]> git.p6c8.net - policy-templates.git/blob - docs/index.md
Merge pull request #1107 from vossni/master
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
21 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
22 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
23 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
24 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
25 | **[`AutofillAddressEnabled`](#autofilladdressenabled)** | Enable autofill for addresses.
26 | **[`AutofillCreditCardEnabled`](#autofillcreditcardenabled)** | Enable autofill for payment methods.
27 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
28 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
29 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
30 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
31 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
32 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
33 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
34 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
35 | **[`Certificates`](#certificates)** |
36 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
37 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
38 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
39 | **[`Cookies`](#cookies)** | Configure cookie preferences.
40 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
41 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
42 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
43 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
44 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
45 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
46 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
47 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
48 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
49 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
50 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
51 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
52 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
53 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
54 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
55 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
56 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
57 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
58 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
59 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
60 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
61 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
62 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
63 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
64 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
65 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
66 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
67 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
68 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
69 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
70 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
71 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
72 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
73 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
74 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
75 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
76 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
77 | **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
78 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
79 | **[`Handlers`](#handlers)** | Configure default application handlers.
80 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
81 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
82 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
83 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
84 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
85 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
86 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
87 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
88 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
89 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
90 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
91 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
92 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
93 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
94 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
95 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
96 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
97 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
98 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
99 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
100 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
101 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
102 | **[`Preferences`](#preferences)** | Set and lock preferences.
103 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
104 | **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
105 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
106 | **[`Proxy`](#proxy)** | Configure proxy settings.
107 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
108 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
109 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
110 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
111 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
112 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
113 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
114 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
115 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
116 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
117 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
118 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
119 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
120 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
121 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
122 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
123 | **[`TranslateEnabled`](#translateenabled)** | Enable or disable webpage translation.
124 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
125 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
126 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
127 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
128
129 ### 3rdparty
130
131 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/enterprise-development/#how-to-add-policy).
132
133 For GPO and Intune, the extension developer should provide an ADMX file.
134
135 **Compatibility:** Firefox 68\
136 **CCK2 Equivalent:** N/A\
137 **Preferences Affected:** N/A
138
139 #### macOS
140 ```
141 <dict>
142 <key>3rdparty</key>
143 <dict>
144 <key>Extensions</key>
145 <dict>
146 <key>uBlock0@raymondhill.net</key>
147 <dict>
148 <key>adminSettings</key>
149 <dict>
150 <key>selectedFilterLists</key>
151 <array>
152 <string>ublock-privacy</string>
153 <string>ublock-badware</string>
154 <string>ublock-filters</string>
155 <string>user-filters</string>
156 </array>
157 </dict>
158 </dict>
159 </dict>
160 </dict>
161 </dict>
162 ```
163 #### policies.json
164 ```
165 {
166 "policies": {
167 "3rdparty": {
168 "Extensions": {
169 "uBlock0@raymondhill.net": {
170 "adminSettings": {
171 "selectedFilterLists": [
172 "ublock-privacy",
173 "ublock-badware",
174 "ublock-filters",
175 "user-filters"
176 ]
177 }
178 }
179 }
180 }
181 }
182 }
183 ```
184
185 ### AllowedDomainsForApps
186
187 Define domains allowed to access Google Workspace.
188
189 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
190
191 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
192
193 **Compatibility:** Firefox 89, Firefox ESR 78.11\
194 **CCK2 Equivalent:** N/A\
195 **Preferences Affected:** N/A
196
197 #### Windows (GPO)
198 ```
199 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
200 ```
201 #### Windows (Intune)
202 OMA-URI:
203 ```
204 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
205 ```
206 Value (string):
207 ```
208 <enabled/>
209 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
210 ```
211 #### macOS
212 ```
213 <dict>
214 <key>AllowedDomainsForApps</key>
215 <string>managedfirefox.com,example.com</string>
216 </dict>
217 ```
218 #### policies.json
219 ```
220 {
221 "policies": {
222 "AllowedDomainsForApps": "managedfirefox.com,example.com"
223 }
224 }
225 ```
226 ### AllowFileSelectionDialogs
227
228 Enable or disable file selection dialogs.
229
230 **Compatibility:** Firefox 124\
231 **CCK2 Equivalent:** N/A\
232 **Preferences Affected:** `widget.disable_file_pickers`
233
234 #### Windows (GPO)
235 ```
236 Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0
237 ```
238 #### Windows (Intune)
239 OMA-URI:
240 ```
241 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate
242 ```
243 Value (string):
244 ```
245 <enabled/> or <disabled/>
246 ```
247 #### macOS
248 ```
249 <dict>
250 <key>AllowFileSelectionDialogs</key>
251 <true/> | <false/>
252 </dict>
253 ```
254 #### policies.json
255 ```
256 {
257 "policies": {
258 "AllowFileSelectionDialogs": true | false
259 }
260 }
261 ```
262 ### AppAutoUpdate
263
264 Enable or disable **automatic** application update.
265
266 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
267
268 If set to false, application updates are downloaded but the user can choose when to install the update.
269
270 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
271
272 **Compatibility:** Firefox 75, Firefox ESR 68.7\
273 **CCK2 Equivalent:** N/A\
274 **Preferences Affected:** `app.update.auto`
275
276 #### Windows (GPO)
277 ```
278 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
279 ```
280 #### Windows (Intune)
281 OMA-URI:
282 ```
283 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
284 ```
285 Value (string):
286 ```
287 <enabled/> or <disabled/>
288 ```
289 #### macOS
290 ```
291 <dict>
292 <key>AppAutoUpdate</key>
293 <true/> | <false/>
294 </dict>
295 ```
296 #### policies.json
297 ```
298 {
299 "policies": {
300 "AppAutoUpdate": true | false
301 }
302 }
303 ```
304 ### AppUpdatePin
305
306 Prevent Firefox from being updated beyond the specified version.
307
308 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
309
310 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
311
312 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
313
314 **Compatibility:** Firefox 102,\
315 **CCK2 Equivalent:** N/A\
316 **Preferences Affected:** N/A
317
318 #### Windows (GPO)
319 ```
320 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
321 ```
322 #### Windows (Intune)
323 OMA-URI:
324 ```
325 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
326 ```
327 Value (string):
328 ```
329 <enabled/>
330 <data id="AppUpdatePin" value="106."/>
331 ```
332 #### macOS
333 ```
334 <dict>
335 <key>AppUpdatePin</key>
336 <string>106.</string>
337 </dict>
338 ```
339 #### policies.json
340 ```
341 {
342 "policies": {
343 "AppUpdatePin": "106."
344 }
345 }
346 ```
347 ### AppUpdateURL
348
349 Change the URL for application update if you are providing Firefox updates from a custom update server.
350
351 **Compatibility:** Firefox 62, Firefox ESR 60.2\
352 **CCK2 Equivalent:** N/A\
353 **Preferences Affected:** `app.update.url`
354
355 #### Windows (GPO)
356 ```
357 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
358 ```
359 #### Windows (Intune)
360 OMA-URI:
361 ```
362 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
363 ```
364 Value (string):
365 ```
366 <enabled/>
367 <data id="AppUpdateURL" value="https://yoursite.com"/>
368 ```
369 #### macOS
370 ```
371 <dict>
372 <key>AppUpdateURL</key>
373 <string>https://yoursite.com</string>
374 </dict>
375 ```
376 #### policies.json
377 ```
378 {
379 "policies": {
380 "AppUpdateURL": "https://yoursite.com"
381 }
382 }
383 ```
384 ### Authentication
385
386 Configure sites that support integrated authentication.
387
388 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
389
390 `PrivateBrowsing` enables integrated authentication in private browsing.
391
392 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
393 **CCK2 Equivalent:** N/A\
394 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
395
396 #### Windows (GPO)
397 ```
398 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
399 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
400 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
401 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
402 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
403 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
404 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
405 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
406 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
407 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
408 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
409 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
410 ```
411 #### Windows (Intune)
412 OMA-URI:
413 ```
414 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
415 ```
416 Value (string):
417 ```
418 <enabled/>
419 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
420 ```
421 OMA-URI:
422 ```
423 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
424 ```
425 Value (string):
426 ```
427 <enabled/>
428 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
429 ```
430 OMA-URI:
431 ```
432 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
433 ```
434 Value (string):
435 ```
436 <enabled/>
437 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
438 ```
439 OMA-URI:
440 ```
441 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
442 ```
443 Value (string):
444 ```
445 <enabled/>
446 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
447 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
448 ```
449 OMA-URI:
450 ```
451 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
452 ```
453 Value (string):
454 ```
455 <enabled/> or <disabled/>
456 ```
457 OMA-URI:
458 ```
459 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
460 ```
461 Value (string):
462 ```
463 <enabled/> or <disabled/>
464 ```
465 #### macOS
466 ```
467 <dict>
468 <key>Authentication</key>
469 <dict>
470 <key>SPNEGO</key>
471 <array>
472 <string>mydomain.com</string>
473 <string>https://myotherdomain.com</string>
474 </array>
475 <key>Delegated</key>
476 <array>
477 <string>mydomain.com</string>
478 <string>https://myotherdomain.com</string>
479 </array>
480 <key>NTLM</key>
481 <array>
482 <string>mydomain.com</string>
483 <string>https://myotherdomain.com</string>
484 </array>
485 <key>AllowNonFQDN</key>
486 <dict>
487 <key>SPNEGO</key>
488 <true/> | <false/>
489 <key>NTLM</key>
490 <true/> | <false/>
491 </dict>
492 <key>AllowProxies</key>
493 <dict>
494 <key>SPNEGO</key>
495 <true/> | <false/>
496 <key>NTLM</key>
497 <true/> | <false/>
498 </dict>
499 <key>Locked</key>
500 <true/> | <false/>
501 <key>PrivateBrowsing</key>
502 <true/> | <false/>
503 </dict>
504 </dict>
505 ```
506 #### policies.json
507 ```
508 {
509 "policies": {
510 "Authentication": {
511 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
512 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
513 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
514 "AllowNonFQDN": {
515 "SPNEGO": true | false,
516 "NTLM": true | false
517 },
518 "AllowProxies": {
519 "SPNEGO": true | false,
520 "NTLM": true | false
521 },
522 "Locked": true | false,
523 "PrivateBrowsing": true | false
524 }
525 }
526 }
527 ```
528 ### AutofillAddressEnabled
529
530 Enables or disables autofill for addresses.
531
532 This only applies when address autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/automatically-fill-your-address-web-forms) for more information.
533
534 **Compatibility:** Firefox 125, Firefox ESR 115.10\
535 **CCK2 Equivalent:** N/A\
536 **Preferences Affected:** `extensions.formautofill.addresses.enabled`
537
538 #### Windows (GPO)
539 ```
540 Software\Policies\Mozilla\Firefox\AutofillAddressEnabled = 0x1 | 0x0
541 ```
542 #### Windows (Intune)
543 OMA-URI:
544 ```
545 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillAddressEnabled
546 ```
547 Value (string):
548 ```
549 <enabled/> or <disabled/>
550 ```
551 #### macOS
552 ```
553 <dict>
554 <key>AutofillAddressEnabled</key>
555 <true/> | <false/>
556 </dict>
557 ```
558 #### policies.json
559 ```
560 {
561 "policies": {
562 "AutofillAddressEnabled": true | false
563 }
564 }
565 ```
566 ### AutofillCreditCardEnabled
567
568 Enables or disables autofill for payment methods.
569
570 This only applies when payment method autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/credit-card-autofill) for more information.
571
572 **Compatibility:** Firefox 125, Firefox ESR 115.10\
573 **CCK2 Equivalent:** N/A\
574 **Preferences Affected:** `extensions.formautofill.creditCards.enabled`
575
576 #### Windows (GPO)
577 ```
578 Software\Policies\Mozilla\Firefox\AutofillCreditCardEnabled = 0x1 | 0x0
579 ```
580 #### Windows (Intune)
581 OMA-URI:
582 ```
583 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillCreditCardEnabled
584 ```
585 Value (string):
586 ```
587 <enabled/> or <disabled/>
588 ```
589 #### macOS
590 ```
591 <dict>
592 <key>AutofillCreditCardEnabled</key>
593 <true/> | <false/>
594 </dict>
595 ```
596 #### policies.json
597 ```
598 {
599 "policies": {
600 "AutofillCreditCardEnabled": true | false
601 }
602 }
603 ```
604 ### AutoLaunchProtocolsFromOrigins
605 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
606
607 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
608
609 The schema is:
610 ```
611 {
612 "items": {
613 "properties": {
614 "allowed_origins": {
615 "items": {
616 "type": "string"
617 },
618 "type": "array"
619 },
620 "protocol": {
621 "type": "string"
622 }
623 },
624 "required": [
625 "protocol",
626 "allowed_origins"
627 ],
628 "type": "object"
629 },
630 "type": "array"
631 }
632 ```
633 **Compatibility:** Firefox 90, Firefox ESR 78.12\
634 **CCK2 Equivalent:** N/A\
635 **Preferences Affected:** N/A
636
637 #### Windows (GPO)
638 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
639 ```
640 [
641 {
642 "protocol": "zoommtg",
643 "allowed_origins": [
644 "https://somesite.zoom.us"
645 ]
646 }
647 ]
648 ```
649 #### Windows (Intune)
650 OMA-URI:
651 ```
652 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
653 ```
654 Value (string):
655 ```
656 <enabled/>
657 <data id="JSON" value='
658 [
659 {
660 "protocol": "zoommtg",
661 "allowed_origins": [
662 "https://somesite.zoom.us"
663 ]
664 }
665 ]'/>
666 ```
667 #### macOS
668 ```
669 <dict>
670 <key>AutoLaunchProtocolsFromOrigins</key>
671 <array>
672 <dict>
673 <key>protocol</key>
674 <string>zoommtg</string>
675 <key>allowed_origins</key>
676 <array>
677 <string>https://somesite.zoom.us</string>
678 </array>
679 </dict>
680 </array>
681 </dict>
682 ```
683 #### policies.json
684 ```
685 {
686 "policies": {
687 "AutoLaunchProtocolsFromOrigins": [{
688 "protocol": "zoommtg",
689 "allowed_origins": [
690 "https://somesite.zoom.us"
691 ]
692 }]
693 }
694 }
695 ```
696 ### BackgroundAppUpdate
697
698 Enable or disable **automatic** application update **in the background**, when the application is not running.
699
700 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
701
702 If set to false, the application will not try to install updates when the application is not running.
703
704 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
705
706 If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows).
707
708 **Compatibility:** Firefox 90 (Windows only)\
709 **CCK2 Equivalent:** N/A\
710 **Preferences Affected:** `app.update.background.enabled`
711
712 #### Windows (GPO)
713 ```
714 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
715 ```
716 #### Windows (Intune)
717 OMA-URI:
718 ```
719 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
720 ```
721 Value (string):
722 ```
723 <enabled/> or <disabled/>
724 ```
725 #### macOS
726 ```
727 <dict>
728 <key>BackgroundAppUpdate</key>
729 <true/> | <false/>
730 </dict>
731 ```
732 #### policies.json
733 ```
734 {
735 "policies": {
736 "BackgroundAppUpdate": true | false
737 }
738 }
739 ```
740 ### BlockAboutAddons
741
742 Block access to the Add-ons Manager (about:addons).
743
744 **Compatibility:** Firefox 60, Firefox ESR 60\
745 **CCK2 Equivalent:** `disableAddonsManager`\
746 **Preferences Affected:** N/A
747
748 #### Windows (GPO)
749 ```
750 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
751 ```
752 #### Windows (Intune)
753 OMA-URI:
754 ```
755 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
756 ```
757 Value (string):
758 ```
759 <enabled/> or <disabled/>
760 ```
761 #### macOS
762 ```
763 <dict>
764 <key>BlockAboutAddons</key>
765 <true/> | <false/>
766 </dict>
767 ```
768 #### policies.json
769 ```
770 {
771 "policies": {
772 "BlockAboutAddons": true | false
773 }
774 }
775 ```
776 ### BlockAboutConfig
777
778 Block access to about:config.
779
780 **Compatibility:** Firefox 60, Firefox ESR 60\
781 **CCK2 Equivalent:** `disableAboutConfig`\
782 **Preferences Affected:** N/A
783
784 #### Windows (GPO)
785 ```
786 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
787 ```
788 #### Windows (Intune)
789 OMA-URI:
790 ```
791 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
792 ```
793 Value (string):
794 ```
795 <enabled/> or <disabled/>
796 ```
797 #### macOS
798 ```
799 <dict>
800 <key>BlockAboutConfig</key>
801 <true/> | <false/>
802 </dict>
803 ```
804 #### policies.json
805 ```
806 {
807 "policies": {
808 "BlockAboutConfig": true | false
809 }
810 }
811 ```
812 ### BlockAboutProfiles
813
814 Block access to About Profiles (about:profiles).
815
816 **Compatibility:** Firefox 60, Firefox ESR 60\
817 **CCK2 Equivalent:** `disableAboutProfiles`\
818 **Preferences Affected:** N/A
819
820 #### Windows (GPO)
821 ```
822 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
823 ```
824 #### Windows (Intune)
