342 <string>useHelperApp</string>
3343 <key>ask</key>
3344 <true/> | <false/>
3345 <key>handlers</key>
3346 <array>
3347 <dict>
3348 <key>name</key>
3349 <string>Gmail</string>
3350 <key>uriTemplate</key>
3351 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3352 </dict>
3353 </array>
3354 </dict>
3355 </dict>
3356 <key>extensions</key>
3357 <dict>
3358 <key>pdf</key>
3359 <dict>
3360 <key>action</key>
3361 <string>useHelperApp</string>
3362 <key>ask</key>
3363 <true/> | <false/>
3364 <key>handlers</key>
3365 <array>
3366 <dict>
3367 <key>name</key>
3368 <string>Adobe Acrobat</string>
3369 <key>path</key>
3370 <string>/System/Applications/Preview.app</string>
3371 </dict>
3372 </array>
3373 </dict>
3374 </dict>
3375 </dict>
3376 </dict>
3377 ```
3378 #### policies.json
3379 ```
3380 {
3381 "policies": {
3382 "Handlers": {
3383 "mimeTypes": {
3384 "application/msword": {
3385 "action": "useSystemDefault",
3386 "ask": false
3387 }
3388 },
3389 "schemes": {
3390 "mailto": {
3391 "action": "useHelperApp",
3392 "ask": true | false,
3393 "handlers": [{
3394 "name": "Gmail",
3395 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3396 }]
3397 }
3398 },
3399 "extensions": {
3400 "pdf": {
3401 "action": "useHelperApp",
3402 "ask": true | false,
3403 "handlers": [{
3404 "name": "Adobe Acrobat",
3405 "path": "/usr/bin/acroread"
3406 }]
3407 }
3408 }
3409 }
3410 }
3411 }
3412 ```
3413 ### HardwareAcceleration
3414 Control hardware acceleration.
3415
3416 **Compatibility:** Firefox 60, Firefox ESR 60\
3417 **CCK2 Equivalent:** N/A\
3418 **Preferences Affected:** `layers.acceleration.disabled`
3419
3420 #### Windows (GPO)
3421 ```
3422 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3423 ```
3424 #### Windows (Intune)
3425 OMA-URI:
3426 ```
3427 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3428 ```
3429 Value (string):
3430 ```
3431 <enabled/> or <disabled/>
3432 ```
3433 #### macOS
3434 ```
3435 <dict>
3436 <key>HardwareAcceleration</key>
3437 <true/> | <false/>
3438 </dict>
3439 ```
3440 #### policies.json
3441 ```
3442 {
3443 "policies": {
3444 "HardwareAcceleration": true | false
3445 }
3446 }
3447 ```
3448 ### Homepage
3449 Configure the default homepage and how Firefox starts.
3450
3451 `URL` is the default homepage.
3452
3453 `Locked` prevents the user from changing homepage preferences.
3454
3455 `Additional` allows for more than one homepage.
3456
3457 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3458
3459 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3460
3461 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3462 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3463 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3464
3465 #### Windows (GPO)
3466 ```
3467 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3468 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3469 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3470 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3471 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3472 ```
3473 #### Windows (Intune)
3474 OMA-URI:
3475 ```
3476 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3477 ```
3478 Value (string):
3479 ```
3480 <enabled/>
3481
3482 <data id="HomepageURL" value="https://example.com"/>
3483 <data id="HomepageLocked" value="true | false"/>
3484 ```
3485 OMA-URI:
3486 ```
3487 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3488 ```
3489 Value (string):
3490 ```
3491 <enabled/>
3492
3493 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3494 ```
3495 OMA-URI:
3496 ```
3497 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3498 ```
3499 Value (string):
3500 ```
3501 <enabled/>
3502
3503 <data id="StartPage" value="none | homepage | previous-session"/>
3504 ```
3505 #### macOS
3506 ```
3507 <dict>
3508 <key>Homepage</key>
3509 <dict>
3510 <key>URL</key>
3511 <string>http://example.com</string>
3512 <key>Locked</key>
3513 <true/> | <false/>
3514 <key>Additional</key>
3515 <array>
3516 <string>http://example.org</string>
3517 <string>http://example.edu</string>
3518 </array>
3519 <key>StartPage</key>
3520 <string>none | homepage | previous-session | homepage-locked</string>
3521 </dict>
3522 </dict>
3523 ```
3524 #### policies.json
3525 ```
3526 {
3527 "policies": {
3528 "Homepage": {
3529 "URL": "http://example.com/",
3530 "Locked": true | false,
3531 "Additional": ["http://example.org/",
3532 "http://example.edu/"],
3533 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3534 }
3535 }
3536 }
3537 ```
3538 ### InstallAddonsPermission
3539 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3540
3541 `Allow` is a list of origins where extension installs are allowed.
3542
3543 `Default` determines whether or not extension installs are allowed by default.
3544
3545 **Compatibility:** Firefox 60, Firefox ESR 60\
3546 **CCK2 Equivalent:** `permissions.install`\
3547 **Preferences Affected:** `xpinstall.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
3548
3549 #### Windows (GPO)
3550 ```
3551 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3552 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3553 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3554 ```
3555 #### Windows (Intune)
3556 OMA-URI:
3557 ```
3558 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3559 ```
3560 Value (string):
3561 ```
3562 <enabled/>
3563 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3564 ```
3565 OMA-URI:
3566 ```
3567 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3568 ```
3569 Value (string):
3570 ```
3571 <enabled/>
3572 ```
3573 #### macOS
3574 ```
3575 <dict>
3576 <key>InstallAddonsPermission</key>
3577 <dict>
3578 <key>Allow</key>
3579 <array>
3580 <string>http://example.org</string>
3581 <string>http://example.edu</string>
3582 </array>
3583 <key>Default</key>
3584 <true/> | <false/>
3585 </dict>
3586 </dict>
3587 ```
3588 #### policies.json
3589 ```
3590 {
3591 "policies": {
3592 "InstallAddonsPermission": {
3593 "Allow": ["http://example.org/",
3594 "http://example.edu/"],
3595 "Default": true | false
3596 }
3597 }
3598 }
3599 ```
3600 ### LegacyProfiles
3601 Disable the feature enforcing a separate profile for each installation.
3602
3603 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3604
3605 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3606
3607 This policy only work on Windows via GPO (not policies.json).
3608
3609 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3610 **CCK2 Equivalent:** N/A\
3611 **Preferences Affected:** N/A
3612
3613 #### Windows (GPO)
3614 ```
3615 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3616 ```
3617 #### Windows (Intune)
3618 OMA-URI:
3619 ```
3620 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3621 ```
3622 Value (string):
3623 ```
3624 <enabled/> or <disabled/>
3625 ```
3626 ### LegacySameSiteCookieBehaviorEnabled
3627 Enable default legacy SameSite cookie behavior setting.
3628
3629 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3630
3631 **Compatibility:** Firefox 96\
3632 **CCK2 Equivalent:** N/A\
3633 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3634
3635 #### Windows (GPO)
3636 ```
3637 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3638 ```
3639 #### Windows (Intune)
3640 OMA-URI:
3641 ```
3642 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3643 ```
3644 Value (string):
3645 ```
3646 <enabled/> or <disabled/>
3647 ```
3648 #### macOS
3649 ```
3650 <dict>
3651 <key>LegacySameSiteCookieBehaviorEnabled</key>
3652 <true/> | <false/>
3653 </dict>
3654 ```
3655 #### policies.json
3656 ```
3657 {
3658 "policies": {
3659 "LegacySameSiteCookieBehaviorEnabled": true | false
3660 }
3661 ```
3662 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3663 Revert to legacy SameSite behavior for cookies on specified sites.