825 OMA-URI:
826 ```
827 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
828 ```
829 Value (string):
830 ```
831 <enabled/> or <disabled/>
832 ```
833 #### macOS
834 ```
835 <dict>
836 <key>BlockAboutProfiles</key>
837 <true/> | <false/>
838 </dict>
839 ```
840 #### policies.json
841 ```
842 {
843 "policies": {
844 "BlockAboutProfiles": true | false
845 }
846 }
847 ```
848 ### BlockAboutSupport
849
850 Block access to Troubleshooting Information (about:support).
851
852 **Compatibility:** Firefox 60, Firefox ESR 60\
853 **CCK2 Equivalent:** `disableAboutSupport`\
854 **Preferences Affected:** N/A
855
856 #### Windows (GPO)
857 ```
858 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
859 ```
860 #### Windows (Intune)
861 OMA-URI:
862 ```
863 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
864 ```
865 Value (string):
866 ```
867 <enabled/> or <disabled/>
868 ```
869 #### macOS
870 ```
871 <dict>
872 <key>BlockAboutSupport</key>
873 <true/> | <false/>
874 </dict>
875 ```
876 #### policies.json
877 ```
878 {
879 "policies": {
880 "BlockAboutSupport": true | false
881 }
882 }
883 ```
884 ### Bookmarks
885
886 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
887
888 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
889
890 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
891
892 **Compatibility:** Firefox 60, Firefox ESR 60\
893 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
894 **Preferences Affected:** N/A
895
896 #### Windows (GPO)
897 ```
898 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
899 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
900 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
901 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
902 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
903
904 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
905 ```
906 []
907 ```
908
909 ```
910 #### Windows (Intune)
911 OMA-URI:
912 ```
913 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
914 ```
915 Value (string):
916 ```
917 <enabled/>
918 <data id="BookmarkTitle" value="Example"/>
919 <data id="BookmarkURL" value="https://example.com"/>
920 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
921 <data id="BookmarkPlacement" value="toolbar | menu"/>
922 <data id="BookmarkFolder" value="FolderName"/>
923 ```
924 OMA-URI:
925 ```
926 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
927 ```
928 Value (string):
929 ```
930 <enabled/>
931 <data id="JSON" value='[]'/>
932 ```
933 #### macOS
934 ```
935 <dict>
936 <key>Bookmarks</key>
937 <array>
938 <dict>
939 <key>Title</key>
940 <string>Example</string>
941 <key>URL</key>
942 <string>https://example.com</string>
943 <key>Favicon</key>
944 <string>https://example.com/favicon.ico</string>
945 <key>Placement</key>
946 <string>toolbar | menu</string>
947 <key>Folder</key>
948 <string>FolderName</string>
949 </dict>
950 </array>
951 </dict>
952 ```
953 #### policies.json
954 ```
955 {
956 "policies": {
957 "Bookmarks": [
958 {
959 "Title": "Example",
960 "URL": "https://example.com",
961 "Favicon": "https://example.com/favicon.ico",
962 "Placement": "toolbar" | "menu",
963 "Folder": "FolderName"
964 }
965 ]
966 }
967 }
968 ```
969 ### CaptivePortal
970 Enable or disable the detection of captive portals.
971
972 **Compatibility:** Firefox 67, Firefox ESR 60.7\
973 **CCK2 Equivalent:** N/A\
974 **Preferences Affected:** `network.captive-portal-service.enabled`
975
976 #### Windows (GPO)
977 ```
978 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
979 ```
980 #### Windows (Intune)
981 OMA-URI:
982 ```
983 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
984 ```
985 Value (string):
986 ```
987 <enabled/> or <disabled/>
988 ```
989 #### macOS
990 ```
991 <dict>
992 <key>CaptivePortal</key>
993 <true/> | <false/>
994 </dict>
995 ```
996 #### policies.json
997 ```
998 {
999 "policies": {
1000 "CaptivePortal": true | false
1001 }
1002 }
1003 ```
1004 ### Certificates
1005
1006 ### Certificates | ImportEnterpriseRoots
1007
1008 Trust certificates that have been added to the operating system certificate store by a user or administrator.
1009
1010 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
1011
1012 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
1013
1014 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
1015 **CCK2 Equivalent:** N/A\
1016 **Preferences Affected:** `security.enterprise_roots.enabled`
1017
1018 #### Windows (GPO)
1019 ```
1020 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
1021 ```
1022 #### Windows (Intune)
1023 OMA-URI:
1024 ```
1025 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
1026 ```
1027 Value (string):
1028 ```
1029 <enabled/> or <disabled/>
1030 ```
1031 #### macOS
1032 ```
1033 <dict>
1034 <key>Certificates</key>
1035 <dict>
1036 <key>ImportEnterpriseRoots</key>
1037 <true/> | <false/>
1038 </dict>
1039 </dict>
1040 ```
1041 #### policies.json
1042 ```
1043 {
1044 "policies": {
1045 "Certificates": {
1046 "ImportEnterpriseRoots": true | false
1047 }
1048 }
1049 }
1050 ```
1051 ### Certificates | Install
1052
1053 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
1054
1055 - Windows
1056 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
1057 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
1058 - macOS
1059 - /Library/Application Support/Mozilla/Certificates
1060 - ~/Library/Application Support/Mozilla/Certificates
1061 - Linux
1062 - /usr/lib/mozilla/certificates
1063 - /usr/lib64/mozilla/certificates
1064 - ~/.mozilla/certificates
1065
1066 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
1067
1068 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
1069
1070 Certificates are installed using the trust string `CT,CT,`.
1071
1072 Binary (DER) and ASCII (PEM) certificates are both supported.
1073
1074 **Compatibility:** Firefox 64, Firefox ESR 64\
1075 **CCK2 Equivalent:** `certs.ca`\
1076 **Preferences Affected:** N/A
1077
1078 #### Windows (GPO)
1079 ```
1080 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
1081 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
1082 ```
1083 #### Windows (Intune)
1084 OMA-URI:
1085 ```
1086 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
1087 ```
1088 Value (string):
1089 ```
1090 <enabled/>
1091 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
1092 ```
1093 #### macOS
1094 ```
1095 <dict>
1096 <key>Certificates</key>
1097 <dict>
1098 <key>Install</key>
1099 <array>
1100 <string>cert1.der</string>
1101 <string>/Users/username/cert2.pem</string>
1102 </array>
1103 </dict>
1104 </dict>
1105 ```
1106 #### policies.json
1107 ```
1108 {
1109 "policies": {
1110 "Certificates": {
1111 "Install": ["cert1.der", "/home/username/cert2.pem"]
1112 }
1113 }
1114 }
1115 ```
1116 ### Containers
1117 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1118
1119 Currently you can set the initial set of containers.
1120
1121 For each container, you can specify the name, icon, and color.
1122
1123 | Name | Description |
1124 | --- | --- |
1125 | `name`| Name of container
1126 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1127 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1128
1129 **Compatibility:** Firefox 113\
1130 **CCK2 Equivalent:** N/A\
1131 **Preferences Affected:** N/A
1132
1133 #### Windows (GPO)
1134 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1135 ```
1136 {
1137 "Default": [
1138 {
1139 "name": "My container",
1140 "icon": "pet",
1141 "color": "turquoise"
1142 }
1143 ]
1144 }
1145 ```
1146 #### Windows (Intune)
1147 OMA-URI:
1148 ```
1149 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1150 ```
1151 Value (string):
1152 ```
1153 <enabled/>
1154 <data id="JSON" value='
1155 {
1156 "Default": [
1157 {
1158 "name": "My container",
1159 "icon": "pet",
1160 "color": "turquoise"
1161 }
1162 ]
1163 }
1164 '/>
1165 ```
1166 #### macOS
1167 ```
1168 <dict>
1169 <key>Default</key>
1170 <dict>
1171 <key>Containers</key>
1172 <array>
1173 <dict>
1174 <key>name</key>
1175 <string>My container</string>
1176 <key>icon</key>
1177 <string>pet</string>
1178 <key>color</key>
1179 <string>turquoise</string>
1180 </dict>
1181 </array>
1182 </dict>
1183 </dict>
1184 ```
1185 #### policies.json
1186 ```
1187 {
1188 "policies": {
1189 "Containers": {
1190 "Default": [
1191 {
1192 "name": "My container",
1193 "icon": "pet",
1194 "color": "turquoise"
1195 }
1196 ]
1197 }
1198 }
1199 }
1200 ```
1201 ### Cookies
1202 Configure cookie preferences.
1203
1204 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1205
1206 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1207
1208 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1209
1210 `Behavior` sets the default behavior for cookies based on the values below.
1211
1212 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1213
1214 | Value | Description
1215 | --- | --- |
1216 | accept | Accept all cookies
1217 | reject-foreign | Reject third party cookies
1218 | reject | Reject all cookies
1219 | limit-foreign | Reject third party cookies for sites you haven't visited
1220 | reject-tracker | Reject cookies for known trackers (default)
1221 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1222
1223 `Locked` prevents the user from changing cookie preferences.
1224
1225 `Default` determines whether cookies are accepted at all. (*Deprecated*. Use `Behavior` instead)
1226
1227 `AcceptThirdParty` determines how third-party cookies are handled. (*Deprecated*. Use `Behavior` instead)
1228
1229 `RejectTracker` only rejects cookies for trackers. (*Deprecated*. Use `Behavior` instead)
1230
1231 `ExpireAtSessionEnd` determines when cookies expire. (*Deprecated*. Use [`SanitizeOnShutdown`](#sanitizeonshutdown-selective) instead)
1232
1233 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1234 **CCK2 Equivalent:** N/A\
1235 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1236
1237 #### Windows (GPO)
1238 ```
1239 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1240 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1241 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1242 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1243 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1244 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1245 ```
1246 #### Windows (Intune)
1247 OMA-URI:
1248 ```
1249 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1250 ```
1251 Value (string):
1252 ```
1253 <enabled/>
1254 <data id="Permissions" value="1&#xF000;https://example.com"/>
1255 ```
1256 OMA-URI:
1257 ```
1258 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1259 ```
1260 Value (string):
1261 ```
1262 <enabled/>
1263 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1264 ```
1265 OMA-URI:
1266 ```
1267 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1268 ```
1269 Value (string):
1270 ```
1271 <enabled/>
1272 <data id="Permissions" value="1&#xF000;https://example.org"/>
1273 ```
1274 OMA-URI:
1275 ```
1276 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1277 ```
1278 Value (string):
1279 ```
1280 <enabled/> or <disabled/>
1281 ```
1282 OMA-URI:
1283 ```
1284 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1285 ```
1286 Value (string):
1287 ```
1288 <enabled/>
1289 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1290 ```
1291 OMA-URI:
1292 ```
1293 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1294 ```
1295 Value (string):
1296 ```
1297 <enabled/>
1298 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1299 ```
1300 #### macOS
1301 ```
1302 <dict>
1303 <key>Cookies</key>
1304 <dict>
1305 <key>Allow</key>
1306 <array>
1307 <string>http://example.com</string>
1308 </array>
1309 <key>AllowSession</key>
1310 <array>
1311 <string>http://example.edu</string>
1312 </array>
1313 <key>Block</key>
1314 <array>
1315 <string>http://example.org</string>
1316 </array>
1317 <key>Locked</key>
1318 <true/> | <false/>
1319 <key>Behavior</key>
1320 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1321 <key>BehaviorPrivateBrowsing</key>
1322 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1323 </dict>
1324 </dict>
1325 ```
1326 #### policies.json
1327 ```
1328 {
1329 "policies": {
1330 "Cookies": {
1331 "Allow": ["http://example.org/"],
1332 "AllowSession": ["http://example.edu/"],
1333 "Block": ["http://example.edu/"],
1334 "Locked": true | false,
1335 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1336 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1337 }
1338 }
1339 }
1340 ```
1341 ### DefaultDownloadDirectory
1342 Set the default download directory.
1343
1344 You can use ${home} for the native home directory.
1345
1346 **Compatibility:** Firefox 68, Firefox ESR 68\
1347 **CCK2 Equivalent:** N/A\
1348 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1349
1350 #### Windows (GPO)
1351 ```
1352 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1353 ```
1354 #### Windows (Intune)
1355 OMA-URI:
1356 ```
1357 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1358 ```
1359 Value (string):
1360 ```
1361 <enabled/>
1362 <data id="Preferences_String" value="${home}\Downloads"/>
1363 ```
1364 #### macOS
1365 ```
1366 <dict>
1367 <key>DefaultDownloadDirectory</key>
1368 <string>${home}/Downloads</string>
1369 </dict>
1370 ```
1371 #### policies.json (macOS and Linux)
1372 ```
1373 {
1374 "policies": {
1375 "DefaultDownloadDirectory": "${home}/Downloads"
1376 }
1377 }
1378 ```
1379 #### policies.json (Windows)
1380 ```
1381 {
1382 "policies": {
1383 "DefaultDownloadDirectory": "${home}\\Downloads"
1384 }
1385 }
1386 ```
1387 ### DisableAppUpdate
1388 Turn off application updates within Firefox.
1389
1390 **Compatibility:** Firefox 60, Firefox ESR 60\
1391 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1392 **Preferences Affected:** N/A
1393
1394 #### Windows (GPO)
1395 ```
1396 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1397 ```
1398 #### Windows (Intune)
1399 OMA-URI:
1400 ```
1401 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1402 ```
1403 Value (string):
1404 ```
1405 <enabled/> or <disabled/>
1406 ```
1407 #### macOS
1408 ```
1409 <dict>
1410 <key>DisableAppUpdate</key>
1411 <true/> | <false/>
1412 </dict>
1413 ```
1414 #### policies.json
1415 ```
1416 {
1417 "policies": {
1418 "DisableAppUpdate": true | false
1419 }
1420 }
1421 ```
1422 ### DisableBuiltinPDFViewer
1423 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1424
1425 **Compatibility:** Firefox 60, Firefox ESR 60\
1426 **CCK2 Equivalent:** `disablePDFjs`\
1427 **Preferences Affected:** `pdfjs.disabled`
1428
1429 #### Windows (GPO)
1430 ```
1431 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1432 ```
1433 #### Windows (Intune)
1434 OMA-URI:
1435 ```
1436 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1437 ```
1438 Value (string):
1439 ```
1440 <enabled/> or <disabled/>
1441 ```
1442 #### macOS
1443 ```
1444 <dict>
1445 <key>DisableBuiltinPDFViewer</key>
1446 <true/> | <false/>
1447 </dict>
1448 ```
1449 #### policies.json
1450 ```
1451 {
1452 "policies": {
1453 "DisableBuiltinPDFViewer": true | false
1454 }
1455 }
1456 ```
1457 ### DisabledCiphers
1458 Disable specific cryptographic ciphers, listed below.
1459
1460 ```
1461 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1462 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1463 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1464 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1465 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1466 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1467 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1468 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1469 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1470 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1471 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1472 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1473 TLS_RSA_WITH_AES_128_GCM_SHA256
1474 TLS_RSA_WITH_AES_256_GCM_SHA384
1475 TLS_RSA_WITH_AES_128_CBC_SHA
1476 TLS_RSA_WITH_AES_256_CBC_SHA
1477 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1478 ```
1479
1480 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1481
1482 ---
1483 **Note:**
1484
1485 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1486
1487 ---
1488 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1489 **CCK2 Equivalent:** N/A\
1490 **Preferences Affected:** N/A
1491
1492 #### Windows (GPO)
1493 ```
1494 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1495 ```
1496 #### Windows (Intune)
1497 OMA-URI:
1498 ```
1499 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1500
1501 ```
1502 Value (string):
1503 ```
1504 <enabled/> or <disabled/>
1505 ```
1506 #### macOS
1507 ```
1508 <dict>
1509 <key>DisabledCiphers</key>
1510 <dict>
1511 <key>CIPHER_NAME</key>
1512 <true/> | <false/>
1513 </dict>
1514 </dict>
1515 ```
1516 #### policies.json
1517 ```
1518 {
1519 "policies": {
1520 "DisabledCiphers": {
1521 "CIPHER_NAME": true | false,
1522 }
1523 }
1524 }
1525 ```
1526 ### DisableDefaultBrowserAgent
1527 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1528
1529 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1530
1531 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1532 **CCK2 Equivalent:** N/A\
1533 **Preferences Affected:** N/A
1534
1535 #### Windows (GPO)
1536 ```
1537 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1538 ```
1539 #### Windows (Intune)
1540 OMA-URI:
1541 ```
1542 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1543 ```
1544 Value (string):
1545 ```
1546 <enabled/> or <disabled/>
1547 ```
1548 #### policies.json
1549 ```
1550 {
1551 "policies": {
1552 "DisableDefaultBrowserAgent": true | false
1553 }
1554 }
1555 ```
1556 ### DisableDeveloperTools
1557 Remove access to all developer tools.
1558
1559 **Compatibility:** Firefox 60, Firefox ESR 60\
1560 **CCK2 Equivalent:** `removeDeveloperTools`\
1561 **Preferences Affected:** `devtools.policy.disabled`
1562
1563 #### Windows (GPO)
1564 ```
1565 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1566 ```
1567 #### Windows (Intune)
1568 OMA-URI:
1569 ```
1570 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1571 ```
1572 Value (string):
1573 ```
1574 <enabled/> or <disabled/>
1575 ```
1576 #### macOS
1577 ```
1578 <dict>
1579 <key>DisableDeveloperTools</key>
1580 <true/> | <false/>
1581 </dict>
1582 ```
1583 #### policies.json
1584 ```
1585 {
1586 "policies": {
1587 "DisableDeveloperTools": true | false
1588 }
1589 }
1590 ```
1591 ### DisableFeedbackCommands
1592 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1593
1594 **Compatibility:** Firefox 60, Firefox ESR 60\
1595 **CCK2 Equivalent:** N/A\
1596 **Preferences Affected:** N/A
1597
1598 #### Windows (GPO)
1599 ```
1600 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1601 ```
1602 #### Windows (Intune)
1603 OMA-URI:
1604 ```
1605 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1606 ```
1607 Value (string):
1608 ```
1609 <enabled/> or <disabled/>
1610 ```
1611 #### macOS
1612 ```
1613 <dict>
1614 <key>DisableFeedbackCommands</key>
1615 <true/> | <false/>
1616 </dict>
1617 ```
1618 #### policies.json
1619 ```
1620 {
1621 "policies": {
1622 "DisableFeedbackCommands": true | false
1623 }
1624 }
1625 ```
1626 ### DisableFirefoxAccounts
1627 Disable Firefox Accounts integration (Sync).
1628
1629 **Compatibility:** Firefox 60, Firefox ESR 60\
1630 **CCK2 Equivalent:** `disableSync`\
1631 **Preferences Affected:** `identity.fxaccounts.enabled`
1632
1633 #### Windows (GPO)
1634 ```
1635 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1636 ```
1637 #### Windows (Intune)
1638 OMA-URI:
1639 ```
1640 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1641 ```
1642 Value (string):
1643 ```
1644 <enabled/> or <disabled/>
1645 ```
1646 #### macOS
1647 ```
1648 <dict>
1649 <key>DisableFirefoxAccounts</key>
1650 <true/> | <false/>
1651 </dict>
1652 ```
1653 #### policies.json
1654 ```
1655 {
1656 "policies": {
1657 "DisableFirefoxAccounts": true | false
1658 }
1659 }
1660 ```
1661 ### DisableFirefoxScreenshots
1662 Remove access to Firefox Screenshots.
1663
1664 **Compatibility:** Firefox 60, Firefox ESR 60\
1665 **CCK2 Equivalent:** N/A\
1666 **Preferences Affected:** `extensions.screenshots.disabled`
1667
1668 #### Windows (GPO)
1669 ```
1670 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1671 ```
1672 #### Windows (Intune)
1673 OMA-URI:
1674 ```
1675 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1676 ```
1677 Value (string):
1678 ```
1679 <enabled/> or <disabled/>
1680 ```
1681 #### macOS
1682 ```
1683 <dict>
1684 <key>DisableFirefoxScreenshots</key>
1685 <true/> | <false/>
1686 </dict>
1687 ```
1688 #### policies.json
1689 ```
1690 {
1691 "policies": {
1692 "DisableFirefoxScreenshots": true | false
1693 }
1694 }
1695 ```
1696 ### DisableFirefoxStudies
1697 Disable Firefox studies (Shield).
1698
1699 **Compatibility:** Firefox 60, Firefox ESR 60\
1700 **CCK2 Equivalent:** N/A\
1701 **Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
1702
1703 #### Windows (GPO)
1704 ```
1705 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1706 ```
1707 #### Windows (Intune)
1708 OMA-URI:
1709 ```
1710 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1711 ```
1712 Value (string):
1713 ```
1714 <enabled/> or <disabled/>
1715 ```
1716 #### macOS
1717 ```
1718 <dict>
1719 <key>DisableFirefoxStudies</key>
1720 <true/> | <false/>
1721 </dict>
1722 ```
1723 #### policies.json
1724 ```
1725 {
1726 "policies": {
1727 "DisableFirefoxStudies": true | false
1728 }
1729 }
1730 ```
1731 ### DisableForgetButton
1732 Disable the "Forget" button.
1733
1734 **Compatibility:** Firefox 60, Firefox ESR 60\
1735 **CCK2 Equivalent:** `disableForget`\
1736 **Preferences Affected:** N/A
1737
1738 #### Windows (GPO)
1739 ```
1740 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1741 ```
1742 #### Windows (Intune)
1743 OMA-URI:
1744 ```
1745 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1746 ```
1747 Value (string):
1748 ```
1749 <enabled/> or <disabled/>
1750 ```
1751 #### macOS
1752 ```
1753 <dict>
1754 <key>DisableForgetButton</key>
1755 <true/> | <false/>
1756 </dict>
1757 ```
1758 #### policies.json
1759 ```
1760 {
1761 "policies": {
1762 "DisableForgetButton": true | false
1763 }
1764 }
1765 ```
1766 ### DisableFormHistory
1767 Turn off saving information on web forms and the search bar.
1768
1769 **Compatibility:** Firefox 60, Firefox ESR 60\
1770 **CCK2 Equivalent:** `disableFormFill`\
1771 **Preferences Affected:** `browser.formfill.enable`
1772
1773 #### Windows (GPO)
1774 ```
1775 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1776 ```
1777 #### Windows (Intune)
1778 OMA-URI:
1779 ```
1780 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1781 ```
1782 Value (string):
1783 ```
1784 <enabled/> or <disabled/>
1785 ```
1786 #### macOS
1787 ```
1788 <dict>
1789 <key>DisableFormHistory</key>
1790 <true/> | <false/>
1791 </dict>
1792 ```
1793 #### policies.json
1794 ```
1795 {
1796 "policies": {
1797 "DisableFormHistory": true | false
1798 }
1799 }
1800 ```
1801 ### DisableMasterPasswordCreation
1802 Remove the master password functionality.
1803
1804 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1805
1806 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1807
1808 **Compatibility:** Firefox 60, Firefox ESR 60\
1809 **CCK2 Equivalent:** `noMasterPassword`\
1810 **Preferences Affected:** N/A
1811
1812 #### Windows (GPO)
1813 ```
1814 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1815 ```
1816 #### Windows (Intune)
1817 OMA-URI:
1818 ```
1819 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1820 ```
1821 Value (string):
1822 ```
1823 <enabled/> or <disabled/>
1824 ```
1825 #### macOS
1826 ```
1827 <dict>
1828 <key>DisableMasterPasswordCreation</key>
1829 <true/> | <false/>
1830 </dict>
1831 ```
1832 #### policies.json
1833 ```
1834 {
1835 "policies": {
1836 "DisableMasterPasswordCreation": true | false
1837 }
1838 }
1839 ```
1840 ### DisablePasswordReveal
1841 Do not allow passwords to be shown in saved logins
1842
1843 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1844 **CCK2 Equivalent:** N/A
1845 **Preferences Affected:** N/A
1846
1847 #### Windows (GPO)
1848 ```
1849 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1850 ```
1851 #### Windows (Intune)
1852 OMA-URI:
1853 ```
1854 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1855 ```
1856 Value (string):
1857 ```
1858 <enabled/> or <disabled/>
1859 ```
1860 #### macOS
1861 ```
1862 <dict>
1863 <key>DisablePasswordReveal</key>
1864 <true/> | <false/>
1865 </dict>
1866 ```
1867 #### policies.json
1868 ```
1869 {
1870 "policies": {
1871 "DisablePasswordReveal": true | false
1872 }
1873 }
1874 ```
1875 ### DisablePocket
1876 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1877
1878 **Compatibility:** Firefox 60, Firefox ESR 60\
1879 **CCK2 Equivalent:** `disablePocket`\
1880 **Preferences Affected:** `extensions.pocket.enabled`
1881
1882 #### Windows (GPO)
1883 ```
1884 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1885 ```
1886 #### Windows (Intune)
1887 OMA-URI:
1888 ```
1889 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1890 ```
1891 Value (string):
1892 ```
1893 <enabled/> or <disabled/>
1894 ```
1895 #### macOS
1896 ```
1897 <dict>
1898 <key>DisablePocket</key>
1899 <true/> | <false/>
1900 </dict>
1901 ```
1902 #### policies.json
1903 ```
1904 {
1905 "policies": {
1906 "DisablePocket": true | false
1907 }
1908 }
1909 ```
1910 ### DisablePrivateBrowsing
1911 Remove access to private browsing.
1912
1913 **Compatibility:** Firefox 60, Firefox ESR 60\
1914 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1915 **Preferences Affected:** N/A
1916
1917 #### Windows (GPO)
1918 ```
1919 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1920 ```
1921 #### Windows (Intune)
1922 OMA-URI:
1923 ```
1924 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1925 ```
1926 Value (string):
1927 ```
1928 <enabled/> or <disabled/>
1929 ```
1930 #### macOS
1931 ```
1932 <dict>
1933 <key>DisablePrivateBrowsing</key>
1934 <true/> | <false/>
1935 </dict>
1936 ```
1937 #### policies.json
1938 ```
1939 {
1940 "policies": {
1941 "DisablePrivateBrowsing": true | false
1942 }
1943 }
1944 ```
1945 ### DisableProfileImport
1946 Disables the "Import data from another browser" option in the bookmarks window.
1947
1948 **Compatibility:** Firefox 60, Firefox ESR 60\
1949 **CCK2 Equivalent:** N/A\
1950 **Preferences Affected:** N/A
1951
1952 #### Windows (GPO)
1953 ```
1954 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1955 ```
1956 #### Windows (Intune)
1957 OMA-URI:
1958 ```
1959 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1960 ```
1961 Value (string):
1962 ```
1963 <enabled/> or <disabled/>
1964 ```
1965 #### macOS
1966 ```
1967 <dict>
1968 <key>DisableProfileImport</key>
1969 <true/> | <false/>
1970 </dict>
1971 ```
1972 #### policies.json
1973 ```
1974 {
1975 "policies": {
1976 "DisableProfileImport": true | false
1977 }
1978 }
1979 ```
1980 ### DisableProfileRefresh
1981 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1982
1983 **Compatibility:** Firefox 60, Firefox ESR 60\
1984 **CCK2 Equivalent:** `disableResetFirefox`\
1985 **Preferences Affected:** `browser.disableResetPrompt`
1986
1987 #### Windows (GPO)
1988 ```
1989 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1990 ```
1991 #### Windows (Intune)
1992 OMA-URI:
1993 ```
1994 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1995 ```
1996 Value (string):
1997 ```
1998 <enabled/> or <disabled/>
1999 ```
2000 #### macOS
2001 ```
2002 <dict>
2003 <key>DisableProfileRefresh</key>
2004 <true/> | <false/>
2005 </dict>
2006 ```
2007 #### policies.json
2008 ```
2009 {
2010 "policies": {
2011 "DisableProfileRefresh": true | false
2012 }
2013 }
2014 ```
2015 ### DisableSafeMode
2016 Disable safe mode within the browser.
2017
2018 On Windows, this disables safe mode via the command line as well.
2019
2020 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
2021 **CCK2 Equivalent:** `disableSafeMode`\
2022 **Preferences Affected:** N/A
2023
2024 #### Windows (GPO)
2025 ```
2026 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
2027 ```
2028 #### Windows (Intune)
2029 OMA-URI:
2030 ```
2031 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
2032 ```
2033 Value (string):
2034 ```
2035 <enabled/> or <disabled/>
2036 ```
2037 #### macOS
2038 ```
2039 <dict>
2040 <key>DisableSafeMode</key>
2041 <true/> | <false/>
2042 </dict>
2043 ```
2044 #### policies.json
2045 ```
2046 {
2047 "policies": {
2048 "DisableSafeMode": true | false
2049 }
2050 }
2051 ```
2052 ### DisableSecurityBypass
2053 Prevent the user from bypassing security in certain cases.
2054
2055 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
2056
2057 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
2058
2059 These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
2060
2061 **Compatibility:** Firefox 60, Firefox ESR 60\
2062 **CCK2 Equivalent:** N/A\
2063 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
2064
2065 #### Windows (GPO)
2066 ```
2067 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2068 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2069 ```
2070 #### Windows (Intune)
2071 OMA-URI:
2072 ```
2073 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2074 ```
2075 Value (string):
2076 ```
2077 <enabled/> or <disabled/>
2078 ```
2079 OMA-URI:
2080 ```
2081 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2082 ```
2083 Value (string):
2084 ```
2085 <enabled/> or <disabled/>
2086 ```
2087
2088 #### macOS
2089 ```
2090 <dict>
2091 <key>DisableSecurityBypass</key>
2092 <dict>
2093 <key>InvalidCertificate</key>
2094 <true/> | <false/>
2095 <key>SafeBrowsing</key>
2096 <true/> | <false/>
2097 </dict>
2098 </dict>
2099 ```
2100 #### policies.json
2101 ```
2102 {
2103 "policies": {
2104 "DisableSecurityBypass": {
2105 "InvalidCertificate": true | false,
2106 "SafeBrowsing": true | false
2107 }
2108 }
2109 }
2110 ```
2111 ### DisableSetDesktopBackground
2112 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2113
2114 **Compatibility:** Firefox 60, Firefox ESR 60\
2115 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2116 **Preferences Affected:** N/A
2117
2118 #### Windows (GPO)
2119 ```
2120 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2121 ```
2122 #### Windows (Intune)
2123 OMA-URI:
2124 ```
2125 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2126 ```
2127 Value (string):
2128 ```
2129 <enabled/> or <disabled/>
2130 ```
2131 #### macOS
2132 ```
2133 <dict>
2134 <key>DisableSetDesktopBackground</key>
2135 <true/> | <false/>
2136 </dict>
2137 ```
2138 #### policies.json
2139 ```
2140 {
2141 "policies": {
2142 "DisableSetDesktopBackground": true | false
2143 }
2144 }
2145 ```
2146 ### DisableSystemAddonUpdate
2147 Prevent system add-ons from being installed or updated.
2148
2149 **Compatibility:** Firefox 60, Firefox ESR 60\
2150 **CCK2 Equivalent:** N/A\
2151 **Preferences Affected:** N/A
2152
2153 #### Windows (GPO)
2154 ```
2155 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2156 ```
2157 #### Windows (Intune)
2158 OMA-URI:
2159 ```
2160 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2161 ```
2162 Value (string):
2163 ```
2164 <enabled/> or <disabled/>
2165 ```
2166 #### macOS
2167 ```
2168 <dict>
2169 <key>DisableSystemAddonUpdate</key>
2170 <true/> | <false/>
2171 </dict>
2172 ```
2173 #### policies.json
2174 ```
2175 {
2176 "policies": {
2177 "DisableSystemAddonUpdate": true | false
2178 }
2179 }
2180 ```
2181 ### DisableTelemetry
2182 Prevent the upload of telemetry data.
2183
2184 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2185
2186 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2187
2188 **Compatibility:** Firefox 60, Firefox ESR 60\
2189 **CCK2 Equivalent:** `disableTelemetry`\
2190 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2191
2192 #### Windows (GPO)
2193 ```
2194 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2195 ```
2196 #### Windows (Intune)
2197 OMA-URI:
2198 ```
2199 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2200 ```
2201 Value (string):
2202 ```
2203 <enabled/> or <disabled/>
2204 ```
2205 #### macOS
2206 ```
2207 <dict>
2208 <key>DisableTelemetry</key>
2209 <true/> | <false/>
2210 </dict>
2211 ```
2212 #### policies.json
2213 ```
2214 {
2215 "policies": {
2216 "DisableTelemetry": true | false
2217 }
2218 }
2219 ```
2220 ### DisableThirdPartyModuleBlocking
2221 Do not allow blocking third-party modules from the `about:third-party` page.
2222
2223 This policy only works on Windows through GPO (not policies.json).
2224
2225 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2226 **CCK2 Equivalent:** N/A\
2227 **Preferences Affected:** N/A
2228
2229 #### Windows (GPO)
2230 ```
2231 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2232 ```
2233 #### Windows (Intune)
2234 OMA-URI:
2235 ```
2236 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2237 ```
2238 Value (string):
2239 ```
2240 <enabled/> or <disabled/>
2241 ```
2242 ### DisplayBookmarksToolbar
2243 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2244
2245 `always` means the bookmarks toolbar is always shown.
2246
2247 `never` means the bookmarks toolbar is not shown.
2248
2249 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2250
2251 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2252 **CCK2 Equivalent:** N/A\
2253 **Preferences Affected:** N/A
2254
2255 #### Windows (GPO)
2256 ```
2257 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2258 ```
2259 #### Windows (Intune)
2260 OMA-URI:
2261 ```
2262 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2263 ```
2264 Value (string):
2265 ```
2266 <enabled/>
2267 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2268 ```
2269 #### macOS
2270 ```
2271 <dict>
2272 <key>DisplayBookmarksToolbar</key>
2273 <string>always | never | newtab</string>
2274 </dict>
2275 ```
2276 #### policies.json
2277 ```
2278 {
2279 "policies": {
2280 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2281 }
2282 }
2283 ```
2284 ### DisplayMenuBar
2285 Set the state of the menubar.
2286
2287 `always` means the menubar is shown and cannot be hidden.
2288
2289 `never` means the menubar is hidden and cannot be shown.
2290
2291 `default-on` means the menubar is on by default but can be hidden.
2292
2293 `default-off` means the menubar is off by default but can be shown.
2294
2295 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2296 **CCK2 Equivalent:** `displayMenuBar`\
2297 **Preferences Affected:** N/A
2298
2299 #### Windows (GPO)
2300 ```
2301 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2302 ```
2303 #### Windows (Intune)
2304 OMA-URI:
2305 ```
2306 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2307 ```
2308 Value (string):
2309 ```
2310 <enabled/>
2311 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2312 ```
2313 #### macOS
2314 ```
2315 <dict>
2316 <key>DisplayMenuBar</key>
2317 <string>always | never | default-on | default-off</string>
2318 </dict>
2319 ```
2320 #### policies.json
2321 ```
2322 {
2323 "policies": {
2324 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2325 }
2326 }
2327 ```
2328 ### DNSOverHTTPS
2329 Configure DNS over HTTPS.
2330
2331 `Enabled` determines whether DNS over HTTPS is enabled
2332
2333 `ProviderURL` is a URL to another provider.
2334
2335 `Locked` prevents the user from changing DNS over HTTPS preferences.
2336
2337 `ExcludedDomains` excludes domains from DNS over HTTPS.
2338
2339 `Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider.