3664
3665 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3666
3667 **Compatibility:** Firefox 96\
3668 **CCK2 Equivalent:** N/A\
3669 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3670
3671 #### Windows (GPO)
3672 ```
3673 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3674 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3675 ```
3676 #### Windows (Intune)
3677 OMA-URI:
3678 ```
3679 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3680 ```
3681 Value (string):
3682 ```
3683 <enabled/>
3684 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3685 ```
3686 #### macOS
3687 ```
3688 <dict>
3689 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3690 <array>
3691 <string>example.org</string>
3692 <string>example.edu</string>
3693 </array>
3694 </dict>
3695 ```
3696 #### policies.json
3697 ```
3698 {
3699 "policies": {
3700 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3701 "example.edu"]
3702 }
3703 }
3704 ```
3705 ### LocalFileLinks
3706 Enable linking to local files by origin.
3707
3708 **Compatibility:** Firefox 68, Firefox ESR 68\
3709 **CCK2 Equivalent:** N/A\
3710 **Preferences Affected:** `capability.policy.localfilelinks.*`
3711
3712 #### Windows (GPO)
3713 ```
3714 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3715 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3716 ```
3717 #### Windows (Intune)
3718 OMA-URI:
3719 ```
3720 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3721 ```
3722 Value (string):
3723 ```
3724 <enabled/>
3725 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3726 ```
3727 #### macOS
3728 ```
3729 <dict>
3730 <key>LocalFileLinks</key>
3731 <array>
3732 <string>http://example.org</string>
3733 <string>http://example.edu</string>
3734 </array>
3735 </dict>
3736 ```
3737 #### policies.json
3738 ```
3739 {
3740 "policies": {
3741 "LocalFileLinks": ["http://example.org/",
3742 "http://example.edu/"]
3743 }
3744 }
3745 ```
3746 ### ManagedBookmarks
3747 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3748
3749 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3750
3751 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3752 ```
3753 {
3754 "items": {
3755 "id": "BookmarkType",
3756 "properties": {
3757 "children": {
3758 "items": {
3759 "$ref": "BookmarkType"
3760 },
3761 "type": "array"
3762 },
3763 "name": {
3764 "type": "string"
3765 },
3766 "toplevel_name": {
3767 "type": "string"
3768 },
3769 "url": {
3770 "type": "string"
3771 }
3772 },
3773 "type": "object"
3774 },
3775 "type": "array"
3776 }
3777 ```
3778 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3779 **CCK2 Equivalent:** N/A\
3780 **Preferences Affected:** N/A
3781
3782 #### Windows (GPO)
3783 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3784 ```
3785 [
3786 {
3787 "toplevel_name": "My managed bookmarks folder"
3788 },
3789 {
3790 "url": "example.com",
3791 "name": "Example"
3792 },
3793 {
3794 "name": "Mozilla links",
3795 "children": [
3796 {
3797 "url": "https://mozilla.org",
3798 "name": "Mozilla.org"
3799 },
3800 {
3801 "url": "https://support.mozilla.org/",
3802 "name": "SUMO"
3803 }
3804 ]
3805 }
3806 ]
3807 ```
3808 #### Windows (Intune)
3809 OMA-URI:
3810 ```
3811 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3812 ```
3813 Value (string):
3814 ```
3815 <enabled/>
3816 <data id="JSON" value='
3817 [
3818 {
3819 "toplevel_name": "My managed bookmarks folder"
3820 },
3821 {
3822 "url": "example.com",
3823 "name": "Example"
3824 },
3825 {
3826 "name": "Mozilla links",
3827 "children": [
3828 {
3829 "url": "https://mozilla.org",
3830 "name": "Mozilla.org"
3831 },
3832 {
3833 "url": "https://support.mozilla.org/",
3834 "name": "SUMO"
3835 }
3836 ]
3837 }
3838 ]'/>
3839 ```
3840 #### macOS
3841 ```
3842 <dict>
3843 <key>ManagedBookmarks</key>
3844 <array>
3845 <dict>
3846 <key>toplevel_name</key>
3847 <string>My managed bookmarks folder</string>
3848 <dict>
3849 <key>url</key>
3850 <string>example.com</string>
3851 <key>name</key>
3852 <string>Example</string>
3853 </dict>
3854 <dict>
3855 <key>name</key>
3856 <string>Mozilla links</string>
3857 <key>children</key>
3858 <array>
3859 <dict>
3860 <key>url</key>
3861 <string>https://mozilla.org</string>
3862 <key>name</key>
3863 <string>Mozilla</string>
3864 </dict>
3865 <dict>
3866 <key>url</key>
3867 <string>https://support.mozilla.org/</string>
3868 <key>name</key>
3869 <string>SUMO</string>
3870 </dict>
3871 </array>
3872 </dict>
3873 </array>
3874 </dict>
3875 ```
3876 #### policies.json
3877 ```
3878 {
3879 "policies": {
3880 "ManagedBookmarks": [
3881 {
3882 "toplevel_name": "My managed bookmarks folder"
3883 },
3884 {
3885 "url": "example.com",
3886 "name": "Example"
3887 },
3888 {
3889 "name": "Mozilla links",
3890 "children": [
3891 {
3892 "url": "https://mozilla.org",
3893 "name": "Mozilla.org"
3894 },
3895 {
3896 "url": "https://support.mozilla.org/",
3897 "name": "SUMO"
3898 }
3899 ]
3900 }
3901 ]
3902 }
3903 }
3904 ```
3905 ### ManualAppUpdateOnly
3906
3907 Switch to manual updates only.
3908
3909 If this policy is enabled:
3910 1. The user will never be prompted to install updates
3911 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3912 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3913
3914 This policy is primarily intended for advanced end users, not for enterprises, but it is available via GPO.
3915
3916 **Compatibility:** Firefox 87\
3917 **CCK2 Equivalent:** N/A\
3918 **Preferences Affected:** N/A
3919
3920 #### Windows (GPO)
3921 ```
3922 Software\Policies\Mozilla\Firefox\ManualAppUpdateOnly = 0x1 | 0x0
3923 ```
3924 #### Windows (Intune)
3925 OMA-URI:
3926 ```
3927 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManualAppUpdateOnly
3928 ```
3929 Value (string):
3930 ```
3931 <enabled/> or <disabled/>
3932 ```
3933 #### macOS
3934 ```
3935 <dict>
3936 <key>ManualAppUpdateOnly</key>
3937 <true/> | <false/>
3938 </dict>
3939 ```
3940 #### policies.json
3941 ```
3942 {
3943 "policies": {
3944 "ManualAppUpdateOnly": true | false
3945 }
3946 }
3947 ```
3948 ### NetworkPrediction
3949 Enable or disable network prediction (DNS prefetching).
3950
3951 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3952 **CCK2 Equivalent:** N/A\
3953 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3954
3955 #### Windows (GPO)
3956 ```
3957 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3958 ```
3959 #### Windows (Intune)
3960 OMA-URI:
3961 ```
3962 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3963 ```
3964 Value (string):
3965 ```
3966 <enabled/> or <disabled/>
3967 ```
3968 #### macOS
3969 ```
3970 <dict>
3971 <key>NetworkPrediction</key>
3972 <true/> | <false/>
3973 </dict>
3974 ```
3975 #### policies.json
3976 ```
3977 {
3978 "policies": {
3979 "NetworkPrediction": true | false
3980 }
3981 ```
3982 ### NewTabPage
3983 Enable or disable the New Tab page.
3984
3985 **Compatibility:** Firefox 68, Firefox ESR 68\
3986 **CCK2 Equivalent:** N/A\
3987 **Preferences Affected:** `browser.newtabpage.enabled`
3988
3989 #### Windows (GPO)
3990 ```
3991 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3992 ```
3993 #### Windows (Intune)
3994 OMA-URI:
3995 ```
3996 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3997 ```
3998 Value (string):
3999 ```
4000 <enabled/> or <disabled/>
4001 ```
4002 #### macOS
4003 ```
4004 <dict>
4005 <key>NewTabPage</key>
4006 <true/> | <false/>
4007 </dict>
4008 ```
4009 #### policies.json
4010 ```
4011 {
4012 "policies": {
4013 "NewTabPage": true | false
4014 }
4015 ```
4016 ### NoDefaultBookmarks
4017 Disable the creation of default bookmarks.
4018
4019 This policy is only effective if the user profile has not been created yet.
4020
4021 **Compatibility:** Firefox 60, Firefox ESR 60\
4022 **CCK2 Equivalent:** `removeDefaultBookmarks`\
4023 **Preferences Affected:** N/A
4024
4025 #### Windows (GPO)
4026 ```
4027 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
4028 ```
4029 #### Windows (Intune)
4030 OMA-URI:
4031 ```
4032 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
4033 ```
4034 Value (string):
4035 ```
4036 <enabled/> or <disabled/>
4037 ```
4038 #### macOS
4039 ```
4040 <dict>
4041 <key>NoDefaultBookmarks</key>
4042 <true/> | <false/>
4043 </dict>
4044 ```
4045 #### policies.json
4046 ```
4047 {
4048 "policies": {
4049 "NoDefaultBookmarks": true | false
4050 }
4051 }
4052 ```
4053 ### OfferToSaveLogins
4054 Control whether or not Firefox offers to save passwords.
4055
4056 **Compatibility:** Firefox 60, Firefox ESR 60\
4057 **CCK2 Equivalent:** `dontRememberPasswords`\
4058 **Preferences Affected:** `signon.rememberSignons`
4059
4060 #### Windows (GPO)
4061 ```
4062 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
4063 ```
4064 #### Windows (Intune)