2340
2341 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\
2342 **CCK2 Equivalent:** N/A\
2343 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2344
2345 #### Windows (GPO)
2346 ```
2347 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2348 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2349 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2350 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2351 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0
2352 ```
2353 #### Windows (Intune)
2354 OMA-URI:
2355 ```
2356 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2357 ```
2358 Value (string):
2359 ```
2360 <enabled/> or <disabled/>
2361 ```
2362 OMA-URI:
2363 ```
2364 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2365 ```
2366 Value (string):
2367 ```
2368 <enabled/>
2369 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2370 ```
2371 OMA-URI:
2372 ```
2373 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2374 ```
2375 Value (string):
2376 ```
2377 <enabled/> or <disabled/>
2378 ```
2379 OMA-URI:
2380 ```
2381 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2382 ```
2383 Value (string):
2384 ```
2385 <enabled/>
2386 <data id="List" value="1&#xF000;example.com"/>
2387 ```
2388 OMA-URI:
2389 ```
2390 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback
2391 ```
2392 Value (string):
2393 ```
2394 <enabled/> or <disabled/>
2395 ```
2396 #### macOS
2397 ```
2398 <dict>
2399 <key>DNSOverHTTPS</key>
2400 <dict>
2401 <key>Enabled</key>
2402 <true/> | <false/>
2403 <key>ProviderURL</key>
2404 <string>URL_TO_ALTERNATE_PROVIDER</string>
2405 <key>Locked</key>
2406 <true/> | <false/>
2407 <key>ExcludedDomains</key>
2408 <array>
2409 <string>example.com</string>
2410 </array>
2411 <key>Fallback</key>
2412 <true/> | <false/>
2413 </dict>
2414 </dict>
2415 ```
2416 #### policies.json
2417 ```
2418 {
2419 "policies": {
2420 "DNSOverHTTPS": {
2421 "Enabled": true | false,
2422 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2423 "Locked": true | false,
2424 "ExcludedDomains": ["example.com"],
2425 "Fallback": true | false,
2426 }
2427 }
2428 }
2429 ```
2430 ### DontCheckDefaultBrowser
2431 Don't check if Firefox is the default browser at startup.
2432
2433 **Compatibility:** Firefox 60, Firefox ESR 60\
2434 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2435 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2436
2437 #### Windows (GPO)
2438 ```
2439 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2440 ```
2441 #### Windows (Intune)
2442 OMA-URI:
2443 ```
2444 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2445 ```
2446 Value (string):
2447 ```
2448 <enabled/> or <disabled/>
2449 ```
2450 #### macOS
2451 ```
2452 <dict>
2453 <key>DontCheckDefaultBrowser</key>
2454 <true/> | <false/>
2455 </dict>
2456 ```
2457 #### policies.json
2458 ```
2459 {
2460 "policies": {
2461 "DontCheckDefaultBrowser": true | false
2462 }
2463 }
2464 ```
2465 ### DownloadDirectory
2466 Set and lock the download directory.
2467
2468 You can use ${home} for the native home directory.
2469
2470 **Compatibility:** Firefox 68, Firefox ESR 68\
2471 **CCK2 Equivalent:** N/A\
2472 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2473
2474 #### Windows (GPO)
2475 ```
2476 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2477 ```
2478 #### Windows (Intune)
2479 OMA-URI:
2480 ```
2481 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2482 ```
2483 Value (string):
2484 ```
2485 <enabled/>
2486 <data id="Preferences_String" value="${home}\Downloads"/>
2487 ```
2488 #### macOS
2489 ```
2490 <dict>
2491 <key>DownloadDirectory</key>
2492 <string>${home}/Downloads</string>
2493 </dict>
2494 ```
2495 #### policies.json (macOS and Linux)
2496 ```
2497 {
2498 "policies": {
2499 "DownloadDirectory": "${home}/Downloads"
2500 }
2501 ```
2502 #### policies.json (Windows)
2503 ```
2504 {
2505 "policies": {
2506 "DownloadDirectory": "${home}\\Downloads"
2507 }
2508 ```
2509 ### EnableTrackingProtection
2510 Configure tracking protection.
2511
2512 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2513
2514 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2515
2516 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2517
2518 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2519
2520 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2521
2522 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2523
2524 `Exceptions` are origins for which tracking protection is not enabled.
2525
2526 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2527 **CCK2 Equivalent:** N/A\
2528 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2529
2530 #### Windows (GPO)
2531 ```
2532 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2533 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2534 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2535 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2536 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2537 ```
2538 #### Windows (Intune)
2539 OMA-URI:
2540 ```
2541 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2542 ```
2543 Value (string):
2544 ```
2545 <enabled/> or <disabled/>
2546 ```
2547 OMA-URI:
2548 ```
2549 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2550 ```
2551 Value (string):
2552 ```
2553 <enabled/> or <disabled/>
2554 ```
2555 OMA-URI:
2556 ```
2557 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2558 ```
2559 Value (string):
2560 ```
2561 <enabled/> or <disabled/>
2562 ```
2563 OMA-URI:
2564 ```
2565 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2566 ```
2567 Value (string):
2568 ```
2569 <enabled/>
2570 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2571 ```
2572 OMA-URI:
2573 ```
2574 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2575 ```
2576 Value (string):
2577 ```
2578 <enabled/> or <disabled/>
2579 ```
2580 #### macOS
2581 ```
2582 <dict>
2583 <key>EnableTrackingProtection</key>
2584 <dict>
2585 <key>Value</key>
2586 <true/> | <false/>
2587 <key>Locked</key>
2588 <true/> | <false/>
2589 <key>Cryptomining</key>
2590 <true/> | <false/>
2591 <key>Fingerprinting</key>
2592 <true/> | <false/>
2593 <key>Exceptions</key>
2594 <array>
2595 <string>https://example.com</string>
2596 </array>
2597 </dict>
2598 </dict>
2599 ```
2600 #### policies.json
2601 ```
2602 {
2603 "policies": {
2604 "EnableTrackingProtection": {
2605 "Value": true | false,
2606 "Locked": true | false,
2607 "Cryptomining": true | false,
2608 "Fingerprinting": true | false,
2609 "Exceptions": ["https://example.com"]
2610 }
2611 }
2612 }
2613 ```
2614 ### EncryptedMediaExtensions
2615 Enable or disable Encrypted Media Extensions and optionally lock it.
2616
2617 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2618
2619 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2620
2621 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2622 **CCK2 Equivalent:** N/A\
2623 **Preferences Affected:** `media.eme.enabled`
2624
2625 #### Windows (GPO)
2626 ```
2627 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2628 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2629 ```
2630 #### Windows (Intune)
2631 OMA-URI:
2632 ```
2633 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2634 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2635 ```
2636 Value (string):
2637 ```
2638 <enabled/>or <disabled/>
2639 ```
2640 #### macOS
2641 ```
2642 <dict>
2643 <key>EncryptedMediaExtensions</key>
2644 <dict>
2645 <key>Enabled</key>
2646 <true/> | <false/>
2647 <key>Locked</key>
2648 <true/> | <false/>
2649 </dict>
2650 </dict>
2651 ```
2652 #### policies.json
2653 ```
2654 {
2655 "policies": {
2656 "EncryptedMediaExtensions": {
2657 "Enabled": true | false,
2658 "Locked": true | false
2659 }
2660 }
2661 }
2662 ```
2663 ### EnterprisePoliciesEnabled
2664 Enable policy support on macOS.
2665
2666 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2667 **CCK2 Equivalent:** N/A\
2668 **Preferences Affected:** N/A
2669
2670 #### macOS
2671 ```
2672 <dict>
2673 <key>EnterprisePoliciesEnabled</key>
2674 <true/>
2675 </dict>
2676 ```
2677 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2678
2679 Disable warnings based on file extension for specific file types on domains.
2680
2681 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2682
2683 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2684
2685 **Compatibility:** Firefox 102\
2686 **CCK2 Equivalent:** N/A\
2687 **Preferences Affected:** N/A
2688
2689 #### Windows (GPO)
2690 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2691 ```
2692 [
2693 {
2694 "file_extension": "jnlp",
2695 "domains": ["example.com"]
2696 }
2697 ]
2698 ```
2699 #### Windows (Intune)
2700 OMA-URI:
2701 ```
2702 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2703 ```
2704 Value (string):
2705 ```
2706 <enabled/>
2707 <data id="JSON" value='
2708 [
2709 {
2710 "file_extension": "jnlp",
2711 "domains": ["example.com"]
2712 }
2713 ]
2714 '/>
2715 ```
2716 #### macOS
2717 ```
2718 <dict>
2719 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2720 <array>
2721 <dict>
2722 <key>file_extension</key>
2723 <string>jnlp</string>
2724 <key>domains</key>
2725 <array>
2726 <string>example.com</string>
2727 </array>
2728 </dict>
2729 </array>
2730 </dict>
2731 ```
2732 #### policies.json
2733 ```
2734 {
2735 "policies": {
2736 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2737 "file_extension": "jnlp",
2738 "domains": ["example.com"]
2739 }]
2740 }
2741 }
2742 ```
2743 ### Extensions
2744 Control the installation, uninstallation and locking of extensions.
2745
2746 We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2747
2748 This method will be deprecated in the near future.
2749
2750 `Install` is a list of URLs or native paths for extensions to be installed.
2751
2752 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2753
2754 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2755
2756 **Compatibility:** Firefox 60, Firefox ESR 60\
2757 **CCK2 Equivalent:** `addons`\
2758 **Preferences Affected:** N/A
2759
2760 #### Windows (GPO)
2761 ```
2762 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2763 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2764 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2765 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2766 ```
2767 #### Windows (Intune)
2768 OMA-URI:
2769 ```
2770 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2771 ```
2772 Value (string):
2773 ```
2774 <enabled/>
2775 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2776 ```
2777 OMA-URI:
2778 ```
2779 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2780 ```
2781 Value (string):
2782 ```
2783 <enabled/>
2784 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2785 ```
2786 OMA-URI:
2787 ```
2788 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2789 ```
2790 Value (string):
2791 ```
2792 <enabled/>
2793 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2794 ```
2795 #### macOS
2796 ```
2797 <dict>
2798 <key>Extensions</key>
2799 <dict>
2800 <key>Install</key>
2801 <array>
2802 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2803 <string>//path/to/xpi</string>
2804 </array>
2805 <key>Uninstall</key>
2806 <array>
2807 <string>bad_addon_id@mozilla.org</string>
2808 </array>
2809 <key>Locked</key>
2810 <array>
2811 <string>addon_id@mozilla.org</string>
2812 </array>
2813 </dict>
2814 </dict>
2815 ```
2816 #### policies.json
2817 ```
2818 {
2819 "policies": {
2820 "Extensions": {
2821 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2822 "Uninstall": ["bad_addon_id@mozilla.org"],
2823 "Locked": ["addon_id@mozilla.org"]
2824 }
2825 }
2826 }
2827 ```
2828 ### ExtensionSettings
2829 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2830
2831 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2832
2833 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2834
2835 The configuration for each extension is another dictionary that can contain the fields documented below.
2836
2837 | Name | Description |
2838 | --- | --- |
2839 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2840 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2841 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2842 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2843 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2844 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2845 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2846 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2847 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2848 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2849 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2850 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2851
2852 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2853 **CCK2 Equivalent:** N/A\
2854 **Preferences Affected:** N/A
2855
2856 #### Windows (GPO)
2857 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2858 ```
2859 {
2860 "*": {
2861 "blocked_install_message": "Custom error message.",
2862 "install_sources": ["https://yourwebsite.com/*"],
2863 "installation_mode": "blocked",
2864 "allowed_types": ["extension"]
2865 },
2866 "uBlock0@raymondhill.net": {
2867 "installation_mode": "force_installed",
2868 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2869 },
2870 "https-everywhere@eff.org": {
2871 "installation_mode": "allowed",
2872 "updates_disabled": false
2873 }
2874 }
2875 ```
2876 #### Windows (Intune)
2877 OMA-URI:
2878 ```
2879 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2880 ```
2881 Value (string):
2882 ```
2883 <enabled/>
2884 <data id="ExtensionSettings" value='
2885 {
2886 "*": {
2887 "blocked_install_message": "Custom error message.",
2888 "install_sources": ["https://yourwebsite.com/*"],
2889 "installation_mode": "blocked",
2890 "allowed_types": ["extension"]
2891 },
2892 "uBlock0@raymondhill.net": {
2893 "installation_mode": "force_installed",
2894 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2895 },
2896 "https-everywhere@eff.org": {
2897 "installation_mode": "allowed",
2898 "updates_disabled": false
2899 }
2900 }'/>
2901 ```
2902 #### macOS
2903 ```
2904 <dict>
2905 <key>ExtensionSettings</key>
2906 <dict>
2907 <key>*</key>
2908 <dict>
2909 <key>blocked_install_message</key>
2910 <string>Custom error message.</string>
2911 <key>install_sources</key>
2912 <array>
2913 <string>"https://yourwebsite.com/*"</string>
2914 </array>
2915 <key>installation_mode</key>
2916 <string>blocked</string>
2917 <key>allowed_types</key>
2918 <array>
2919 <string>extension</string>
2920 </array>
2921 </dict>
2922 <key>uBlock0@raymondhill.net</key>
2923 <dict>
2924 <key>installation_mode</key>
2925 <string>force_installed</string>
2926 <key>install_url</key>
2927 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2928 </dict>
2929 <key>https-everywhere@eff.org</key>
2930 <dict>
2931 <key>installation_mode</key>
2932 <string>allowed</string>
2933 <key>updates_disabled</key>
2934 <true/> | <false/>
2935 </dict>
2936 </dict>
2937 </dict>
2938 ```
2939 #### policies.json
2940 ```
2941 {
2942 "policies": {
2943 "ExtensionSettings": {
2944 "*": {
2945 "blocked_install_message": "Custom error message.",
2946 "install_sources": ["https://yourwebsite.com/*"],
2947 "installation_mode": "blocked",
2948 "allowed_types": ["extension"]
2949 },
2950 "uBlock0@raymondhill.net": {
2951 "installation_mode": "force_installed",
2952 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2953 },
2954 "https-everywhere@eff.org": {
2955 "installation_mode": "allowed",
2956 "updates_disabled": false
2957 }
2958 }
2959 }
2960 }
2961 ```
2962 ### ExtensionUpdate
2963 Control extension updates.
2964
2965 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2966 **CCK2 Equivalent:** N/A\
2967 **Preferences Affected:** `extensions.update.enabled`
2968
2969 #### Windows (GPO)
2970 ```
2971 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2972 ```
2973 #### Windows (Intune)
2974 OMA-URI:
2975 ```
2976 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2977 ```
2978 Value (string):
2979 ```
2980 <enabled/> or <disabled/>
2981 ```
2982 #### macOS
2983 ```
2984 <dict>
2985 <key>ExtensionUpdate</key>
2986 <true/> | <false/>
2987 </dict>
2988 ```
2989 #### policies.json
2990 ```
2991 {
2992 "policies": {
2993 "ExtensionUpdate": true | false
2994 }
2995 }
2996 ```
2997 ### FirefoxHome
2998 Customize the Firefox Home page.
2999
3000 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
3001 **CCK2 Equivalent:** N/A\
3002 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
3003
3004 #### Windows (GPO)
3005 ```
3006 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
3007 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
3008 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
3009 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
3010 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
3011 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
3012 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
3013 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
3014 ```
3015 #### Windows (Intune)
3016 OMA-URI:
3017 ```
3018 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
3019 ```
3020 Value (string):
3021 ```
3022 <enabled/>
3023 <data id="FirefoxHome_Search" value="true | false"/>
3024 <data id="FirefoxHome_TopSites" value="true | false"/>
3025 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3026 <data id="FirefoxHome_Highlights" value="true | false"/>
3027 <data id="FirefoxHome_Pocket" value="true | false"/>
3028 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3029 <data id="FirefoxHome_Snippets" value="true | false"/>
3030 <data id="FirefoxHome_Locked" value="true | false"/>
3031 ```
3032 #### macOS
3033 ```
3034 <dict>
3035 <key>FirefoxHome</key>
3036 <dict>
3037 <key>Search</key>
3038 <true/> | <false/>
3039 <key>TopSites</key>
3040 <true/> | <false/>
3041 <key>SponsoredTopSites</key>
3042 <true/> | <false/>
3043 <key>Highlights</key>
3044 <true/> | <false/>
3045 <key>Pocket</key>
3046 <true/> | <false/>
3047 <key>SponsoredPocket</key>
3048 <true/> | <false/>
3049 <key>Snippets</key>
3050 <true/> | <false/>
3051 <key>Locked</key>
3052 <true/> | <false/>
3053 </dict>
3054 </dict>
3055 ```
3056 #### policies.json
3057 ```
3058 {
3059 "policies": {
3060 "FirefoxHome": {
3061 "Search": true | false,
3062 "TopSites": true | false,
3063 "SponsoredTopSites": true | false,
3064 "Highlights": true | false,
3065 "Pocket": true | false,
3066 "SponsoredPocket": true | false,
3067 "Snippets": true | false,
3068 "Locked": true | false
3069 }
3070 }
3071 }
3072 ```
3073 ### FirefoxSuggest
3074 Customize Firefox Suggest (US only).
3075
3076 **Compatibility:** Firefox 118, Firefox ESR 115.3.
3077 **CCK2 Equivalent:** N/A\
3078 **Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
3079
3080 #### Windows (GPO)
3081 ```
3082 Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
3083 Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
3084 Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
3085 Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
3086 ```
3087 #### Windows (Intune)
3088 OMA-URI:
3089 ```
3090 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
3091 ```
3092 Value (string):
3093 ```
3094 <enabled/> or <disabled/>
3095 ```
3096 OMA-URI:
3097 ```
3098 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
3099 ```
3100 Value (string):
3101 ```
3102 <enabled/> or <disabled/>
3103 ```
3104 OMA-URI:
3105 ```
3106 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
3107 ```
3108 Value (string):
3109 ```
3110 <enabled/> or <disabled/>
3111 ```
3112 OMA-URI:
3113 ```
3114 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
3115 ```
3116 Value (string):
3117 ```
3118 <enabled/> or <disabled/>
3119 ```
3120 #### macOS
3121 ```
3122 <dict>
3123 <key>FirefoxSuggest</key>
3124 <dict>
3125 <key>WebSuggestions</key>
3126 <true/> | <false/>
3127 <key>SponsoredSuggestions</key>
3128 <true/> | <false/>
3129 <key>ImproveSuggest</key>
3130 <true/> | <false/>
3131 <key>Locked</key>
3132 <true/> | <false/>
3133 </dict>
3134 </dict>
3135 ```
3136 #### policies.json
3137 ```
3138 {
3139 "policies": {
3140 "FirefoxSuggest": {
3141 "WebSuggestions": true | false,
3142 "SponsoredSuggestions": true | false,
3143 "ImproveSuggest": true | false,
3144 "Locked": true | false
3145 }
3146 }
3147 }
3148 ```
3149 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3150 Whether to always go through the DNS server before sending a single word search string to a search engine.
3151
3152 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3153
3154 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3155
3156 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3157
3158 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3159
3160 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3161
3162 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3163 **CCK2 Equivalent:** `N/A`\
3164 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3165
3166 #### Windows (GPO)
3167 ```
3168 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3169 ```
3170 #### Windows (Intune)
3171 OMA-URI:
3172 ```
3173 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3174 ```
3175 Value (string):
3176 ```
3177 <enabled/> or <disabled/>
3178 ```
3179 #### macOS
3180 ```
3181 <dict>
3182 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3183 <true/> | <false/>
3184 </dict>
3185 ```
3186 #### policies.json
3187 ```
3188 {
3189 "policies": {
3190 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3191 }
3192 }
3193 ```
3194 ### Handlers
3195 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3196
3197 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3198
3199 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3200
3201 | Name | Description |
3202 | --- | --- |
3203 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3204 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3205 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3206 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3207 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3208 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3209
3210 **Compatibility:** Firefox 78, Firefox ESR 78\
3211 **CCK2 Equivalent:** N/A\
3212 **Preferences Affected:** N/A
3213
3214 #### Windows (GPO)
3215 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3216 ```
3217 {
3218 "mimeTypes": {
3219 "application/msword": {
3220 "action": "useSystemDefault",
3221 "ask": true | false
3222 }
3223 },
3224 "schemes": {
3225 "mailto": {
3226 "action": "useHelperApp",
3227 "ask": true | false,
3228 "handlers": [{
3229 "name": "Gmail",
3230 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3231 }]
3232 }
3233 },
3234 "extensions": {
3235 "pdf": {
3236 "action": "useHelperApp",
3237 "ask": true | false,
3238 "handlers": [{
3239 "name": "Adobe Acrobat",
3240 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3241 }]
3242 }
3243 }
3244 }
3245 ```
3246 #### Windows (Intune)
3247 OMA-URI:
3248 ```
3249 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3250 ```
3251 Value (string):
3252 ```
3253 <enabled/>
3254 <data id="Handlers" value='
3255 {
3256 "mimeTypes": {
3257 "application/msword": {
3258 "action": "useSystemDefault",
3259 "ask": true | false
3260 }
3261 },
3262 "schemes": {
3263 "mailto": {
3264 "action": "useHelperApp",
3265 "ask": true | false,
3266 "handlers": [{
3267 "name": "Gmail",
3268 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3269 }]
3270 }
3271 },
3272 "extensions": {
3273 "pdf": {
3274 "action": "useHelperApp",
3275 "ask": true | false,
3276 "handlers": [{
3277 "name": "Adobe Acrobat",
3278 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3279 }]
3280 }
3281 }
3282 }
3283 '/>
3284 ```
3285 #### macOS
3286 ```
3287 <dict>
3288 <key>Handlers</key>
3289 <dict>
3290 <key>mimeTypes</key>
3291 <dict>
3292 <key>application/msword</key>
3293 <dict>
3294 <key>action</key>
3295 <string>useSystemDefault</string>
3296 <key>ask</key>
3297 <true/> | <false/>
3298 </dict>
3299 </dict>
3300 <key>schemes</key>
3301 <dict>
3302 <key>mailto</key>
3303 <dict>
3304 <key>action</key>
3305 <string>useHelperApp</string>
3306 <key>ask</key>
3307 <true/> | <false/>
3308 <key>handlers</key>
3309 <array>
3310 <dict>
3311 <key>name</key>
3312 <string>Gmail</string>
3313 <key>uriTemplate</key>
3314 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3315 </dict>
3316 </array>
3317 </dict>
3318 </dict>
3319 <key>extensions</key>
3320 <dict>
3321 <key>pdf</key>
3322 <dict>
3323 <key>action</key>
3324 <string>useHelperApp</string>
3325 <key>ask</key>
3326 <true/> | <false/>
3327 <key>handlers</key>
3328 <array>
3329 <dict>
3330 <key>name</key>
3331 <string>Adobe Acrobat</string>
3332 <key>path</key>
3333 <string>/System/Applications/Preview.app</string>
3334 </dict>
3335 </array>
3336 </dict>
3337 </dict>
3338 </dict>
3339 </dict>
3340 ```
3341 #### policies.json
3342 ```
3343 {
3344 "policies": {
3345 "Handlers": {
3346 "mimeTypes": {
3347 "application/msword": {
3348 "action": "useSystemDefault",
3349 "ask": false
3350 }
3351 },
3352 "schemes": {
3353 "mailto": {
3354 "action": "useHelperApp",
3355 "ask": true | false,
3356 "handlers": [{
3357 "name": "Gmail",
3358 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3359 }]
3360 }
3361 },
3362 "extensions": {
3363 "pdf": {
3364 "action": "useHelperApp",
3365 "ask": true | false,
3366 "handlers": [{
3367 "name": "Adobe Acrobat",
3368 "path": "/usr/bin/acroread"
3369 }]
3370 }
3371 }
3372 }
3373 }
3374 }
3375 ```
3376 ### HardwareAcceleration
3377 Control hardware acceleration.
3378
3379 **Compatibility:** Firefox 60, Firefox ESR 60\
3380 **CCK2 Equivalent:** N/A\
3381 **Preferences Affected:** `layers.acceleration.disabled`
3382
3383 #### Windows (GPO)
3384 ```
3385 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3386 ```
3387 #### Windows (Intune)
3388 OMA-URI:
3389 ```
3390 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3391 ```
3392 Value (string):
3393 ```
3394 <enabled/> or <disabled/>
3395 ```
3396 #### macOS
3397 ```
3398 <dict>
3399 <key>HardwareAcceleration</key>
3400 <true/> | <false/>
3401 </dict>
3402 ```
3403 #### policies.json
3404 ```
3405 {
3406 "policies": {
3407 "HardwareAcceleration": true | false
3408 }
3409 }
3410 ```
3411 ### Homepage
3412 Configure the default homepage and how Firefox starts.
3413
3414 `URL` is the default homepage.
3415
3416 `Locked` prevents the user from changing homepage preferences.
3417
3418 `Additional` allows for more than one homepage.
3419
3420 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3421
3422 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3423
3424 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3425 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3426 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3427
3428 #### Windows (GPO)
3429 ```
3430 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3431 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3432 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3433 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3434 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3435 ```
3436 #### Windows (Intune)
3437 OMA-URI:
3438 ```
3439 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3440 ```
3441 Value (string):
3442 ```
3443 <enabled/>
3444
3445 <data id="HomepageURL" value="https://example.com"/>
3446 <data id="HomepageLocked" value="true | false"/>
3447 ```
3448 OMA-URI:
3449 ```
3450 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3451 ```
3452 Value (string):
3453 ```
3454 <enabled/>
3455
3456 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3457 ```
3458 OMA-URI:
3459 ```
3460 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3461 ```
3462 Value (string):
3463 ```
3464 <enabled/>
3465
3466 <data id="StartPage" value="none | homepage | previous-session"/>
3467 ```
3468 #### macOS
3469 ```
3470 <dict>
3471 <key>Homepage</key>
3472 <dict>
3473 <key>URL</key>
3474 <string>http://example.com</string>
3475 <key>Locked</key>
3476 <true/> | <false/>
3477 <key>Additional</key>
3478 <array>
3479 <string>http://example.org</string>
3480 <string>http://example.edu</string>
3481 </array>
3482 <key>StartPage</key>
3483 <string>none | homepage | previous-session | homepage-locked</string>
3484 </dict>
3485 </dict>
3486 ```
3487 #### policies.json
3488 ```
3489 {
3490 "policies": {
3491 "Homepage": {
3492 "URL": "http://example.com/",
3493 "Locked": true | false,
3494 "Additional": ["http://example.org/",
3495 "http://example.edu/"],
3496 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3497 }
3498 }
3499 }
3500 ```
3501 ### InstallAddonsPermission
3502 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3503
3504 `Allow` is a list of origins where extension installs are allowed.
3505
3506 `Default` determines whether or not extension installs are allowed by default.
3507
3508 **Compatibility:** Firefox 60, Firefox ESR 60\
3509 **CCK2 Equivalent:** `permissions.install`\
3510 **Preferences Affected:** `xpinstall.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
3511
3512 #### Windows (GPO)
3513 ```
3514 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3515 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3516 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3517 ```
3518 #### Windows (Intune)
3519 OMA-URI:
3520 ```
3521 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3522 ```
3523 Value (string):
3524 ```
3525 <enabled/>
3526 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3527 ```
3528 OMA-URI:
3529 ```
3530 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3531 ```
3532 Value (string):
3533 ```
3534 <enabled/>
3535 ```
3536 #### macOS
3537 ```
3538 <dict>
3539 <key>InstallAddonsPermission</key>
3540 <dict>
3541 <key>Allow</key>
3542 <array>
3543 <string>http://example.org</string>
3544 <string>http://example.edu</string>
3545 </array>
3546 <key>Default</key>
3547 <true/> | <false/>
3548 </dict>
3549 </dict>
3550 ```
3551 #### policies.json
3552 ```
3553 {
3554 "policies": {
3555 "InstallAddonsPermission": {
3556 "Allow": ["http://example.org/",
3557 "http://example.edu/"],
3558 "Default": true | false
3559 }
3560 }
3561 }
3562 ```
3563 ### LegacyProfiles
3564 Disable the feature enforcing a separate profile for each installation.
3565
3566 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3567
3568 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3569
3570 This policy only work on Windows via GPO (not policies.json).
3571
3572 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3573 **CCK2 Equivalent:** N/A\
3574 **Preferences Affected:** N/A
3575
3576 #### Windows (GPO)
3577 ```
3578 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3579 ```
3580 #### Windows (Intune)
3581 OMA-URI:
3582 ```
3583 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3584 ```
3585 Value (string):
3586 ```
3587 <enabled/> or <disabled/>
3588 ```
3589 ### LegacySameSiteCookieBehaviorEnabled
3590 Enable default legacy SameSite cookie behavior setting.
3591
3592 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3593
3594 **Compatibility:** Firefox 96\
3595 **CCK2 Equivalent:** N/A\
3596 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3597
3598 #### Windows (GPO)
3599 ```
3600 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3601 ```
3602 #### Windows (Intune)
3603 OMA-URI:
3604 ```
3605 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3606 ```
3607 Value (string):
3608 ```
3609 <enabled/> or <disabled/>
3610 ```
3611 #### macOS
3612 ```
3613 <dict>
3614 <key>LegacySameSiteCookieBehaviorEnabled</key>
3615 <true/> | <false/>
3616 </dict>
3617 ```
3618 #### policies.json
3619 ```
3620 {
3621 "policies": {
3622 "LegacySameSiteCookieBehaviorEnabled": true | false
3623 }
3624 ```
3625 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3626 Revert to legacy SameSite behavior for cookies on specified sites.
3627
3628 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3629
3630 **Compatibility:** Firefox 96\
3631 **CCK2 Equivalent:** N/A\
3632 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3633
3634 #### Windows (GPO)
3635 ```
3636 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3637 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3638 ```
3639 #### Windows (Intune)
3640 OMA-URI:
3641 ```
3642 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3643 ```
3644 Value (string):
3645 ```
3646 <enabled/>
3647 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3648 ```
3649 #### macOS
3650 ```
3651 <dict>
3652 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3653 <array>
3654 <string>example.org</string>
3655 <string>example.edu</string>
3656 </array>
3657 </dict>
3658 ```
3659 #### policies.json
3660 ```
3661 {
3662 "policies": {
3663 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3664 "example.edu"]
3665 }
3666 }
3667 ```
3668 ### LocalFileLinks
3669 Enable linking to local files by origin.
3670
3671 **Compatibility:** Firefox 68, Firefox ESR 68\
3672 **CCK2 Equivalent:** N/A\
3673 **Preferences Affected:** `capability.policy.localfilelinks.*`
3674
3675 #### Windows (GPO)
3676 ```
3677 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3678 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3679 ```
3680 #### Windows (Intune)
3681 OMA-URI:
3682 ```
3683 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3684 ```
3685 Value (string):
3686 ```
3687 <enabled/>
3688 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3689 ```
3690 #### macOS
3691 ```
3692 <dict>
3693 <key>LocalFileLinks</key>
3694 <array>
3695 <string>http://example.org</string>
3696 <string>http://example.edu</string>
3697 </array>
3698 </dict>
3699 ```
3700 #### policies.json
3701 ```
3702 {
3703 "policies": {
3704 "LocalFileLinks": ["http://example.org/",
3705 "http://example.edu/"]
3706 }
3707 }
3708 ```
3709 ### ManagedBookmarks
3710 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3711
3712 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3713
3714 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3715 ```
3716 {
3717 "items": {
3718 "id": "BookmarkType",
3719 "properties": {
3720 "children": {
3721 "items": {
3722 "$ref": "BookmarkType"
3723 },
3724 "type": "array"
3725 },
3726 "name": {
3727 "type": "string"
3728 },
3729 "toplevel_name": {
3730 "type": "string"
3731 },
3732 "url": {
3733 "type": "string"
3734 }
3735 },
3736 "type": "object"
3737 },
3738 "type": "array"
3739 }
3740 ```
3741 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3742 **CCK2 Equivalent:** N/A\
3743 **Preferences Affected:** N/A
3744
3745 #### Windows (GPO)
3746 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3747 ```
3748 [
3749 {
3750 "toplevel_name": "My managed bookmarks folder"
3751 },
3752 {
3753 "url": "example.com",
3754 "name": "Example"
3755 },
3756 {
3757 "name": "Mozilla links",
3758 "children": [
3759 {
3760 "url": "https://mozilla.org",
3761 "name": "Mozilla.org"
3762 },
3763 {
3764 "url": "https://support.mozilla.org/",
3765 "name": "SUMO"
3766 }
3767 ]
3768 }
3769 ]
3770 ```
3771 #### Windows (Intune)
3772 OMA-URI:
3773 ```
3774 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3775 ```
3776 Value (string):
3777 ```
3778 <enabled/>
3779 <data id="JSON" value='
3780 [
3781 {
3782 "toplevel_name": "My managed bookmarks folder"
3783 },
3784 {
3785 "url": "example.com",
3786 "name": "Example"
3787 },
3788 {
3789 "name": "Mozilla links",
3790 "children": [
3791 {
3792 "url": "https://mozilla.org",
3793 "name": "Mozilla.org"
3794 },
3795 {
3796 "url": "https://support.mozilla.org/",
3797 "name": "SUMO"
3798 }
3799 ]
3800 }
3801 ]'/>
3802 ```
3803 #### macOS
3804 ```
3805 <dict>
3806 <key>ManagedBookmarks</key>
3807 <array>
3808 <dict>
3809 <key>toplevel_name</key>
3810 <string>My managed bookmarks folder</string>
3811 <dict>
3812 <key>url</key>
3813 <string>example.com</string>
3814 <key>name</key>
3815 <string>Example</string>
3816 </dict>
3817 <dict>
3818 <key>name</key>
3819 <string>Mozilla links</string>
3820 <key>children</key>
3821 <array>
3822 <dict>
3823 <key>url</key>
3824 <string>https://mozilla.org</string>
3825 <key>name</key>
3826 <string>Mozilla</string>
3827 </dict>
3828 <dict>
3829 <key>url</key>
3830 <string>https://support.mozilla.org/</string>
3831 <key>name</key>
3832 <string>SUMO</string>
3833 </dict>
3834 </array>
3835 </dict>
3836 </array>
3837 </dict>
3838 ```
3839 #### policies.json
3840 ```
3841 {
3842 "policies": {
3843 "ManagedBookmarks": [
3844 {
3845 "toplevel_name": "My managed bookmarks folder"
3846 },
3847 {
3848 "url": "example.com",
3849 "name": "Example"
3850 },
3851 {
3852 "name": "Mozilla links",
3853 "children": [
3854 {
3855 "url": "https://mozilla.org",
3856 "name": "Mozilla.org"
3857 },
3858 {
3859 "url": "https://support.mozilla.org/",
3860 "name": "SUMO"
3861 }
3862 ]
3863 }
3864 ]
3865 }
3866 }
3867 ```
3868 ### ManualAppUpdateOnly
3869
3870 Switch to manual updates only.
3871
3872 If this policy is enabled:
3873 1. The user will never be prompted to install updates
3874 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3875 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3876
3877 This policy is primarily intended for advanced end users, not for enterprises, but it is available via GPO.
3878
3879 **Compatibility:** Firefox 87\
3880 **CCK2 Equivalent:** N/A\
3881 **Preferences Affected:** N/A
3882
3883 #### Windows (GPO)
3884 ```
3885 Software\Policies\Mozilla\Firefox\ManualAppUpdateOnly = 0x1 | 0x0
3886 ```
3887 #### Windows (Intune)
3888 OMA-URI:
3889 ```
3890 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManualAppUpdateOnly
3891 ```
3892 Value (string):
3893 ```
3894 <enabled/> or <disabled/>
3895 ```
3896 #### macOS
3897 ```
3898 <dict>
3899 <key>ManualAppUpdateOnly</key>
3900 <true/> | <false/>
3901 </dict>
3902 ```
3903 #### policies.json
3904 ```
3905 {
3906 "policies": {
3907 "ManualAppUpdateOnly": true | false
3908 }
3909 }
3910 ```
3911 ### NetworkPrediction
3912 Enable or disable network prediction (DNS prefetching).
3913
3914 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3915 **CCK2 Equivalent:** N/A\
3916 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3917
3918 #### Windows (GPO)
3919 ```
3920 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3921 ```
3922 #### Windows (Intune)
3923 OMA-URI:
3924 ```
3925 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3926 ```
3927 Value (string):
3928 ```
3929 <enabled/> or <disabled/>
3930 ```
3931 #### macOS
3932 ```
3933 <dict>
3934 <key>NetworkPrediction</key>
3935 <true/> | <false/>
3936 </dict>
3937 ```
3938 #### policies.json
3939 ```
3940 {
3941 "policies": {
3942 "NetworkPrediction": true | false
3943 }
3944 ```
3945 ### NewTabPage
3946 Enable or disable the New Tab page.
3947
3948 **Compatibility:** Firefox 68, Firefox ESR 68\
3949 **CCK2 Equivalent:** N/A\
3950 **Preferences Affected:** `browser.newtabpage.enabled`
3951
3952 #### Windows (GPO)
3953 ```
3954 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3955 ```
3956 #### Windows (Intune)