4065 OMA-URI:
4066 ```
4067 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
4068 ```
4069 Value (string):
4070 ```
4071 <enabled/> or <disabled/>
4072 ```
4073 #### macOS
4074 ```
4075 <dict>
4076 <key>OfferToSaveLogins</key>
4077 <true/> | <false/>
4078 </dict>
4079 ```
4080 #### policies.json
4081 ```
4082 {
4083 "policies": {
4084 "OfferToSaveLogins": true | false
4085 }
4086 }
4087 ```
4088 ### OfferToSaveLoginsDefault
4089 Sets the default value of signon.rememberSignons without locking it.
4090
4091 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4092 **CCK2 Equivalent:** `dontRememberPasswords`\
4093 **Preferences Affected:** `signon.rememberSignons`
4094
4095 #### Windows (GPO)
4096 ```
4097 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4098 ```
4099 #### Windows (Intune)
4100 OMA-URI:
4101 ```
4102 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4103 ```
4104 Value (string):
4105 ```
4106 <enabled/> or <disabled/>
4107 ```
4108 #### macOS
4109 ```
4110 <dict>
4111 <key>OfferToSaveLoginsDefault</key>
4112 <true/> | <false/>
4113 </dict>
4114 ```
4115 #### policies.json
4116 ```
4117 {
4118 "policies": {
4119 "OfferToSaveLoginsDefault": true | false
4120 }
4121 }
4122 ```
4123 ### OverrideFirstRunPage
4124 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4125
4126 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4127
4128 **Compatibility:** Firefox 60, Firefox ESR 60\
4129 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4130 **Preferences Affected:** `startup.homepage_welcome_url`
4131
4132 #### Windows (GPO)
4133 ```
4134 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4135 ```
4136 #### Windows (Intune)
4137 OMA-URI:
4138 ```
4139 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4140 ```
4141 Value (string):
4142 ```
4143 <enabled/>
4144 <data id="OverridePage" value="https://example.com"/>
4145 ```
4146 #### macOS
4147 ```
4148 <dict>
4149 <key>OverrideFirstRunPage</key>
4150 <string>http://example.org</string>
4151 </dict>
4152 ```
4153 #### policies.json
4154 ```
4155 {
4156 "policies": {
4157 "OverrideFirstRunPage": "http://example.org"
4158 }
4159 }
4160 ```
4161 ### OverridePostUpdatePage
4162 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4163
4164 **Compatibility:** Firefox 60, Firefox ESR 60\
4165 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4166 **Preferences Affected:** `startup.homepage_override_url`
4167
4168 #### Windows (GPO)
4169 ```
4170 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4171 ```
4172 #### Windows (Intune)
4173 OMA-URI:
4174 ```
4175 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4176 ```
4177 Value (string):
4178 ```
4179 <enabled/>
4180 <data id="OverridePage" value="https://example.com"/>
4181 ```
4182 #### macOS
4183 ```
4184 <dict>
4185 <key>OverridePostUpdatePage</key>
4186 <string>http://example.org</string>
4187 </dict>
4188 ```
4189 #### policies.json
4190 ```
4191 {
4192 "policies": {
4193 "OverridePostUpdatePage": "http://example.org"
4194 }
4195 }
4196 ```
4197 ### PasswordManagerEnabled
4198 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4199
4200 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4201 **CCK2 Equivalent:** N/A\
4202 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4203
4204 #### Windows (GPO)
4205 ```
4206 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4207 ```
4208 #### Windows (Intune)
4209 OMA-URI:
4210 ```
4211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4212 ```
4213 Value (string):
4214 ```
4215 <enabled/> or <disabled/>
4216 ```
4217 #### macOS
4218 ```
4219 <dict>
4220 <key>PasswordManagerEnabled</key>
4221 <true/> | <false/>
4222 </dict>
4223 ```
4224 #### policies.json
4225 ```
4226 {
4227 "policies": {
4228 "PasswordManagerEnabled": true | false
4229 }
4230 }
4231 ```
4232 ### PasswordManagerExceptions
4233 Prevent Firefox from saving passwords for specific sites.
4234
4235 The sites are specified as a list of origins.
4236
4237 **Compatibility:** Firefox 101\
4238 **CCK2 Equivalent:** N/A\
4239 **Preferences Affected:** N/A
4240
4241 #### Windows (GPO)
4242 ```
4243 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4244 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4245 ```
4246 #### Windows (Intune)
4247 OMA-URI:
4248 ```
4249 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4250 ```
4251 Value (string):
4252 ```
4253 <enabled/>
4254 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4255 ```
4256 #### macOS
4257 ```
4258 <dict>
4259 <key>PasswordManagerExceptions</key>
4260 <array>
4261 <string>https://example.org</string>
4262 <string>https://example.edu</string>
4263 </array>
4264 </dict>
4265 ```
4266 #### policies.json
4267 ```
4268 {
4269 "policies": {
4270 "PasswordManagerExceptions": ["https://example.org",
4271 "https://example.edu"]
4272 }
4273 }
4274 ```
4275
4276 ### PDFjs
4277 Disable or configure PDF.js, the built-in PDF viewer.
4278
4279 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4280
4281 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4282
4283 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4284
4285 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4286 **CCK2 Equivalent:** N/A\
4287 **Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
4288
4289 #### Windows (GPO)
4290 ```
4291 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4292 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4293 ```
4294 #### Windows (Intune)
4295 OMA-URI:
4296 ```
4297 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4298 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4299 ```
4300 Value (string):
4301 ```
4302 <enabled/>or <disabled/>
4303 ```
4304 #### macOS
4305 ```
4306 <dict>
4307 <key>PDFjs</key>
4308 <dict>
4309 <key>Enabled</key>
4310 <true/> | <false/>
4311 <key>EnablePermissions</key>
4312 <true/> | <false/>
4313 </dict>
4314 </dict>
4315 ```
4316 #### policies.json
4317 ```
4318 {
4319 "policies": {
4320 "PDFjs": {
4321 "Enabled": true | false,
4322 "EnablePermissions": true | false
4323 }
4324 }
4325 }
4326 ```
4327 ### Permissions
4328 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4329
4330 `Allow` is a list of origins where the feature is allowed.
4331
4332 `Block` is a list of origins where the feature is not allowed.
4333
4334 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4335
4336 `Locked` prevents the user from changing preferences for the feature.
4337
4338 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4339
4340 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4341 **CCK2 Equivalent:** N/A\
4342 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4343
4344 #### Windows (GPO)
4345 ```
4346 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4347 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4348 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4349 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4350 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4351 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4352 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4353 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4354 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4355 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4356 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4357 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4358 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4359 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4360 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4361 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4362 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4363 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4364 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4365 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4366 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4367 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4368 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4369 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4370 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4371 ```
4372 #### Windows (Intune)
4373 OMA-URI:
4374 ```
4375 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4376 ```
4377 Value (string):
4378 ```
4379 <enabled/> or <disabled/>
4380 ```
4381 OMA-URI:
4382 ```
4383 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4384 ```
4385 Value (string):
4386 ```
4387 <enabled/> or <disabled/>
4388 ```
4389 OMA-URI:
4390 ```
4391 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4392 ```
4393 Value (string):
4394 ```
4395 <enabled/>
4396 <data id="Permissions" value="1&#xF000;https://example.org"/>
4397 ```
4398 OMA-URI:
4399 ```
4400 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4401 ```
4402 Value (string):
4403 ```
4404 <enabled/> or <disabled/>
4405 ```
4406 OMA-URI:
4407 ```
4408 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4409 ```
4410 Value (string):
4411 ```
4412 <enabled/> or <disabled/>
4413 ```
4414 OMA-URI:
4415 ```
4416 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4417 ```
4418 Value (string):
4419 ```
4420 <enabled/>
4421 <data id="Permissions" value="1&#xF000;https://example.org"/>
4422 ```
4423 OMA-URI:
4424 ```
4425 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4426 ```
4427 Value (string):
4428 ```
4429 <enabled/>
4430 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4431 ```
4432 OMA-URI:
4433 ```
4434 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4435 ```
4436 Value (string):
4437 ```
4438 <enabled/>
4439 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4440 ```
4441 OMA-URI:
4442 ```
4443 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4444 ```
4445 Value (string):
4446 ```
4447 <enabled/> or <disabled/>
4448 ```
4449 OMA-URI:
4450 ```
4451 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4452 ```
4453 Value (string):
4454 ```
4455 <enabled/>
4456 <data id="Permissions" value="1&#xF000;https://example.org"/>
4457 ```
4458 OMA-URI:
4459 ```
4460 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4461 ```
4462 Value (string):
4463 ```
4464 <enabled/>
4465 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4466 ```
4467 OMA-URI:
4468 ```
4469 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4470 ```
4471 Value (string):
4472 ```
4473 <enabled/> or <disabled/>
4474 ```
4475 OMA-URI:
4476 ```
4477 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4478 ```
4479 Value (string):
4480 ```
4481 <enabled/> or <disabled/>
4482 ```
4483 #### macOS
4484 ```
4485 <dict>
4486 <key>Permissions</key>
4487 <dict>
4488 <key>Camera</key>
4489 <dict>
4490 <key>Allow</key>
4491 <array>
4492 <string>https://example.org</string>
4493 <string>https://example.org:1234</string>
4494 </array>
4495 <key>Block</key>
4496 <array>
4497 <string>https://example.edu</string>
4498 </array>
4499 <key>BlockNewRequests</key>
4500 <true/> | <false/>
4501 <key>Locked</key>
4502 <true/> | <false/>
4503 </dict>
4504 <key>Microphone</key>
4505 <dict>
4506 <key>Allow</key>
4507 <array>
4508 <string>https://example.org</string>
4509 </array>
4510 <key>Block</key>
4511 <array>
4512 <string>https://example.edu</string>
4513 </array>
4514 <key>BlockNewRequests</key>
4515 <true/> | <false/>
4516 <key>Locked</key>
4517 <true/> | <false/>
4518 </dict>
4519 <key>Location</key>
4520 <dict>
4521 <key>Allow</key>
4522 <array>
4523 <string>https://example.org</string>
4524 </array>
4525 <key>Block</key>
4526 <array>
4527 <string>https://example.edu</string>
4528 </array>
4529 <key>BlockNewRequests</key>
4530 <true/> | <false/>
4531 <key>Locked</key>
4532 <true/> | <false/>
4533 </dict>
4534 <key>Notifications</key>
4535 <dict>
4536 <key>Allow</key>
4537 <array>
4538 <string>https://example.org</string>
4539 </array>
4540 <key>Block</key>
4541 <array>
4542 <string>https://example.edu</string>
4543 </array>
4544 <key>BlockNewRequests</key>
4545 <true/>
4546 <key>Locked</key>
4547 <true/>
4548 </dict>
4549 <key>Autoplay</key>
4550 <dict>
4551 <key>Allow</key>
4552 <array>
4553 <string>https://example.org</string>
4554 </array>
4555 <key>Block</key>
4556 <array>
4557 <string>https://example.edu</string>
4558 </array>
4559 <key>Default</key>
4560 <string>allow-audio-video | block-audio | block-audio-video</string>
4561 <key>Locked</key>
4562 <true/> | <false/>
4563 </dict>
4564 </dict>
4565 </dict>
4566 ```
4567 #### policies.json
4568 ```
4569 {
4570 "policies": {
4571 "Permissions": {
4572 "Camera": {
4573 "Allow": ["https://example.org","https://example.org:1234"],
4574 "Block": ["https://example.edu"],
4575 "BlockNewRequests": true | false,
4576 "Locked": true | false
4577 },
4578 "Microphone": {
4579 "Allow": ["https://example.org"],
4580 "Block": ["https://example.edu"],
4581 "BlockNewRequests": true | false,
4582 "Locked": true | false
4583 },
4584 "Location": {
4585 "Allow": ["https://example.org"],
4586 "Block": ["https://example.edu"],
4587 "BlockNewRequests": true | false,
4588 "Locked": true | false
4589 },
4590 "Notifications": {
4591 "Allow": ["https://example.org"],
4592 "Block": ["https://example.edu"],
4593 "BlockNewRequests": true | false,
4594 "Locked": true | false
4595 },
4596 "Autoplay": {
4597 "Allow": ["https://example.org"],
4598 "Block": ["https://example.edu"],
4599 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4600 "Locked": true | false
4601 }
4602 }
4603 }
4604 }
4605 ```
4606 ### PictureInPicture
4607
4608 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4609
4610 **Compatibility:** Firefox 78, Firefox ESR 78\
4611 **CCK2 Equivalent:** N/A\
4612 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4613
4614 #### Windows (GPO)
4615 ```
4616 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4617 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4618
4619 ```
4620 #### Windows (Intune)
4621 OMA-URI:
4622 ```
4623 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4624 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4625 ```
4626 Value (string):
4627 ```
4628 <enabled/> or <disabled/>
4629 ```
4630 #### macOS
4631 ```
4632 <dict>
4633 <key>PictureInPicture</key>
4634 <dict>
4635 <key>Enabled</key>
4636 <true/> | <false/>
4637 <key>Locked</key>
4638 <true/> | <false/>
4639 </dict>
4640 </dict>
4641 ```
4642 #### policies.json
4643 ```
4644 {
4645 "policies": {
4646 "PictureInPicture": {
4647 "Enabled": true | false,
4648 "Locked": true | false
4649 }
4650 }
4651 }
4652 ```
4653 ### PopupBlocking
4654 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4655
4656 `Allow` is a list of origins where popup-windows are allowed.
4657
4658 `Default` determines whether or not pop-up windows are allowed by default.
4659
4660 `Locked` prevents the user from changing pop-up preferences.
4661
4662 **Compatibility:** Firefox 60, Firefox ESR 60\
4663 **CCK2 Equivalent:** `permissions.popup`\
4664 **Preferences Affected:** `dom.disable_open_during_load`
4665
4666 #### Windows (GPO)
4667 ```
4668 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4669 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4670 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4671 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4672 ```
4673 #### Windows (Intune)
4674 OMA-URI:
4675 ```
4676 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4677 ```
4678 Value (string):
4679 ```
4680 <enabled/>
4681 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4682 ```
4683 OMA-URI:
4684 ```
4685 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4686 ```
4687 Value (string):
4688 ```
4689 <enabled/> or <disabled/>
4690 ```
4691 OMA-URI:
4692 ```
4693 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4694 ```
4695 Value (string):
4696 ```
4697 <enabled/> or <disabled/>
4698 ```
4699 #### macOS
4700 ```
4701 <dict>
4702 <key>PopupBlocking</key>
4703 <dict>
4704 <key>Allow</key>
4705 <array>
4706 <string>http://example.org</string>
4707 <string>http://example.edu</string>
4708 </array>
4709 <key>Default</key>
4710 <true/> | <false/>
4711 <key>Locked</key>
4712 <true/> | <false/>
4713 </dict>
4714 </dict>
4715 ```
4716 #### policies.json
4717 ```
4718 {
4719 "policies": {
4720 "PopupBlocking": {
4721 "Allow": ["http://example.org/",
4722 "http://example.edu/"],
4723 "Default": true | false,
4724 "Locked": true | false
4725 }
4726 }
4727 }
4728 ```
4729 ### Preferences
4730 Set and lock preferences.
4731
4732 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4733
4734 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4735
4736 Preferences that start with the following prefixes are supported:
4737 ```
4738 accessibility.
4739 alerts.* (Firefox 122, Firefox ESR 115.7)
4740 app.update.* (Firefox 86, Firefox ESR 78.8)
4741 browser.
4742 datareporting.policy.
4743 dom.
4744 extensions.
4745 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4746 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4747 geo.
4748 gfx.
4749 intl.
4750 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4751 layers.
4752 layout.
4753 media.
4754 network.
4755 pdfjs. (Firefox 84, Firefox ESR 78.6)
4756 places.
4757 pref.
4758 print.
4759 privacy.globalprivacycontrol.enabled (Firefox 127, Firefox ESR 128.0)
4760 privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11)
4761 privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11)
4762 signon. (Firefox 83, Firefox ESR 78.5)
4763 spellchecker. (Firefox 84, Firefox ESR 78.6)
4764 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4765 ui.
4766 widget.
4767 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4768 xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
4769 ```
4770 as well as the following security preferences:
4771
4772 | Preference | Type | Default
4773 | --- | --- | --- |
4774 | security.default_personal_cert | string | Ask Every Time
4775 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4776 | security.disable_button.openCertManager | string | N/A
4777 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4778 | security.disable_button.openDeviceManager | string | N/A
4779 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4780 | security.insecure_connection_text.enabled | bool | false
4781 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4782 | security.insecure_connection_text.pbmode.enabled | bool | false
4783 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4784 | security.mixed_content.block_active_content | boolean | true
4785 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed active content (HTTP subresources such as scripts, fetch requests, etc. on a HTTPS page) will be blocked.
4786 | security.mixed_content.block_display_content | boolean | false
4787 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked. (Firefox 127, Firefox ESR 128.0)
4788 | security.mixed_content.upgrade_display_content | boolean | true
4789 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0)
4790 | security.osclientcerts.autoload | boolean | false
4791 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4792 | security.OCSP.enabled | integer | 1
4793 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4794 | security.OCSP.require | boolean | false
4795 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4796 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4797 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4798 | security.ssl.enable_ocsp_stapling | boolean | true
4799 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4800 | security.ssl.errorReporting.enabled | boolean | true
4801 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4802 | security.ssl.require_safe_negotiation | boolean | false
4803 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4804 | security.tls.enable_0rtt_data | boolean | true
4805 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4806 | security.tls.hello_downgrade_check | boolean | true
4807 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4808 | security.tls.version.enable-deprecated | boolean | false
4809 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4810 | security.warn_submit_secure_to_insecure | boolean | true
4811 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4812
4813 Using the preference as the key, set the `Value` to the corresponding preference value.
4814
4815 `Status` can be "default", "locked", "user" or "clear"
4816
4817 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4818 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4819 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4820 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4821