3957 OMA-URI:
3958 ```
3959 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3960 ```
3961 Value (string):
3962 ```
3963 <enabled/> or <disabled/>
3964 ```
3965 #### macOS
3966 ```
3967 <dict>
3968 <key>NewTabPage</key>
3969 <true/> | <false/>
3970 </dict>
3971 ```
3972 #### policies.json
3973 ```
3974 {
3975 "policies": {
3976 "NewTabPage": true | false
3977 }
3978 ```
3979 ### NoDefaultBookmarks
3980 Disable the creation of default bookmarks.
3981
3982 This policy is only effective if the user profile has not been created yet.
3983
3984 **Compatibility:** Firefox 60, Firefox ESR 60\
3985 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3986 **Preferences Affected:** N/A
3987
3988 #### Windows (GPO)
3989 ```
3990 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3991 ```
3992 #### Windows (Intune)
3993 OMA-URI:
3994 ```
3995 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3996 ```
3997 Value (string):
3998 ```
3999 <enabled/> or <disabled/>
4000 ```
4001 #### macOS
4002 ```
4003 <dict>
4004 <key>NoDefaultBookmarks</key>
4005 <true/> | <false/>
4006 </dict>
4007 ```
4008 #### policies.json
4009 ```
4010 {
4011 "policies": {
4012 "NoDefaultBookmarks": true | false
4013 }
4014 }
4015 ```
4016 ### OfferToSaveLogins
4017 Control whether or not Firefox offers to save passwords.
4018
4019 **Compatibility:** Firefox 60, Firefox ESR 60\
4020 **CCK2 Equivalent:** `dontRememberPasswords`\
4021 **Preferences Affected:** `signon.rememberSignons`
4022
4023 #### Windows (GPO)
4024 ```
4025 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
4026 ```
4027 #### Windows (Intune)
4028 OMA-URI:
4029 ```
4030 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
4031 ```
4032 Value (string):
4033 ```
4034 <enabled/> or <disabled/>
4035 ```
4036 #### macOS
4037 ```
4038 <dict>
4039 <key>OfferToSaveLogins</key>
4040 <true/> | <false/>
4041 </dict>
4042 ```
4043 #### policies.json
4044 ```
4045 {
4046 "policies": {
4047 "OfferToSaveLogins": true | false
4048 }
4049 }
4050 ```
4051 ### OfferToSaveLoginsDefault
4052 Sets the default value of signon.rememberSignons without locking it.
4053
4054 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4055 **CCK2 Equivalent:** `dontRememberPasswords`\
4056 **Preferences Affected:** `signon.rememberSignons`
4057
4058 #### Windows (GPO)
4059 ```
4060 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4061 ```
4062 #### Windows (Intune)
4063 OMA-URI:
4064 ```
4065 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4066 ```
4067 Value (string):
4068 ```
4069 <enabled/> or <disabled/>
4070 ```
4071 #### macOS
4072 ```
4073 <dict>
4074 <key>OfferToSaveLoginsDefault</key>
4075 <true/> | <false/>
4076 </dict>
4077 ```
4078 #### policies.json
4079 ```
4080 {
4081 "policies": {
4082 "OfferToSaveLoginsDefault": true | false
4083 }
4084 }
4085 ```
4086 ### OverrideFirstRunPage
4087 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4088
4089 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4090
4091 **Compatibility:** Firefox 60, Firefox ESR 60\
4092 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4093 **Preferences Affected:** `startup.homepage_welcome_url`
4094
4095 #### Windows (GPO)
4096 ```
4097 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4098 ```
4099 #### Windows (Intune)
4100 OMA-URI:
4101 ```
4102 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4103 ```
4104 Value (string):
4105 ```
4106 <enabled/>
4107 <data id="OverridePage" value="https://example.com"/>
4108 ```
4109 #### macOS
4110 ```
4111 <dict>
4112 <key>OverrideFirstRunPage</key>
4113 <string>http://example.org</string>
4114 </dict>
4115 ```
4116 #### policies.json
4117 ```
4118 {
4119 "policies": {
4120 "OverrideFirstRunPage": "http://example.org"
4121 }
4122 }
4123 ```
4124 ### OverridePostUpdatePage
4125 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4126
4127 **Compatibility:** Firefox 60, Firefox ESR 60\
4128 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4129 **Preferences Affected:** `startup.homepage_override_url`
4130
4131 #### Windows (GPO)
4132 ```
4133 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4134 ```
4135 #### Windows (Intune)
4136 OMA-URI:
4137 ```
4138 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4139 ```
4140 Value (string):
4141 ```
4142 <enabled/>
4143 <data id="OverridePage" value="https://example.com"/>
4144 ```
4145 #### macOS
4146 ```
4147 <dict>
4148 <key>OverridePostUpdatePage</key>
4149 <string>http://example.org</string>
4150 </dict>
4151 ```
4152 #### policies.json
4153 ```
4154 {
4155 "policies": {
4156 "OverridePostUpdatePage": "http://example.org"
4157 }
4158 }
4159 ```
4160 ### PasswordManagerEnabled
4161 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4162
4163 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4164 **CCK2 Equivalent:** N/A\
4165 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4166
4167 #### Windows (GPO)
4168 ```
4169 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4170 ```
4171 #### Windows (Intune)
4172 OMA-URI:
4173 ```
4174 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4175 ```
4176 Value (string):
4177 ```
4178 <enabled/> or <disabled/>
4179 ```
4180 #### macOS
4181 ```
4182 <dict>
4183 <key>PasswordManagerEnabled</key>
4184 <true/> | <false/>
4185 </dict>
4186 ```
4187 #### policies.json
4188 ```
4189 {
4190 "policies": {
4191 "PasswordManagerEnabled": true | false
4192 }
4193 }
4194 ```
4195 ### PasswordManagerExceptions
4196 Prevent Firefox from saving passwords for specific sites.
4197
4198 The sites are specified as a list of origins.
4199
4200 **Compatibility:** Firefox 101\
4201 **CCK2 Equivalent:** N/A\
4202 **Preferences Affected:** N/A
4203
4204 #### Windows (GPO)
4205 ```
4206 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4207 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4208 ```
4209 #### Windows (Intune)
4210 OMA-URI:
4211 ```
4212 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4213 ```
4214 Value (string):
4215 ```
4216 <enabled/>
4217 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4218 ```
4219 #### macOS
4220 ```
4221 <dict>
4222 <key>PasswordManagerExceptions</key>
4223 <array>
4224 <string>https://example.org</string>
4225 <string>https://example.edu</string>
4226 </array>
4227 </dict>
4228 ```
4229 #### policies.json
4230 ```
4231 {
4232 "policies": {
4233 "PasswordManagerExceptions": ["https://example.org",
4234 "https://example.edu"]
4235 }
4236 }
4237 ```
4238
4239 ### PDFjs
4240 Disable or configure PDF.js, the built-in PDF viewer.
4241
4242 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4243
4244 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4245
4246 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4247
4248 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4249 **CCK2 Equivalent:** N/A\
4250 **Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
4251
4252 #### Windows (GPO)
4253 ```
4254 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4255 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4256 ```
4257 #### Windows (Intune)
4258 OMA-URI:
4259 ```
4260 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4261 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4262 ```
4263 Value (string):
4264 ```
4265 <enabled/>or <disabled/>
4266 ```
4267 #### macOS
4268 ```
4269 <dict>
4270 <key>PDFjs</key>
4271 <dict>
4272 <key>Enabled</key>
4273 <true/> | <false/>
4274 <key>EnablePermissions</key>
4275 <true/> | <false/>
4276 </dict>
4277 </dict>
4278 ```
4279 #### policies.json
4280 ```
4281 {
4282 "policies": {
4283 "PDFjs": {
4284 "Enabled": true | false,
4285 "EnablePermissions": true | false
4286 }
4287 }
4288 }
4289 ```
4290 ### Permissions
4291 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4292
4293 `Allow` is a list of origins where the feature is allowed.
4294
4295 `Block` is a list of origins where the feature is not allowed.
4296
4297 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4298
4299 `Locked` prevents the user from changing preferences for the feature.
4300
4301 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4302
4303 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4304 **CCK2 Equivalent:** N/A\
4305 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4306
4307 #### Windows (GPO)
4308 ```
4309 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4310 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4311 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4312 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4313 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4314 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4315 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4316 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4317 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4318 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4319 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4320 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4321 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4322 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4323 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4324 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4325 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4326 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4327 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4328 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4329 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4330 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4331 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4332 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4333 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4334 ```
4335 #### Windows (Intune)
4336 OMA-URI:
4337 ```
4338 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4339 ```
4340 Value (string):
4341 ```
4342 <enabled/> or <disabled/>
4343 ```
4344 OMA-URI:
4345 ```
4346 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4347 ```
4348 Value (string):
4349 ```
4350 <enabled/> or <disabled/>
4351 ```
4352 OMA-URI:
4353 ```
4354 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4355 ```
4356 Value (string):
4357 ```
4358 <enabled/>
4359 <data id="Permissions" value="1&#xF000;https://example.org"/>
4360 ```
4361 OMA-URI:
4362 ```
4363 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4364 ```
4365 Value (string):
4366 ```
4367 <enabled/> or <disabled/>
4368 ```
4369 OMA-URI:
4370 ```
4371 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4372 ```
4373 Value (string):
4374 ```
4375 <enabled/> or <disabled/>
4376 ```
4377 OMA-URI:
4378 ```
4379 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4380 ```
4381 Value (string):
4382 ```
4383 <enabled/>
4384 <data id="Permissions" value="1&#xF000;https://example.org"/>
4385 ```
4386 OMA-URI:
4387 ```
4388 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4389 ```
4390 Value (string):
4391 ```
4392 <enabled/>
4393 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4394 ```
4395 OMA-URI:
4396 ```
4397 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4398 ```
4399 Value (string):
4400 ```
4401 <enabled/>
4402 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4403 ```
4404 OMA-URI:
4405 ```
4406 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4407 ```
4408 Value (string):
4409 ```
4410 <enabled/> or <disabled/>
4411 ```
4412 OMA-URI:
4413 ```
4414 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4415 ```
4416 Value (string):
4417 ```
4418 <enabled/>
4419 <data id="Permissions" value="1&#xF000;https://example.org"/>
4420 ```
4421 OMA-URI:
4422 ```
4423 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4424 ```
4425 Value (string):
4426 ```
4427 <enabled/>
4428 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4429 ```
4430 OMA-URI:
4431 ```
4432 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4433 ```
4434 Value (string):
4435 ```
4436 <enabled/> or <disabled/>
4437 ```
4438 OMA-URI:
4439 ```
4440 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4441 ```
4442 Value (string):
4443 ```
4444 <enabled/> or <disabled/>
4445 ```
4446 #### macOS
4447 ```
4448 <dict>
4449 <key>Permissions</key>
4450 <dict>
4451 <key>Camera</key>
4452 <dict>
4453 <key>Allow</key>
4454 <array>
4455 <string>https://example.org</string>
4456 <string>https://example.org:1234</string>
4457 </array>
4458 <key>Block</key>
4459 <array>
4460 <string>https://example.edu</string>
4461 </array>
4462 <key>BlockNewRequests</key>
4463 <true/> | <false/>
4464 <key>Locked</key>
4465 <true/> | <false/>
4466 </dict>
4467 <key>Microphone</key>
4468 <dict>
4469 <key>Allow</key>
4470 <array>
4471 <string>https://example.org</string>
4472 </array>
4473 <key>Block</key>
4474 <array>
4475 <string>https://example.edu</string>
4476 </array>
4477 <key>BlockNewRequests</key>
4478 <true/> | <false/>
4479 <key>Locked</key>
4480 <true/> | <false/>
4481 </dict>
4482 <key>Location</key>
4483 <dict>
4484 <key>Allow</key>
4485 <array>
4486 <string>https://example.org</string>
4487 </array>
4488 <key>Block</key>
4489 <array>
4490 <string>https://example.edu</string>
4491 </array>
4492 <key>BlockNewRequests</key>
4493 <true/> | <false/>
4494 <key>Locked</key>
4495 <true/> | <false/>
4496 </dict>
4497 <key>Notifications</key>
4498 <dict>
4499 <key>Allow</key>
4500 <array>
4501 <string>https://example.org</string>
4502 </array>
4503 <key>Block</key>
4504 <array>
4505 <string>https://example.edu</string>
4506 </array>
4507 <key>BlockNewRequests</key>
4508 <true/>
4509 <key>Locked</key>
4510 <true/>
4511 </dict>
4512 <key>Autoplay</key>
4513 <dict>
4514 <key>Allow</key>
4515 <array>
4516 <string>https://example.org</string>
4517 </array>
4518 <key>Block</key>
4519 <array>
4520 <string>https://example.edu</string>
4521 </array>
4522 <key>Default</key>
4523 <string>allow-audio-video | block-audio | block-audio-video</string>
4524 <key>Locked</key>
4525 <true/> | <false/>
4526 </dict>
4527 </dict>
4528 </dict>
4529 ```
4530 #### policies.json
4531 ```
4532 {
4533 "policies": {
4534 "Permissions": {
4535 "Camera": {
4536 "Allow": ["https://example.org","https://example.org:1234"],
4537 "Block": ["https://example.edu"],
4538 "BlockNewRequests": true | false,
4539 "Locked": true | false
4540 },
4541 "Microphone": {
4542 "Allow": ["https://example.org"],
4543 "Block": ["https://example.edu"],
4544 "BlockNewRequests": true | false,
4545 "Locked": true | false
4546 },
4547 "Location": {
4548 "Allow": ["https://example.org"],
4549 "Block": ["https://example.edu"],
4550 "BlockNewRequests": true | false,
4551 "Locked": true | false
4552 },
4553 "Notifications": {
4554 "Allow": ["https://example.org"],
4555 "Block": ["https://example.edu"],
4556 "BlockNewRequests": true | false,
4557 "Locked": true | false
4558 },
4559 "Autoplay": {
4560 "Allow": ["https://example.org"],
4561 "Block": ["https://example.edu"],
4562 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4563 "Locked": true | false
4564 }
4565 }
4566 }
4567 }
4568 ```
4569 ### PictureInPicture
4570
4571 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4572
4573 **Compatibility:** Firefox 78, Firefox ESR 78\
4574 **CCK2 Equivalent:** N/A\
4575 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4576
4577 #### Windows (GPO)
4578 ```
4579 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4580 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4581
4582 ```
4583 #### Windows (Intune)
4584 OMA-URI:
4585 ```
4586 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4587 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4588 ```
4589 Value (string):
4590 ```
4591 <enabled/> or <disabled/>
4592 ```
4593 #### macOS
4594 ```
4595 <dict>
4596 <key>PictureInPicture</key>
4597 <dict>
4598 <key>Enabled</key>
4599 <true/> | <false/>
4600 <key>Locked</key>
4601 <true/> | <false/>
4602 </dict>
4603 </dict>
4604 ```
4605 #### policies.json
4606 ```
4607 {
4608 "policies": {
4609 "PictureInPicture": {
4610 "Enabled": true | false,
4611 "Locked": true | false
4612 }
4613 }
4614 }
4615 ```
4616 ### PopupBlocking
4617 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4618
4619 `Allow` is a list of origins where popup-windows are allowed.
4620
4621 `Default` determines whether or not pop-up windows are allowed by default.
4622
4623 `Locked` prevents the user from changing pop-up preferences.
4624
4625 **Compatibility:** Firefox 60, Firefox ESR 60\
4626 **CCK2 Equivalent:** `permissions.popup`\
4627 **Preferences Affected:** `dom.disable_open_during_load`
4628
4629 #### Windows (GPO)
4630 ```
4631 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4632 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4633 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4634 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4635 ```
4636 #### Windows (Intune)
4637 OMA-URI:
4638 ```
4639 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4640 ```
4641 Value (string):
4642 ```
4643 <enabled/>
4644 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4645 ```
4646 OMA-URI:
4647 ```
4648 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4649 ```
4650 Value (string):
4651 ```
4652 <enabled/> or <disabled/>
4653 ```
4654 OMA-URI:
4655 ```
4656 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4657 ```
4658 Value (string):
4659 ```
4660 <enabled/> or <disabled/>
4661 ```
4662 #### macOS
4663 ```
4664 <dict>
4665 <key>PopupBlocking</key>
4666 <dict>
4667 <key>Allow</key>
4668 <array>
4669 <string>http://example.org</string>
4670 <string>http://example.edu</string>
4671 </array>
4672 <key>Default</key>
4673 <true/> | <false/>
4674 <key>Locked</key>
4675 <true/> | <false/>
4676 </dict>
4677 </dict>
4678 ```
4679 #### policies.json
4680 ```
4681 {
4682 "policies": {
4683 "PopupBlocking": {
4684 "Allow": ["http://example.org/",
4685 "http://example.edu/"],
4686 "Default": true | false,
4687 "Locked": true | false
4688 }
4689 }
4690 }
4691 ```
4692 ### Preferences
4693 Set and lock preferences.
4694
4695 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4696
4697 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4698
4699 Preferences that start with the following prefixes are supported:
4700 ```
4701 accessibility.
4702 alerts.* (Firefox 122, Firefox ESR 115.7)
4703 app.update.* (Firefox 86, Firefox ESR 78.8)
4704 browser.
4705 datareporting.policy.
4706 dom.
4707 extensions.
4708 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4709 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4710 geo.
4711 gfx.
4712 intl.
4713 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4714 layers.
4715 layout.
4716 media.
4717 network.
4718 pdfjs. (Firefox 84, Firefox ESR 78.6)
4719 places.
4720 pref.
4721 print.
4722 privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11)
4723 privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11)
4724 signon. (Firefox 83, Firefox ESR 78.5)
4725 spellchecker. (Firefox 84, Firefox ESR 78.6)
4726 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4727 ui.
4728 widget.
4729 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4730 xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
4731 ```
4732 as well as the following security preferences:
4733
4734 | Preference | Type | Default
4735 | --- | --- | --- |
4736 | security.default_personal_cert | string | Ask Every Time
4737 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4738 | security.disable_button.openCertManager | string | N/A
4739 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4740 | security.disable_button.openDeviceManager | string | N/A
4741 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4742 | security.insecure_connection_text.enabled | bool | false
4743 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4744 | security.insecure_connection_text.pbmode.enabled | bool | false
4745 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4746 | security.mixed_content.block_active_content | boolean | true
4747 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4748 | security.osclientcerts.autoload | boolean | false
4749 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4750 | security.OCSP.enabled | integer | 1
4751 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4752 | security.OCSP.require | boolean | false
4753 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4754 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4755 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4756 | security.ssl.enable_ocsp_stapling | boolean | true
4757 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4758 | security.ssl.errorReporting.enabled | boolean | true
4759 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4760 | security.ssl.require_safe_negotiation | boolean | false
4761 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4762 | security.tls.enable_0rtt_data | boolean | true
4763 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4764 | security.tls.hello_downgrade_check | boolean | true
4765 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4766 | security.tls.version.enable-deprecated | boolean | false
4767 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4768 | security.warn_submit_secure_to_insecure | boolean | true
4769 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4770
4771 Using the preference as the key, set the `Value` to the corresponding preference value.
4772
4773 `Status` can be "default", "locked", "user" or "clear"
4774
4775 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4776 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4777 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4778 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4779
4780 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4781
4782 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4783
4784 You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.
4785
4786 See the examples below for more detail.
4787
4788 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4789
4790 Status
4791 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4792 **CCK2 Equivalent:** `preferences`\
4793 **Preferences Affected:** Many
4794
4795 #### Windows (GPO)
4796 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4797 ```
4798 {
4799 "accessibility.force_disabled": {
4800 "Value": 1,
4801 "Status": "default",
4802 "Type": "number"
4803
4804 },
4805 "browser.cache.disk.parent_directory": {
4806 "Value": "SOME_NATIVE_PATH",
4807 "Status": "user"
4808 },
4809 "browser.tabs.warnOnClose": {
4810 "Value": false,
4811 "Status": "locked"
4812 }
4813 }
4814 ```
4815 #### Windows (Intune)
4816 OMA-URI:
4817 ```
4818 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4819 ```
4820 Value (string):
4821 ```
4822 <enabled/>
4823 <data id="JSON" value='
4824 {
4825 "accessibility.force_disabled": {
4826 "Value": 1,
4827 "Status": "default",
4828 "Type": "number"
4829 },
4830 "browser.cache.disk.parent_directory": {
4831 "Value": "SOME_NATIVE_PATH",
4832 "Status": "user"
4833 },
4834 "browser.tabs.warnOnClose": {
4835 "Value": false,
4836 "Status": "locked"
4837 }
4838 }'/>
4839 ```
4840 #### macOS
4841 ```
4842 <dict>
4843 <key>Preferences</key>
4844 <dict>
4845 <key>accessibility.force_disabled</key>
4846 <dict>
4847 <key>Value</key>
4848 <integer>1</integer>
4849 <key>Status</key>
4850 <string>default</string>
4851 <key>Type</key>
4852 <string>number</string>
4853 </dict>
4854 <key>browser.cache.disk.parent_directory</key>
4855 <dict>
4856 <key>Value</key>
4857 <string>SOME_NATIVE_PATH</string>
4858 <key>Status</key>
4859 <string>user</string>
4860 </dict>
4861 <key>browser.tabs.warnOnClose</key>
4862 <dict>
4863 <key>Value</key>
4864 <false/>
4865 <key>Status</key>
4866 <string>locked</string>
4867 </dict>
4868 </dict>
4869 </dict>
4870 ```
4871 #### policies.json
4872 ```
4873 {
4874 "policies": {
4875 "Preferences": {
4876 "accessibility.force_disabled": {
4877 "Value": 1,
4878 "Status": "default"
4879 "Type": "number"
4880 },
4881 "browser.cache.disk.parent_directory": {
4882 "Value": "SOME_NATIVE_PATH",
4883 "Status": "user"
4884 },
4885 "browser.tabs.warnOnClose": {
4886 "Value": false,
4887 "Status": "locked"
4888 }
4889 }
4890 }
4891 }
4892 ```
4893 ### PrimaryPassword
4894 Require or prevent using a primary (formerly master) password.
4895
4896 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4897
4898 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4899
4900 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4901 **CCK2 Equivalent:** `noMasterPassword`\
4902 **Preferences Affected:** N/A
4903
4904 #### Windows (GPO)
4905 ```
4906 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4907 ```
4908 #### Windows (Intune)
4909 OMA-URI:
4910 ```
4911 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4912 ```
4913 Value (string):
4914 ```
4915 <enabled/> or <disabled/>
4916 ```
4917 #### macOS
4918 ```
4919 <dict>
4920 <key>PrimaryPassword</key>
4921 <true/> | <false/>
4922 </dict>
4923 ```
4924 #### policies.json
4925 ```
4926 {
4927 "policies": {
4928 "PrimaryPassword": true | false
4929 }
4930 }
4931 ```
4932 ### PrintingEnabled
4933 Enable or disable printing.
4934
4935 **Compatibility:** Firefox 120, Firefox ESR 115.5\
4936 **CCK2 Equivalent:** N/A\
4937 **Preferences Affected:** `print.enabled`
4938
4939 #### Windows (GPO)
4940 ```
4941 Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
4942 ```
4943 #### Windows (Intune)
4944 OMA-URI:
4945 ```
4946 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
4947 ```
4948 Value (string):
4949 ```
4950 <enabled/> or <disabled/>
4951 ```
4952 #### macOS
4953 ```
4954 <dict>
4955 <key>PrintingEnabled</key>
4956 <true/> | <false/>
4957 </dict>
4958 ```
4959 #### policies.json
4960 ```
4961 {
4962 "policies": {
4963 "PrintingEnabled": true | false
4964 }
4965 }
4966 ```
4967 ### PromptForDownloadLocation
4968 Ask where to save each file before downloading.
4969
4970 **Compatibility:** Firefox 68, Firefox ESR 68\
4971 **CCK2 Equivalent:** N/A\
4972 **Preferences Affected:** `browser.download.useDownloadDir`
4973
4974 #### Windows (GPO)
4975 ```
4976 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4977 ```
4978 #### Windows (Intune)
4979 OMA-URI:
4980 ```
4981 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4982 ```
4983 Value (string):
4984 ```
4985 <enabled/> or <disabled/>
4986 ```
4987 #### macOS
4988 ```
4989 <dict>
4990 <key>PromptForDownloadLocation</key>
4991 <true/> | <false/>
4992 </dict>
4993 ```
4994 #### policies.json
4995 ```
4996 {
4997 "policies": {
4998 "PromptForDownloadLocation": true | false
4999 }
5000 }
5001 ```
5002 ### Proxy
5003 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5004 To specify ports, append them to the hostnames with a colon (:).
5005
5006 Unless you lock this policy, changes the user already has in place will take effect.
5007
5008 `Mode` is the proxy method being used.
5009
5010 `Locked` is whether or not proxy settings can be changed.
5011
5012 `HTTPProxy` is the HTTP proxy server.
5013
5014 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5015
5016 `SSLProxy` is the SSL proxy server.
5017
5018 `FTPProxy` is the FTP proxy server.
5019
5020 `SOCKSProxy` is the SOCKS proxy server
5021
5022 `SOCKSVersion` is the SOCKS version (4 or 5)
5023
5024 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5025
5026 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5027
5028 `AutoLogin` means do not prompt for authentication if password is saved.
5029
5030 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5031
5032 **Compatibility:** Firefox 60, Firefox ESR 60\
5033 **CCK2 Equivalent:** `networkProxy*`\
5034 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5035
5036 #### Windows (GPO)
5037 ```
5038 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5039 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5040 Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
5041 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5042 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5043 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5044 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5045 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5046 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5047 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5048 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5049 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5050 ```
5051 #### Windows (Intune)
5052 **Note**
5053 These setttings were moved to a category to make them easier to configure via Intune.
5054
5055 OMA-URI:
5056 ```
5057 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5058 ```
5059 Value (string):
5060 ```
5061 <enabled/> or <disabled/>
5062 ```
5063 OMA-URI:
5064 ```
5065 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5066 ```
5067 Value (string):
5068 ```
5069 <enabled/>
5070 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5071 ```
5072 OMA-URI:
5073 ```
5074 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5075 ```
5076 Value (string):
5077 ```
5078 <enabled/>
5079 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5080 ```
5081 OMA-URI:
5082 ```
5083 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5084 ```
5085 Value (string):
5086 ```
5087 <enabled/> or <disabled/>
5088 ```
5089 OMA-URI:
5090 ```
5091 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5092 ```
5093 Value (string):
5094 ```
5095 <enabled/>
5096 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5097 ```
5098 OMA-URI:
5099 ```
5100 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5101 ```
5102 Value (string):
5103 ```
5104 <enabled/>
5105 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5106 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5107 ```
5108 OMA-URI:
5109 ```
5110 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5111 ```
5112 Value (string):
5113 ```
5114 <enabled/>
5115 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5116 ```
5117 OMA-URI:
5118 ```
5119 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5120 ```
5121 Value (string):
5122 ```
5123 <enabled/>
5124 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5125 ```
5126 OMA-URI:
5127 ```
5128 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5129 ```
5130 Value (string):
5131 ```
5132 <enabled/> or <disabled/>
5133 ```
5134 OMA-URI:
5135 ```
5136 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5137 ```
5138 Value (string):
5139 ```
5140 <enabled/> or <disabled/>
5141 ```
5142 OMA-URI (Old way):
5143 ```
5144 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5145 ```
5146 Value (string):
5147 ```
5148 <enabled/>
5149 <data id="ProxyLocked" value="true | false"/>
5150 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5151 <data id="HTTPProxy" value="httpproxy.example.com"/>
5152 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5153 <data id="SSLProxy" value="sslproxy.example.com"/>
5154 <data id="FTPProxy" value="ftpproxy.example.com"/>
5155 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5156 <data id="SOCKSVersion" value="4 | 5"/>
5157 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5158 <data id="Passthrough" value="<local>"/>
5159 <data id="AutoLogin" value="true | false"/>
5160 <data id="UseProxyForDNS" value="true | false"/>
5161 ```
5162 #### macOS
5163 ```
5164 <dict>
5165 <key>Proxy</key>
5166 <dict>
5167 <key>Mode</key>
5168 <string>none | system | manual | autoDetect | autoConfig</string>
5169 <key>Locked</key>
5170 <true> | </false>
5171 <key>HTTPProxy</key>
5172 <string>https://httpproxy.example.com</string>
5173 <key>UseHTTPProxyForAllProtocols</key>
5174 <true> | </false>
5175 <key>SSLProxy</key>
5176 <string>https://sslproxy.example.com</string>
5177 <key>FTPProxy</key>
5178 <string>https://ftpproxy.example.com</string>
5179 <key>SOCKSProxy</key>
5180 <string>https://socksproxy.example.com</string>
5181 <key>SOCKSVersion</key>
5182 <string>4 | 5</string>
5183 <key>Passthrough</key>
5184 <string>&lt;local>&gt;</string>
5185 <key>AutoConfigURL</key>
5186 <string>URL_TO_AUTOCONFIG</string>
5187 <key>AutoLogin</key>
5188 <true> | </false>
5189 <key>UseProxyForDNS</key>
5190 <true> | </false>
5191 </dict>
5192 </dict>
5193 ```
5194 #### policies.json
5195 ```
5196 {
5197 "policies": {
5198 "Proxy": {
5199 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5200 "Locked": true | false,
5201 "HTTPProxy": "hostname",
5202 "UseHTTPProxyForAllProtocols": true | false,
5203 "SSLProxy": "hostname",
5204 "FTPProxy": "hostname",
5205 "SOCKSProxy": "hostname",
5206 "SOCKSVersion": 4 | 5,
5207 "Passthrough": "<local>",
5208 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5209 "AutoLogin": true | false,
5210 "UseProxyForDNS": true | false
5211 }
5212 }
5213 }
5214 ```
5215 ### RequestedLocales
5216 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5217
5218 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5219
5220 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5221 **CCK2 Equivalent:** N/A\
5222 **Preferences Affected:** N/A
5223 #### Windows (GPO)
5224 ```
5225 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5226 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5227
5228 or
5229
5230 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5231 ```
5232 #### Windows (Intune)
5233 OMA-URI:
5234 ```
5235 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5236 ```
5237 Value (string):
5238 ```
5239 <enabled/>
5240 <data id="Preferences_String" value="de,en-US"/>
5241 ```
5242 #### macOS
5243 ```
5244 <dict>
5245 <key>RequestedLocales</key>
5246 <array>
5247 <string>de</string>
5248 <string>en-US</string>
5249 </array>
5250 </dict>
5251
5252 or
5253
5254 <dict>
5255 <key>RequestedLocales</key>
5256 <string>de,en-US</string>
5257 </dict>
5258
5259 ```
5260 #### policies.json
5261 ```
5262 {
5263 "policies": {
5264 "RequestedLocales": ["de", "en-US"]
5265 }
5266 }
5267
5268 or
5269
5270 {
5271 "policies": {
5272 "RequestedLocales": "de,en-US"
5273 }
5274 }
5275 ```
5276 <a name="SanitizeOnShutdown"></a>
5277
5278 ### SanitizeOnShutdown (Selective)
5279 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5280
5281 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5282
5283 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5284 **CCK2 Equivalent:** N/A\
5285 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5286 #### Windows (GPO)
5287 ```
5288 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5289 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5290 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5291 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5292 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5293 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5294 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5295 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5296 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5297 ```
5298 #### Windows (Intune)
5299 OMA-URI:
5300 ```
5301 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5302 ```
5303 Value (string):
5304 ```
5305 <enabled/> or <disabled/>
5306 ```
5307 OMA-URI:
5308 ```
5309 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5310 ```
5311 Value (string):
5312 ```
5313 <enabled/> or <disabled/>
5314 ```
5315 OMA-URI:
5316 ```
5317 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5318 ```
5319 Value (string):
5320 ```
5321 <enabled/> or <disabled/>
5322 ```
5323 OMA-URI:
5324 ```
5325 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5326 ```
5327 Value (string):
5328 ```
5329 <enabled/> or <disabled/>
5330 ```
5331 OMA-URI:
5332 ```
5333 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5334 ```
5335 Value (string):
5336 ```
5337 <enabled/> or <disabled/>
5338 ```
5339 OMA-URI:
5340 ```
5341 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5342 ```
5343 Value (string):
5344 ```
5345 <enabled/> or <disabled/>
5346 ```
5347 OMA-URI:
5348 ```
5349 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5350 ```
5351 Value (string):
5352 ```
5353 <enabled/> or <disabled/>
5354 ```
5355 OMA-URI:
5356 ```
5357 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5358 ```
5359 Value (string):
5360 ```
5361 <enabled/> or <disabled/>
5362 ```
5363 OMA-URI:
5364 ```
5365 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5366 ```
5367 Value (string):
5368 ```
5369 <enabled/> or <disabled/>
5370 ```
5371 #### macOS
5372 ```
5373 <dict>
5374 <key>SanitizeOnShutdown</key>
5375 <dict>
5376 <key>Cache</key>
5377 <true/> | <false/>
5378 <key>Cookies</key>
5379 <true/> | <false/>
5380 <key>Downloads</key>
5381 <true/> | <false/>
5382 <key>FormData</key>
5383 <true/> | <false/>
5384 <key>History</key>
5385 <true/> | <false/>
5386 <key>Sessions</key>
5387 <true/> | <false/>
5388 <key>SiteSettings</key>
5389 <true/> | <false/>
5390 <key>OfflineApps</key>
5391 <true/> | <false/>
5392 <key>Locked</key>
5393 <true/> | <false/>
5394 </dict>
5395 </dict>
5396 ```
5397 #### policies.json
5398 ```
5399 {
5400 "policies": {
5401 "SanitizeOnShutdown": {
5402 "Cache": true | false,
5403 "Cookies": true | false,
5404 "Downloads": true | false,
5405 "FormData": true | false,
5406 "History": true | false,
5407 "Sessions": true | false,
5408 "SiteSettings": true | false,
5409 "OfflineApps": true | false,
5410 "Locked": true | false
5411 }
5412 }
5413 }
5414 ```
5415 ### SanitizeOnShutdown (All)
5416 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5417
5418 **Compatibility:** Firefox 60, Firefox ESR 60\
5419 **CCK2 Equivalent:** N/A\
5420 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5421 #### Windows (GPO)
5422 ```
5423 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5424 ```
5425 #### Windows (Intune)
5426 OMA-URI:
5427 ```
5428 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5429 ```
5430 Value (string):
5431 ```
5432 <enabled/> or <disabled/>
5433 ```
5434 #### macOS
5435 ```
5436 <dict>
5437 <key>SanitizeOnShutdown</key>
5438 <true/> | <false/>
5439 </dict>
5440 ```
5441 #### policies.json
5442 ```
5443 {
5444 "policies": {
5445 "SanitizeOnShutdown": true | false
5446 }
5447 }
5448 ```
5449 ### SearchBar
5450 Set whether or not search bar is displayed.
5451
5452 **Compatibility:** Firefox 60, Firefox ESR 60\
5453 **CCK2 Equivalent:** `showSearchBar`\
5454 **Preferences Affected:** N/A
5455
5456 #### Windows (GPO)
5457 ```
5458 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5459 ```
5460
5461 #### Windows (Intune)
5462 OMA-URI:
5463 ```
5464 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5465 ```
5466 Value (string):
5467 ```
5468 <enabled/>
5469 <data id="SearchBar" value="unified | separate"/>
5470 ```
5471 #### macOS
5472 ```
5473 <dict>
5474 <key>SearchBar</key>
5475 <string>unified | separate</string>
5476 </dict>
5477 ```
5478 #### policies.json
5479 ```
5480 {
5481 "policies": {
5482 "SearchBar": "unified" | "separate"
5483 }
5484 }
5485 ```
5486 <a name="SearchEngines"></a>
5487
5488 ### SearchEngines (This policy is only available on the ESR.)
5489
5490 ### SearchEngines | Add
5491
5492 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5493
5494 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5495
5496 `Name` is the name of the search engine.
5497
5498 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5499
5500 `Method` is either GET or POST
5501
5502 `IconURL` is a URL for the icon to use.
5503
5504 `Alias` is a keyword to use for the engine.