4822 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4823
4824 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4825
4826 You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.
4827
4828 See the examples below for more detail.
4829
4830 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4831
4832 Status
4833 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4834 **CCK2 Equivalent:** `preferences`\
4835 **Preferences Affected:** Many
4836
4837 #### Windows (GPO)
4838 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4839 ```
4840 {
4841 "accessibility.force_disabled": {
4842 "Value": 1,
4843 "Status": "default",
4844 "Type": "number"
4845
4846 },
4847 "browser.cache.disk.parent_directory": {
4848 "Value": "SOME_NATIVE_PATH",
4849 "Status": "user"
4850 },
4851 "browser.tabs.warnOnClose": {
4852 "Value": false,
4853 "Status": "locked"
4854 }
4855 }
4856 ```
4857 #### Windows (Intune)
4858 OMA-URI:
4859 ```
4860 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4861 ```
4862 Value (string):
4863 ```
4864 <enabled/>
4865 <data id="JSON" value='
4866 {
4867 "accessibility.force_disabled": {
4868 "Value": 1,
4869 "Status": "default",
4870 "Type": "number"
4871 },
4872 "browser.cache.disk.parent_directory": {
4873 "Value": "SOME_NATIVE_PATH",
4874 "Status": "user"
4875 },
4876 "browser.tabs.warnOnClose": {
4877 "Value": false,
4878 "Status": "locked"
4879 }
4880 }'/>
4881 ```
4882 #### macOS
4883 ```
4884 <dict>
4885 <key>Preferences</key>
4886 <dict>
4887 <key>accessibility.force_disabled</key>
4888 <dict>
4889 <key>Value</key>
4890 <integer>1</integer>
4891 <key>Status</key>
4892 <string>default</string>
4893 <key>Type</key>
4894 <string>number</string>
4895 </dict>
4896 <key>browser.cache.disk.parent_directory</key>
4897 <dict>
4898 <key>Value</key>
4899 <string>SOME_NATIVE_PATH</string>
4900 <key>Status</key>
4901 <string>user</string>
4902 </dict>
4903 <key>browser.tabs.warnOnClose</key>
4904 <dict>
4905 <key>Value</key>
4906 <false/>
4907 <key>Status</key>
4908 <string>locked</string>
4909 </dict>
4910 </dict>
4911 </dict>
4912 ```
4913 #### policies.json
4914 ```
4915 {
4916 "policies": {
4917 "Preferences": {
4918 "accessibility.force_disabled": {
4919 "Value": 1,
4920 "Status": "default"
4921 "Type": "number"
4922 },
4923 "browser.cache.disk.parent_directory": {
4924 "Value": "SOME_NATIVE_PATH",
4925 "Status": "user"
4926 },
4927 "browser.tabs.warnOnClose": {
4928 "Value": false,
4929 "Status": "locked"
4930 }
4931 }
4932 }
4933 }
4934 ```
4935 ### PrimaryPassword
4936 Require or prevent using a primary (formerly master) password.
4937
4938 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4939
4940 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4941
4942 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4943 **CCK2 Equivalent:** `noMasterPassword`\
4944 **Preferences Affected:** N/A
4945
4946 #### Windows (GPO)
4947 ```
4948 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4949 ```
4950 #### Windows (Intune)
4951 OMA-URI:
4952 ```
4953 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4954 ```
4955 Value (string):
4956 ```
4957 <enabled/> or <disabled/>
4958 ```
4959 #### macOS
4960 ```
4961 <dict>
4962 <key>PrimaryPassword</key>
4963 <true/> | <false/>
4964 </dict>
4965 ```
4966 #### policies.json
4967 ```
4968 {
4969 "policies": {
4970 "PrimaryPassword": true | false
4971 }
4972 }
4973 ```
4974 ### PrintingEnabled
4975 Enable or disable printing.
4976
4977 **Compatibility:** Firefox 120, Firefox ESR 115.5\
4978 **CCK2 Equivalent:** N/A\
4979 **Preferences Affected:** `print.enabled`
4980
4981 #### Windows (GPO)
4982 ```
4983 Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
4984 ```
4985 #### Windows (Intune)
4986 OMA-URI:
4987 ```
4988 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
4989 ```
4990 Value (string):
4991 ```
4992 <enabled/> or <disabled/>
4993 ```
4994 #### macOS
4995 ```
4996 <dict>
4997 <key>PrintingEnabled</key>
4998 <true/> | <false/>
4999 </dict>
5000 ```
5001 #### policies.json
5002 ```
5003 {
5004 "policies": {
5005 "PrintingEnabled": true | false
5006 }
5007 }
5008 ```
5009 ### PromptForDownloadLocation
5010 Ask where to save each file before downloading.
5011
5012 **Compatibility:** Firefox 68, Firefox ESR 68\
5013 **CCK2 Equivalent:** N/A\
5014 **Preferences Affected:** `browser.download.useDownloadDir`
5015
5016 #### Windows (GPO)
5017 ```
5018 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
5019 ```
5020 #### Windows (Intune)
5021 OMA-URI:
5022 ```
5023 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
5024 ```
5025 Value (string):
5026 ```
5027 <enabled/> or <disabled/>
5028 ```
5029 #### macOS
5030 ```
5031 <dict>
5032 <key>PromptForDownloadLocation</key>
5033 <true/> | <false/>
5034 </dict>
5035 ```
5036 #### policies.json
5037 ```
5038 {
5039 "policies": {
5040 "PromptForDownloadLocation": true | false
5041 }
5042 }
5043 ```
5044 ### Proxy
5045 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5046 To specify ports, append them to the hostnames with a colon (:).
5047
5048 Unless you lock this policy, changes the user already has in place will take effect.
5049
5050 `Mode` is the proxy method being used.
5051
5052 `Locked` is whether or not proxy settings can be changed.
5053
5054 `HTTPProxy` is the HTTP proxy server.
5055
5056 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5057
5058 `SSLProxy` is the SSL proxy server.
5059
5060 `FTPProxy` is the FTP proxy server.
5061
5062 `SOCKSProxy` is the SOCKS proxy server
5063
5064 `SOCKSVersion` is the SOCKS version (4 or 5)
5065
5066 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5067
5068 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5069
5070 `AutoLogin` means do not prompt for authentication if password is saved.
5071
5072 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5073
5074 **Compatibility:** Firefox 60, Firefox ESR 60\
5075 **CCK2 Equivalent:** `networkProxy*`\
5076 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5077
5078 #### Windows (GPO)
5079 ```
5080 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5081 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5082 Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
5083 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5084 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5085 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5086 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5087 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5088 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5089 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5090 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5091 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5092 ```
5093 #### Windows (Intune)
5094 **Note**
5095 These setttings were moved to a category to make them easier to configure via Intune.
5096
5097 OMA-URI:
5098 ```
5099 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5100 ```
5101 Value (string):
5102 ```
5103 <enabled/> or <disabled/>
5104 ```
5105 OMA-URI:
5106 ```
5107 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5108 ```
5109 Value (string):
5110 ```
5111 <enabled/>
5112 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5113 ```
5114 OMA-URI:
5115 ```
5116 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5117 ```
5118 Value (string):
5119 ```
5120 <enabled/>
5121 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5122 ```
5123 OMA-URI:
5124 ```
5125 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5126 ```
5127 Value (string):
5128 ```
5129 <enabled/> or <disabled/>
5130 ```
5131 OMA-URI:
5132 ```
5133 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5134 ```
5135 Value (string):
5136 ```
5137 <enabled/>
5138 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5139 ```
5140 OMA-URI:
5141 ```
5142 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5143 ```
5144 Value (string):
5145 ```
5146 <enabled/>
5147 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5148 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5149 ```
5150 OMA-URI:
5151 ```
5152 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5153 ```
5154 Value (string):
5155 ```
5156 <enabled/>
5157 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5158 ```
5159 OMA-URI:
5160 ```
5161 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5162 ```
5163 Value (string):
5164 ```
5165 <enabled/>
5166 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5167 ```
5168 OMA-URI:
5169 ```
5170 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5171 ```
5172 Value (string):
5173 ```
5174 <enabled/> or <disabled/>
5175 ```
5176 OMA-URI:
5177 ```
5178 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5179 ```
5180 Value (string):
5181 ```
5182 <enabled/> or <disabled/>
5183 ```
5184 OMA-URI (Old way):
5185 ```
5186 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5187 ```
5188 Value (string):
5189 ```
5190 <enabled/>
5191 <data id="ProxyLocked" value="true | false"/>
5192 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5193 <data id="HTTPProxy" value="httpproxy.example.com"/>
5194 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5195 <data id="SSLProxy" value="sslproxy.example.com"/>
5196 <data id="FTPProxy" value="ftpproxy.example.com"/>
5197 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5198 <data id="SOCKSVersion" value="4 | 5"/>
5199 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5200 <data id="Passthrough" value="<local>"/>
5201 <data id="AutoLogin" value="true | false"/>
5202 <data id="UseProxyForDNS" value="true | false"/>
5203 ```
5204 #### macOS
5205 ```
5206 <dict>
5207 <key>Proxy</key>
5208 <dict>
5209 <key>Mode</key>
5210 <string>none | system | manual | autoDetect | autoConfig</string>
5211 <key>Locked</key>
5212 <true> | </false>
5213 <key>HTTPProxy</key>
5214 <string>https://httpproxy.example.com</string>
5215 <key>UseHTTPProxyForAllProtocols</key>
5216 <true> | </false>
5217 <key>SSLProxy</key>
5218 <string>https://sslproxy.example.com</string>
5219 <key>FTPProxy</key>
5220 <string>https://ftpproxy.example.com</string>
5221 <key>SOCKSProxy</key>
5222 <string>https://socksproxy.example.com</string>
5223 <key>SOCKSVersion</key>
5224 <string>4 | 5</string>
5225 <key>Passthrough</key>
5226 <string>&lt;local>&gt;</string>
5227 <key>AutoConfigURL</key>
5228 <string>URL_TO_AUTOCONFIG</string>
5229 <key>AutoLogin</key>
5230 <true> | </false>
5231 <key>UseProxyForDNS</key>
5232 <true> | </false>
5233 </dict>
5234 </dict>
5235 ```
5236 #### policies.json
5237 ```
5238 {
5239 "policies": {
5240 "Proxy": {
5241 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5242 "Locked": true | false,
5243 "HTTPProxy": "hostname",
5244 "UseHTTPProxyForAllProtocols": true | false,
5245 "SSLProxy": "hostname",
5246 "FTPProxy": "hostname",
5247 "SOCKSProxy": "hostname",
5248 "SOCKSVersion": 4 | 5,
5249 "Passthrough": "<local>",
5250 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5251 "AutoLogin": true | false,
5252 "UseProxyForDNS": true | false
5253 }
5254 }
5255 }
5256 ```
5257 ### RequestedLocales
5258 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5259
5260 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5261
5262 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5263 **CCK2 Equivalent:** N/A\
5264 **Preferences Affected:** N/A
5265 #### Windows (GPO)
5266 ```
5267 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5268 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5269
5270 or
5271
5272 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5273 ```
5274 #### Windows (Intune)
5275 OMA-URI:
5276 ```
5277 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5278 ```
5279 Value (string):
5280 ```
5281 <enabled/>
5282 <data id="Preferences_String" value="de,en-US"/>
5283 ```
5284 #### macOS
5285 ```
5286 <dict>
5287 <key>RequestedLocales</key>
5288 <array>
5289 <string>de</string>
5290 <string>en-US</string>
5291 </array>
5292 </dict>
5293
5294 or
5295
5296 <dict>
5297 <key>RequestedLocales</key>
5298 <string>de,en-US</string>
5299 </dict>
5300
5301 ```
5302 #### policies.json
5303 ```
5304 {
5305 "policies": {
5306 "RequestedLocales": ["de", "en-US"]
5307 }
5308 }
5309
5310 or
5311
5312 {
5313 "policies": {
5314 "RequestedLocales": "de,en-US"
5315 }
5316 }
5317 ```
5318 <a name="SanitizeOnShutdown"></a>
5319
5320 ### SanitizeOnShutdown (Selective)
5321 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5322
5323 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5324
5325 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5326 **CCK2 Equivalent:** N/A\
5327 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5328 #### Windows (GPO)
5329 ```
5330 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5331 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5332 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5333 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5334 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5335 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5336 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5337 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5338 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5339 ```
5340 #### Windows (Intune)
5341 OMA-URI:
5342 ```
5343 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5344 ```
5345 Value (string):
5346 ```
5347 <enabled/> or <disabled/>
5348 ```
5349 OMA-URI:
5350 ```
5351 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5352 ```
5353 Value (string):
5354 ```
5355 <enabled/> or <disabled/>
5356 ```
5357 OMA-URI:
5358 ```
5359 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5360 ```
5361 Value (string):
5362 ```
5363 <enabled/> or <disabled/>
5364 ```
5365 OMA-URI:
5366 ```
5367 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5368 ```
5369 Value (string):
5370 ```
5371 <enabled/> or <disabled/>
5372 ```
5373 OMA-URI:
5374 ```
5375 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5376 ```
5377 Value (string):
5378 ```
5379 <enabled/> or <disabled/>
5380 ```
5381 OMA-URI:
5382 ```
5383 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5384 ```
5385 Value (string):
5386 ```
5387 <enabled/> or <disabled/>
5388 ```
5389 OMA-URI:
5390 ```
5391 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5392 ```
5393 Value (string):
5394 ```
5395 <enabled/> or <disabled/>
5396 ```
5397 OMA-URI:
5398 ```
5399 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5400 ```
5401 Value (string):
5402 ```
5403 <enabled/> or <disabled/>
5404 ```
5405 OMA-URI:
5406 ```
5407 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5408 ```
5409 Value (string):
5410 ```
5411 <enabled/> or <disabled/>
5412 ```
5413 #### macOS
5414 ```
5415 <dict>
5416 <key>SanitizeOnShutdown</key>
5417 <dict>
5418 <key>Cache</key>
5419 <true/> | <false/>
5420 <key>Cookies</key>
5421 <true/> | <false/>
5422 <key>Downloads</key>
5423 <true/> | <false/>
5424 <key>FormData</key>
5425 <true/> | <false/>
5426 <key>History</key>
5427 <true/> | <false/>
5428 <key>Sessions</key>
5429 <true/> | <false/>
5430 <key>SiteSettings</key>
5431 <true/> | <false/>
5432 <key>OfflineApps</key>
5433 <true/> | <false/>
5434 <key>Locked</key>
5435 <true/> | <false/>
5436 </dict>
5437 </dict>
5438 ```
5439 #### policies.json
5440 ```
5441 {
5442 "policies": {
5443 "SanitizeOnShutdown": {
5444 "Cache": true | false,
5445 "Cookies": true | false,
5446 "Downloads": true | false,
5447 "FormData": true | false,
5448 "History": true | false,
5449 "Sessions": true | false,
5450 "SiteSettings": true | false,
5451 "OfflineApps": true | false,
5452 "Locked": true | false
5453 }
5454 }
5455 }
5456 ```
5457 ### SanitizeOnShutdown (All)
5458 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5459
5460 **Compatibility:** Firefox 60, Firefox ESR 60\
5461 **CCK2 Equivalent:** N/A\
5462 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5463 #### Windows (GPO)
5464 ```
5465 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5466 ```
5467 #### Windows (Intune)
5468 OMA-URI:
5469 ```
5470 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5471 ```
5472 Value (string):
5473 ```
5474 <enabled/> or <disabled/>
5475 ```
5476 #### macOS
5477 ```
5478 <dict>
5479 <key>SanitizeOnShutdown</key>
5480 <true/> | <false/>
5481 </dict>
5482 ```
5483 #### policies.json
5484 ```
5485 {
5486 "policies": {
5487 "SanitizeOnShutdown": true | false
5488 }
5489 }
5490 ```
5491 ### SearchBar
5492 Set whether or not search bar is displayed.
5493
5494 **Compatibility:** Firefox 60, Firefox ESR 60\
5495 **CCK2 Equivalent:** `showSearchBar`\
5496 **Preferences Affected:** N/A
5497
5498 #### Windows (GPO)
5499 ```
5500 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5501 ```
5502
5503 #### Windows (Intune)
5504 OMA-URI:
5505 ```
5506 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5507 ```
5508 Value (string):
5509 ```
5510 <enabled/>
5511 <data id="SearchBar" value="unified | separate"/>
5512 ```
5513 #### macOS
5514 ```
5515 <dict>
5516 <key>SearchBar</key>
5517 <string>unified | separate</string>
5518 </dict>
5519 ```
5520 #### policies.json
5521 ```
5522 {
5523 "policies": {
5524 "SearchBar": "unified" | "separate"
5525 }
5526 }
5527 ```
5528 <a name="SearchEngines"></a>
5529
5530 ### SearchEngines (This policy is only available on the ESR.)
5531
5532 ### SearchEngines | Add
5533
5534 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5535
5536 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5537
5538 `Name` is the name of the search engine.
5539
5540 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5541
5542 `Method` is either GET or POST
5543
5544 `IconURL` is a URL for the icon to use.
5545
5546 `Alias` is a keyword to use for the engine.
5547
5548 `Description` is a description of the search engine.
5549
5550 `PostData` is the POST data as name value pairs separated by &.
5551
5552 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5553
5554 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5555
5556 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5557 **CCK2 Equivalent:** `searchplugins`\
5558 **Preferences Affected:** N/A
5559
5560 #### Windows (GPO)
5561 ```
5562 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5563 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5564 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5565 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5566 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5567 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5568 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5569 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5570 ```
5571 #### Windows (Intune)
5572 OMA-URI:
5573 ```
5574 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5575 ```
5576 Value (string):
5577 ```
5578 <enabled/>
5579 <data id="SearchEngine_Name" value="Example1"/>
5580 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5581 <data id="SearchEngine_Method" value="GET | POST"/>
5582 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5583 <data id="SearchEngine_Alias" value="example"/>
5584 <data id="SearchEngine_Description" value="Example Description"/>
5585 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5586 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5587 ```
5588 #### macOS
5589 ```
5590 <dict>
5591 <key>SearchEngines</key>
5592 <dict>
5593 <key>Add</key>
5594 <array>
5595 <dict>
5596 <key>Name</key>
5597 <string>Example1</string>
5598 <key>URLTemplate</key>
5599 <string>https://www.example.org/q={searchTerms}</string>
5600 <key>Method</key>
5601 <string>GET | POST </string>
5602 <key>IconURL</key>
5603 <string>https://www.example.org/favicon.ico</string>
5604 <key>Alias</key>
5605 <string>example</string>
5606 <key>Description</key>
5607 <string>Example Description</string>
5608 <key>SuggestURLTemplate</key>
5609 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5610 <key>PostData</key>
5611 <string>name=value&q={searchTerms}</string>
5612 </dict>
5613 <array>
5614 </dict>
5615 </dict>
5616 ```
5617 #### policies.json
5618 ```
5619 {
5620 "policies": {
5621 "SearchEngines": {
5622 "Add": [
5623 {
5624 "Name": "Example1",
5625 "URLTemplate": "https://www.example.org/q={searchTerms}",
5626 "Method": "GET" | "POST",
5627 "IconURL": "https://www.example.org/favicon.ico",
5628 "Alias": "example",
5629 "Description": "Description",
5630 "PostData": "name=value&q={searchTerms}",
5631 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5632 }
5633 ]
5634 }
5635 }
5636 }
5637 ```
5638 ### SearchEngines | Default
5639
5640 Set the default search engine. This policy is only available on the ESR.
5641
5642 **Compatibility:** Firefox ESR 60\
5643 **CCK2 Equivalent:** `defaultSearchEngine`\
5644 **Preferences Affected:** N/A
5645
5646 #### Windows (GPO)
5647 ```
5648 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5649 ```
5650 #### Windows (Intune)
5651 OMA-URI:
5652 ```
5653 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5654 ```
5655 Value (string):
5656 ```
5657 <enabled/>
5658 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5659 ```
5660 #### macOS
5661 ```
5662 <dict>
5663 <key>SearchEngines</key>
5664 <dict>
5665 <key>Default</key>
5666 <string>NAME_OF_SEARCH_ENGINE</string>
5667 </dict>
5668 </dict>
5669 ```
5670 #### policies.json
5671 ```
5672 {
5673 "policies": {
5674 "SearchEngines": {
5675 "Default": "NAME_OF_SEARCH_ENGINE"
5676 }
5677 }
5678 }
5679 ```
5680 ### SearchEngines | PreventInstalls
5681
5682 Prevent installing search engines from webpages.
5683
5684 **Compatibility:** Firefox ESR 60\
5685 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5686 **Preferences Affected:** N/A
5687
5688 #### Windows (GPO)
5689 ```
5690 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5691 ```
5692 #### Windows (Intune)
5693 OMA-URI:
5694 ```
5695 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5696 ```
5697 Value (string):
5698 ```
5699 <enabled/> or <disabled/>
5700 ```
5701 #### macOS
5702 ```
5703 <dict>
5704 <key>SearchEngines</key>
5705 <dict>
5706 <key>PreventInstalls</key>
5707 <true/> | <false/>
5708 </dict>
5709 </dict>
5710 ```
5711 #### policies.json
5712 ```
5713 {
5714 "policies": {
5715 "SearchEngines": {
5716 "PreventInstalls": true | false
5717 }
5718 }
5719 }
5720 ```
5721 ### SearchEngines | Remove
5722
5723 Hide built-in search engines. This policy is only available on the ESR.
5724
5725 **Compatibility:** Firefox ESR 60.2\
5726 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5727 **Preferences Affected:** N/A
5728
5729 #### Windows (GPO)
5730 ```
5731 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5732 ```
5733 #### Windows (Intune)
5734 OMA-URI:
5735 ```
5736 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5737 ```
5738 Value (string):
5739 ```
5740 <enabled/>
5741 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5742 ```
5743 #### macOS
5744 ```
5745 <dict>
5746 <key>SearchEngines</key>
5747 <dict>
5748 <key>Remove</key>
5749 <array>
5750 <string>NAME_OF_SEARCH_ENGINE</string>
5751 </array>
5752 </dict>
5753 </dict>
5754 ```
5755 #### policies.json
5756 ```
5757 {
5758 "policies": {
5759 "SearchEngines": {
5760 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5761 }
5762 }
5763 }
5764 ```
5765 ### SearchSuggestEnabled
5766
5767 Enable search suggestions.
5768
5769 **Compatibility:** Firefox 68, Firefox ESR 68\
5770 **CCK2 Equivalent:** N/A\
5771 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5772
5773 #### Windows (GPO)
5774 ```
5775 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5776 ```
5777 #### Windows (Intune)
5778 OMA-URI:
5779 ```
5780 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5781 ```
5782 Value (string):
5783 ```
5784 <enabled/> or <disabled/>
5785 ```
5786 #### macOS
5787 ```
5788 <dict>
5789 <key>SearchSuggestEnabled</key>
5790 <true/> | <false/>
5791 </dict>
5792 ```
5793 #### policies.json
5794 ```
5795 {
5796 "policies": {
5797 "SearchSuggestEnabled": true | false
5798 }
5799 }
5800 ```
5801 ### SecurityDevices
5802
5803 Add or delete PKCS #11 modules.
5804
5805 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5806 **CCK2 Equivalent:** N/A\
5807 **Preferences Affected:** N/A
5808
5809 #### Windows (GPO)
5810 ```
5811 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5812 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5813 ```
5814 #### Windows (Intune)
5815 OMA-URI:
5816 ```
5817 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5818 ```
5819 Value (string):
5820 ```
5821 <enabled/>
5822 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5823 ```
5824 OMA-URI:
5825 ```
5826 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5827 ```
5828 Value (string):
5829 ```
5830 <enabled/>
5831 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5832 ```
5833 #### macOS
5834 ```
5835 <dict>
5836 <key>SecurityDevices</key>
5837 <dict>
5838 <key>Add<key>
5839 <dict>
5840 <key>NAME_OF_DEVICE_TO_ADD</key>
5841 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5842 </dict>
5843 <key>Delete</add>
5844 <array>
5845 <string>NAME_OF_DEVICE_TO_DELETE</string>
5846 </array>
5847 </dict>
5848 </dict>
5849 ```
5850 #### policies.json
5851 ```
5852 {
5853 "policies": {
5854 "SecurityDevices": {
5855 "Add": {
5856 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5857 },
5858 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5859 }
5860 }
5861 }
5862 ```
5863 ### SecurityDevices (Deprecated)
5864
5865 Install PKCS #11 modules.
5866
5867 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5868 **CCK2 Equivalent:** `certs.devices`\
5869 **Preferences Affected:** N/A
5870
5871 #### Windows (GPO)
5872 ```
5873 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5874 ```
5875 #### Windows (Intune)
5876 OMA-URI:
5877 ```
5878 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5879 ```
5880 Value (string):
5881 ```
5882 <enabled/>
5883 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5884 ```
5885 #### macOS
5886 ```
5887 <dict>
5888 <key>SecurityDevices</key>
5889 <dict>
5890 <key>NAME_OF_DEVICE</key>
5891 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5892 </dict>
5893 </dict>
5894 ```
5895 #### policies.json
5896 ```
5897 {
5898 "policies": {
5899 "SecurityDevices": {
5900 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5901 }
5902 }
5903 }
5904 ```
5905 ### ShowHomeButton
5906 Show the home button on the toolbar.
5907
5908 Future versions of Firefox will not show the home button by default.
5909
5910 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5911 **CCK2 Equivalent:** N/A\
5912 **Preferences Affected:** N/A
5913
5914 #### Windows (GPO)
5915 ```
5916 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5917 ```
5918 #### Windows (Intune)
5919 OMA-URI:
5920 ```
5921 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5922 ```
5923 Value (string):
5924 ```
5925 <enabled/> or <disabled/>
5926 ```
5927 #### macOS
5928 ```
5929 <dict>
5930 <key>ShowHomeButton</key>
5931 <true/> | <false/>
5932 </dict>
5933 ```
5934 #### policies.json
5935 ```
5936 {
5937 "policies": {
5938 "ShowHomeButton": true | false
5939 }
5940 }
5941 ```
5942 ### SSLVersionMax
5943
5944 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5945
5946 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5947 **CCK2 Equivalent:** N/A\
5948 **Preferences Affected:** `security.tls.version.max`
5949
5950 #### Windows (GPO)
5951 ```
5952 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5953 ```
5954 #### Windows (Intune)
5955 OMA-URI:
5956 ```
5957 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5958 ```
5959 Value (string):
5960 ```
5961 <enabled/>
5962 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5963 ```
5964 #### macOS
5965 ```
5966 <dict>
5967 <key>SSLVersionMax</key>
5968 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5969 </dict>
5970 ```
5971
5972 #### policies.json
5973 ```
5974 {
5975 "policies": {
5976 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5977 }
5978 }
5979 ```
5980 ### SSLVersionMin
5981
5982 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5983
5984 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5985 **CCK2 Equivalent:** N/A\
5986 **Preferences Affected:** `security.tls.version.min`
5987
5988 #### Windows (GPO)
5989 ```
5990 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5991 ```
5992 #### Windows (Intune)
5993 OMA-URI:
5994 ```
5995 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5996 ```
5997 Value (string):
5998 ```
5999 <enabled/>
6000 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
6001 ```
6002 #### macOS
6003 ```
6004 <dict>
6005 <key>SSLVersionMin</key>
6006 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
6007 </dict>
6008 ```
6009
6010 #### policies.json
6011 ```
6012 {
6013 "policies": {
6014 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6015 }
6016 }
6017 ```
6018 ### StartDownloadsInTempDirectory
6019 Force downloads to start off in a local, temporary location rather than the default download directory.
6020
6021 **Compatibility:** Firefox 102\
6022 **CCK2 Equivalent:** N/A\
6023 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
6024
6025 #### Windows (GPO)
6026 ```
6027 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
6028 ```
6029 #### Windows (Intune)
6030 OMA-URI:
6031 ```
6032 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
6033 ```
6034 Value (string):
6035 ```
6036 <enabled/> or <disabled/>
6037 ```
6038 #### macOS
6039 ```
6040 <dict>
6041 <key>StartDownloadsInTempDirectory</key>
6042 <true/> | <false/>
6043 </dict>
6044 ```
6045 #### policies.json
6046 ```
6047 {
6048 "policies": {
6049 "StartDownloadsInTempDirectory": true | false
6050 }
6051 ```
6052 ### SupportMenu
6053 Add a menuitem to the help menu for specifying support information.
6054
6055 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
6056 **CCK2 Equivalent:** helpMenu\
6057 **Preferences Affected:** N/A
6058
6059 #### Windows (GPO)
6060 ```
6061 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
6062 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
6063 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
6064 ```
6065 #### Windows (Intune)
6066 OMA-URI:
6067 ```
6068 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
6069 ```
6070 Value (string):
6071 ```
6072 <enabled/>
6073 <data id="SupportMenuTitle" value="Support Menu"/>
6074 <data id="SupportMenuURL" value="http://example.com/support"/>
6075 <data id="SupportMenuAccessKey" value="S"/>
6076 ```
6077 #### macOS
6078 ```
6079 <dict>
6080 <key>SupportMenu</key>
6081 <dict>
6082 <key>Title</key>
6083 <string>SupportMenu</string>
6084 <key>URL</key>
6085 <string>http://example.com/support</string>
6086 <key>AccessKey</key>
6087 <string>S</string>
6088 </dict>
6089 </dict>
6090 ```
6091 #### policies.json
6092 ```
6093 {
6094 "policies": {
6095 "SupportMenu": {
6096 "Title": "Support Menu",
6097 "URL": "http://example.com/support",
6098 "AccessKey": "S"
6099 }
6100 }
6101 }
6102 ```
6103 ### TranslateEnabled
6104 Enable or disable webpage translation.
6105
6106 Note: Web page translation is done completely on the client, so there is no data or privacy risk.
6107
6108 If you only want to disable the popup, you can set the pref `browser.translations.automaticallyPopup` to false using the [Preferences](#preferences) policy.
6109
6110 **Compatibility:** Firefox 126\
6111 **CCK2 Equivalent:** N/A\
6112 **Preferences Affected:** `browser.translations.enable`
6113
6114 #### Windows (GPO)
6115 ```
6116 Software\Policies\Mozilla\Firefox\TranslateEnabled = 0x1 | 0x0
6117 ```
6118 #### Windows (Intune)
6119 OMA-URI:
6120 ```
6121 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TranslateEnabled
6122 ```
6123 Value (string):
6124 ```
6125 <enabled/> or <disabled/>
6126 ```
6127 #### macOS
6128 ```
6129 <dict>
6130 <key>TranslateEnabled</key>
6131 <true/> | <false/>
6132 </dict>
6133 ```
6134 #### policies.json
6135 ```
6136 {
6137 "policies": {
6138 "TranslateEnabled": true | false
6139 }
6140 }
6141 ```
6142 ### UserMessaging
6143
6144 Prevent Firefox from messaging the user in certain situations.
6145
6146 `WhatsNew` Remove the "What's New" icon and menuitem. (*Deprecated*)
6147
6148 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6149
6150 `FeatureRecommendations` If false, don't recommend browser features.
6151
6152 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6153
6154 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6155
6156 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6157
6158 `Locked` prevents the user from changing user messaging preferences.
6159
6160 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6161 **CCK2 Equivalent:** N/A\
6162 **Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6163
6164 #### Windows (GPO)
6165 ```
6166 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6167 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6168 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6169 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6170 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6171 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
6172 ```
6173 #### Windows (Intune)
6174 OMA-URI:
6175 ```
6176 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6177 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6178 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6179 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6180 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6181 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
6182 ```
6183 Value (string):
6184 ```
6185 <enabled/> or <disabled/>
6186 ```
6187 #### macOS
6188 ```
6189 <dict>
6190 <key>UserMessaging</key>
6191 <dict>
6192 <key>ExtensionRecommendations</key>
6193 <true/> | <false/>
6194 <key>FeatureRecommendations</key>
6195 <true/> | <false/>
6196 <key>UrlbarInterventions</key>
6197 <true/> | <false/>
6198 <key>SkipOnboarding</key>
6199 <true/> | <false/>
6200 <key>MoreFromMozilla</key>
6201 <true/> | <false/>
6202 <key>Locked</key>
6203 <true/> | <false/>
6204 </dict>
6205 </dict>
6206 ```
6207 #### policies.json
6208 ```
6209 {
6210 "policies": {
6211 "UserMessaging": {
6212 "ExtensionRecommendations": true | false,
6213 "FeatureRecommendations": true | false,
6214 "UrlbarInterventions": true | false,
6215 "SkipOnboarding": true | false,
6216 "MoreFromMozilla": true | false,
6217 "Locked": true | false
6218 }
6219 }
6220 }
6221 ```
6222 ### UseSystemPrintDialog
6223 Use the system print dialog instead of the print preview window.
6224
6225 **Compatibility:** Firefox 102\
6226 **CCK2 Equivalent:** N/A\
6227 **Preferences Affected:** `print.prefer_system_dialog`
6228
6229 #### Windows (GPO)
6230 ```
6231 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6232 ```
6233 #### Windows (Intune)
6234 OMA-URI:
6235 ```
6236 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6237 ```
6238 Value (string):
6239 ```
6240 <enabled/> or <disabled/>
6241 ```
6242 #### macOS
6243 ```
6244 <dict>
6245 <key>UseSystemPrintDialog</key>
6246 <true/> | <false/>
6247 </dict>
6248 ```
6249 #### policies.json
6250 ```
6251 {
6252 "policies": {
6253 "UseSystemPrintDialog": true | false
6254 }
6255 }
6256 ```
6257 ### WebsiteFilter
6258 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6259 The arrays are limited to 1000 entries each.
6260
6261 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6262
6263 For specific protocols, use `https://*/*` or `http://*/*`.
6264
6265 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6266
6267 **Compatibility:** Firefox 60, Firefox ESR 60\
6268 **CCK2 Equivalent:** N/A\
6269 **Preferences Affected:** N/A
6270
6271 #### Windows (GPO)
6272 ```
6273 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6274 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6275 ```
6276 #### Windows (Intune)
6277 OMA-URI:
6278 ```
6279 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6280 ```
6281 Value (string):
6282 ```
6283 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6284 ```
6285 OMA-URI:
6286 ```
6287 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6288 ```
6289 Value (string):
6290 ```
6291 <enabled/>
6292 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6293 ```
6294 #### macOS
6295 ```
6296 <dict>
6297 <key>WebsiteFilter</key>
6298 <dict>
6299 <key>Block</key>
6300 <array>
6301 <string><all_urls></string>
6302 </array>
6303 <key>Exceptions</key>
6304 <array>
6305 <string>http://example.org/*</string>
6306 </array>
6307 </dict>
6308
6309 </dict>
6310 ```
6311 #### policies.json
6312 ```
6313 {
6314 "policies": {
6315 "WebsiteFilter": {
6316 "Block": ["<all_urls>"],
6317 "Exceptions": ["http://example.org/*"]
6318 }
6319 }
6320 }
6321 ```
6322 ### WindowsSSO
6323 Allow Windows single sign-on for Microsoft, work, and school accounts.
6324
6325 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6326
6327 **Compatibility:** Firefox 91\
6328 **CCK2 Equivalent:** N/A\
6329 **Preferences Affected:** `network.http.windows-sso.enabled`
6330
6331 #### Windows (GPO)
6332 ```
6333 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6334 ```
6335 #### Windows (Intune)
6336 OMA-URI:
6337 ```
6338 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6339 ```
6340 Value (string):
6341 ```
6342 <enabled/> or <disabled/>
6343 ```
6344 #### policies.json
6345 ```
6346 {
6347 "policies": {
6348 "WindowsSSO": true | false
6349 }
6350 }
6351 ```

patrick-canterino.de