5505
5506 `Description` is a description of the search engine.
5507
5508 `PostData` is the POST data as name value pairs separated by &.
5509
5510 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5511
5512 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5513
5514 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5515 **CCK2 Equivalent:** `searchplugins`\
5516 **Preferences Affected:** N/A
5517
5518 #### Windows (GPO)
5519 ```
5520 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5521 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5522 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5523 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5524 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5525 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5526 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5527 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5528 ```
5529 #### Windows (Intune)
5530 OMA-URI:
5531 ```
5532 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5533 ```
5534 Value (string):
5535 ```
5536 <enabled/>
5537 <data id="SearchEngine_Name" value="Example1"/>
5538 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5539 <data id="SearchEngine_Method" value="GET | POST"/>
5540 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5541 <data id="SearchEngine_Alias" value="example"/>
5542 <data id="SearchEngine_Description" value="Example Description"/>
5543 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5544 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5545 ```
5546 #### macOS
5547 ```
5548 <dict>
5549 <key>SearchEngines</key>
5550 <dict>
5551 <key>Add</key>
5552 <array>
5553 <dict>
5554 <key>Name</key>
5555 <string>Example1</string>
5556 <key>URLTemplate</key>
5557 <string>https://www.example.org/q={searchTerms}</string>
5558 <key>Method</key>
5559 <string>GET | POST </string>
5560 <key>IconURL</key>
5561 <string>https://www.example.org/favicon.ico</string>
5562 <key>Alias</key>
5563 <string>example</string>
5564 <key>Description</key>
5565 <string>Example Description</string>
5566 <key>SuggestURLTemplate</key>
5567 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5568 <key>PostData</key>
5569 <string>name=value&q={searchTerms}</string>
5570 </dict>
5571 <array>
5572 </dict>
5573 </dict>
5574 ```
5575 #### policies.json
5576 ```
5577 {
5578 "policies": {
5579 "SearchEngines": {
5580 "Add": [
5581 {
5582 "Name": "Example1",
5583 "URLTemplate": "https://www.example.org/q={searchTerms}",
5584 "Method": "GET" | "POST",
5585 "IconURL": "https://www.example.org/favicon.ico",
5586 "Alias": "example",
5587 "Description": "Description",
5588 "PostData": "name=value&q={searchTerms}",
5589 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5590 }
5591 ]
5592 }
5593 }
5594 }
5595 ```
5596 ### SearchEngines | Default
5597
5598 Set the default search engine. This policy is only available on the ESR.
5599
5600 **Compatibility:** Firefox ESR 60\
5601 **CCK2 Equivalent:** `defaultSearchEngine`\
5602 **Preferences Affected:** N/A
5603
5604 #### Windows (GPO)
5605 ```
5606 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5607 ```
5608 #### Windows (Intune)
5609 OMA-URI:
5610 ```
5611 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5612 ```
5613 Value (string):
5614 ```
5615 <enabled/>
5616 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5617 ```
5618 #### macOS
5619 ```
5620 <dict>
5621 <key>SearchEngines</key>
5622 <dict>
5623 <key>Default</key>
5624 <string>NAME_OF_SEARCH_ENGINE</string>
5625 </dict>
5626 </dict>
5627 ```
5628 #### policies.json
5629 ```
5630 {
5631 "policies": {
5632 "SearchEngines": {
5633 "Default": "NAME_OF_SEARCH_ENGINE"
5634 }
5635 }
5636 }
5637 ```
5638 ### SearchEngines | PreventInstalls
5639
5640 Prevent installing search engines from webpages.
5641
5642 **Compatibility:** Firefox ESR 60\
5643 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5644 **Preferences Affected:** N/A
5645
5646 #### Windows (GPO)
5647 ```
5648 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5649 ```
5650 #### Windows (Intune)
5651 OMA-URI:
5652 ```
5653 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5654 ```
5655 Value (string):
5656 ```
5657 <enabled/> or <disabled/>
5658 ```
5659 #### macOS
5660 ```
5661 <dict>
5662 <key>SearchEngines</key>
5663 <dict>
5664 <key>PreventInstalls</key>
5665 <true/> | <false/>
5666 </dict>
5667 </dict>
5668 ```
5669 #### policies.json
5670 ```
5671 {
5672 "policies": {
5673 "SearchEngines": {
5674 "PreventInstalls": true | false
5675 }
5676 }
5677 }
5678 ```
5679 ### SearchEngines | Remove
5680
5681 Hide built-in search engines. This policy is only available on the ESR.
5682
5683 **Compatibility:** Firefox ESR 60.2\
5684 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5685 **Preferences Affected:** N/A
5686
5687 #### Windows (GPO)
5688 ```
5689 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5690 ```
5691 #### Windows (Intune)
5692 OMA-URI:
5693 ```
5694 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5695 ```
5696 Value (string):
5697 ```
5698 <enabled/>
5699 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5700 ```
5701 #### macOS
5702 ```
5703 <dict>
5704 <key>SearchEngines</key>
5705 <dict>
5706 <key>Remove</key>
5707 <array>
5708 <string>NAME_OF_SEARCH_ENGINE</string>
5709 </array>
5710 </dict>
5711 </dict>
5712 ```
5713 #### policies.json
5714 ```
5715 {
5716 "policies": {
5717 "SearchEngines": {
5718 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5719 }
5720 }
5721 }
5722 ```
5723 ### SearchSuggestEnabled
5724
5725 Enable search suggestions.
5726
5727 **Compatibility:** Firefox 68, Firefox ESR 68\
5728 **CCK2 Equivalent:** N/A\
5729 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5730
5731 #### Windows (GPO)
5732 ```
5733 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5734 ```
5735 #### Windows (Intune)
5736 OMA-URI:
5737 ```
5738 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5739 ```
5740 Value (string):
5741 ```
5742 <enabled/> or <disabled/>
5743 ```
5744 #### macOS
5745 ```
5746 <dict>
5747 <key>SearchSuggestEnabled</key>
5748 <true/> | <false/>
5749 </dict>
5750 ```
5751 #### policies.json
5752 ```
5753 {
5754 "policies": {
5755 "SearchSuggestEnabled": true | false
5756 }
5757 }
5758 ```
5759 ### SecurityDevices
5760
5761 Add or delete PKCS #11 modules.
5762
5763 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5764 **CCK2 Equivalent:** N/A\
5765 **Preferences Affected:** N/A
5766
5767 #### Windows (GPO)
5768 ```
5769 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5770 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5771 ```
5772 #### Windows (Intune)
5773 OMA-URI:
5774 ```
5775 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5776 ```
5777 Value (string):
5778 ```
5779 <enabled/>
5780 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5781 ```
5782 OMA-URI:
5783 ```
5784 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5785 ```
5786 Value (string):
5787 ```
5788 <enabled/>
5789 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5790 ```
5791 #### macOS
5792 ```
5793 <dict>
5794 <key>SecurityDevices</key>
5795 <dict>
5796 <key>Add<key>
5797 <dict>
5798 <key>NAME_OF_DEVICE_TO_ADD</key>
5799 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5800 </dict>
5801 <key>Delete</add>
5802 <array>
5803 <string>NAME_OF_DEVICE_TO_DELETE</string>
5804 </array>
5805 </dict>
5806 </dict>
5807 ```
5808 #### policies.json
5809 ```
5810 {
5811 "policies": {
5812 "SecurityDevices": {
5813 "Add": {
5814 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5815 },
5816 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5817 }
5818 }
5819 }
5820 ```
5821 ### SecurityDevices (Deprecated)
5822
5823 Install PKCS #11 modules.
5824
5825 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5826 **CCK2 Equivalent:** `certs.devices`\
5827 **Preferences Affected:** N/A
5828
5829 #### Windows (GPO)
5830 ```
5831 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5832 ```
5833 #### Windows (Intune)
5834 OMA-URI:
5835 ```
5836 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5837 ```
5838 Value (string):
5839 ```
5840 <enabled/>
5841 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5842 ```
5843 #### macOS
5844 ```
5845 <dict>
5846 <key>SecurityDevices</key>
5847 <dict>
5848 <key>NAME_OF_DEVICE</key>
5849 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5850 </dict>
5851 </dict>
5852 ```
5853 #### policies.json
5854 ```
5855 {
5856 "policies": {
5857 "SecurityDevices": {
5858 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5859 }
5860 }
5861 }
5862 ```
5863 ### ShowHomeButton
5864 Show the home button on the toolbar.
5865
5866 Future versions of Firefox will not show the home button by default.
5867
5868 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5869 **CCK2 Equivalent:** N/A\
5870 **Preferences Affected:** N/A
5871
5872 #### Windows (GPO)
5873 ```
5874 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5875 ```
5876 #### Windows (Intune)
5877 OMA-URI:
5878 ```
5879 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5880 ```
5881 Value (string):
5882 ```
5883 <enabled/> or <disabled/>
5884 ```
5885 #### macOS
5886 ```
5887 <dict>
5888 <key>ShowHomeButton</key>
5889 <true/> | <false/>
5890 </dict>
5891 ```
5892 #### policies.json
5893 ```
5894 {
5895 "policies": {
5896 "ShowHomeButton": true | false
5897 }
5898 }
5899 ```
5900 ### SSLVersionMax
5901
5902 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5903
5904 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5905 **CCK2 Equivalent:** N/A\
5906 **Preferences Affected:** `security.tls.version.max`
5907
5908 #### Windows (GPO)
5909 ```
5910 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5911 ```
5912 #### Windows (Intune)
5913 OMA-URI:
5914 ```
5915 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5916 ```
5917 Value (string):
5918 ```
5919 <enabled/>
5920 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5921 ```
5922 #### macOS
5923 ```
5924 <dict>
5925 <key>SSLVersionMax</key>
5926 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5927 </dict>
5928 ```
5929
5930 #### policies.json
5931 ```
5932 {
5933 "policies": {
5934 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5935 }
5936 }
5937 ```
5938 ### SSLVersionMin
5939
5940 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5941
5942 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5943 **CCK2 Equivalent:** N/A\
5944 **Preferences Affected:** `security.tls.version.min`
5945
5946 #### Windows (GPO)
5947 ```
5948 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5949 ```
5950 #### Windows (Intune)
5951 OMA-URI:
5952 ```
5953 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5954 ```
5955 Value (string):
5956 ```
5957 <enabled/>
5958 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5959 ```
5960 #### macOS
5961 ```
5962 <dict>
5963 <key>SSLVersionMin</key>
5964 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5965 </dict>
5966 ```
5967
5968 #### policies.json
5969 ```
5970 {
5971 "policies": {
5972 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5973 }
5974 }
5975 ```
5976 ### StartDownloadsInTempDirectory
5977 Force downloads to start off in a local, temporary location rather than the default download directory.
5978
5979 **Compatibility:** Firefox 102\
5980 **CCK2 Equivalent:** N/A\
5981 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
5982
5983 #### Windows (GPO)
5984 ```
5985 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
5986 ```
5987 #### Windows (Intune)
5988 OMA-URI:
5989 ```
5990 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
5991 ```
5992 Value (string):
5993 ```
5994 <enabled/> or <disabled/>
5995 ```
5996 #### macOS
5997 ```
5998 <dict>
5999 <key>StartDownloadsInTempDirectory</key>
6000 <true/> | <false/>
6001 </dict>
6002 ```
6003 #### policies.json
6004 ```
6005 {
6006 "policies": {
6007 "StartDownloadsInTempDirectory": true | false
6008 }
6009 ```
6010 ### SupportMenu
6011 Add a menuitem to the help menu for specifying support information.
6012
6013 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
6014 **CCK2 Equivalent:** helpMenu\
6015 **Preferences Affected:** N/A
6016
6017 #### Windows (GPO)
6018 ```
6019 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
6020 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
6021 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
6022 ```
6023 #### Windows (Intune)
6024 OMA-URI:
6025 ```
6026 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
6027 ```
6028 Value (string):
6029 ```
6030 <enabled/>
6031 <data id="SupportMenuTitle" value="Support Menu"/>
6032 <data id="SupportMenuURL" value="http://example.com/support"/>
6033 <data id="SupportMenuAccessKey" value="S"/>
6034 ```
6035 #### macOS
6036 ```
6037 <dict>
6038 <key>SupportMenu</key>
6039 <dict>
6040 <key>Title</key>
6041 <string>SupportMenu</string>
6042 <key>URL</key>
6043 <string>http://example.com/support</string>
6044 <key>AccessKey</key>
6045 <string>S</string>
6046 </dict>
6047 </dict>
6048 ```
6049 #### policies.json
6050 ```
6051 {
6052 "policies": {
6053 "SupportMenu": {
6054 "Title": "Support Menu",
6055 "URL": "http://example.com/support",
6056 "AccessKey": "S"
6057 }
6058 }
6059 }
6060 ```
6061 ### TranslateEnabled
6062 Enable or disable webpage translation.
6063
6064 Note: Web page translation is done completely on the client, so there is no data or privacy risk.
6065
6066 If you only want to disable the popup, you can set the pref `browser.translations.automaticallyPopup` to false using the [Preferences](#preferences) policy.
6067
6068 **Compatibility:** Firefox 126\
6069 **CCK2 Equivalent:** N/A\
6070 **Preferences Affected:** `browser.translations.enable`
6071
6072 #### Windows (GPO)
6073 ```
6074 Software\Policies\Mozilla\Firefox\TranslateEnabled = 0x1 | 0x0
6075 ```
6076 #### Windows (Intune)
6077 OMA-URI:
6078 ```
6079 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TranslateEnabled
6080 ```
6081 Value (string):
6082 ```
6083 <enabled/> or <disabled/>
6084 ```
6085 #### macOS
6086 ```
6087 <dict>
6088 <key>TranslateEnabled</key>
6089 <true/> | <false/>
6090 </dict>
6091 ```
6092 #### policies.json
6093 ```
6094 {
6095 "policies": {
6096 "TranslateEnabled": true | false
6097 }
6098 }
6099 ```
6100 ### UserMessaging
6101
6102 Prevent Firefox from messaging the user in certain situations.
6103
6104 `WhatsNew` Remove the "What's New" icon and menuitem.
6105
6106 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6107
6108 `FeatureRecommendations` If false, don't recommend browser features.
6109
6110 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6111
6112 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6113
6114 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6115
6116 `Locked` prevents the user from changing user messaging preferences.
6117
6118 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6119 **CCK2 Equivalent:** N/A\
6120 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6121
6122 #### Windows (GPO)
6123 ```
6124 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
6125 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6126 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6127 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6128 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6129 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6130 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
6131 ```
6132 #### Windows (Intune)
6133 OMA-URI:
6134 ```
6135 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6136 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6137 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6138 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6139 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6140 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6141 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
6142 ```
6143 Value (string):
6144 ```
6145 <enabled/> or <disabled/>
6146 ```
6147 #### macOS
6148 ```
6149 <dict>
6150 <key>UserMessaging</key>
6151 <dict>
6152 <key>WhatsNew</key>
6153 <true/> | <false/>
6154 <key>ExtensionRecommendations</key>
6155 <true/> | <false/>
6156 <key>FeatureRecommendations</key>
6157 <true/> | <false/>
6158 <key>UrlbarInterventions</key>
6159 <true/> | <false/>
6160 <key>SkipOnboarding</key>
6161 <true/> | <false/>
6162 <key>MoreFromMozilla</key>
6163 <true/> | <false/>
6164 <key>Locked</key>
6165 <true/> | <false/>
6166 </dict>
6167 </dict>
6168 ```
6169 #### policies.json
6170 ```
6171 {
6172 "policies": {
6173 "UserMessaging": {
6174 "WhatsNew": true | false,
6175 "ExtensionRecommendations": true | false,
6176 "FeatureRecommendations": true | false,
6177 "UrlbarInterventions": true | false,
6178 "SkipOnboarding": true | false,
6179 "MoreFromMozilla": true | false,
6180 "Locked": true | false
6181 }
6182 }
6183 }
6184 ```
6185 ### UseSystemPrintDialog
6186 Use the system print dialog instead of the print preview window.
6187
6188 **Compatibility:** Firefox 102\
6189 **CCK2 Equivalent:** N/A\
6190 **Preferences Affected:** `print.prefer_system_dialog`
6191
6192 #### Windows (GPO)
6193 ```
6194 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6195 ```
6196 #### Windows (Intune)
6197 OMA-URI:
6198 ```
6199 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6200 ```
6201 Value (string):
6202 ```
6203 <enabled/> or <disabled/>
6204 ```
6205 #### macOS
6206 ```
6207 <dict>
6208 <key>UseSystemPrintDialog</key>
6209 <true/> | <false/>
6210 </dict>
6211 ```
6212 #### policies.json
6213 ```
6214 {
6215 "policies": {
6216 "UseSystemPrintDialog": true | false
6217 }
6218 }
6219 ```
6220 ### WebsiteFilter
6221 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6222 The arrays are limited to 1000 entries each.
6223
6224 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6225
6226 For specific protocols, use `https://*/*` or `http://*/*`.
6227
6228 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6229
6230 **Compatibility:** Firefox 60, Firefox ESR 60\
6231 **CCK2 Equivalent:** N/A\
6232 **Preferences Affected:** N/A
6233
6234 #### Windows (GPO)
6235 ```
6236 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6237 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6238 ```
6239 #### Windows (Intune)
6240 OMA-URI:
6241 ```
6242 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6243 ```
6244 Value (string):
6245 ```
6246 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6247 ```
6248 OMA-URI:
6249 ```
6250 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6251 ```
6252 Value (string):
6253 ```
6254 <enabled/>
6255 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6256 ```
6257 #### macOS
6258 ```
6259 <dict>
6260 <key>WebsiteFilter</key>
6261 <dict>
6262 <key>Block</key>
6263 <array>
6264 <string><all_urls></string>
6265 </array>
6266 <key>Exceptions</key>
6267 <array>
6268 <string>http://example.org/*</string>
6269 </array>
6270 </dict>
6271
6272 </dict>
6273 ```
6274 #### policies.json
6275 ```
6276 {
6277 "policies": {
6278 "WebsiteFilter": {
6279 "Block": ["<all_urls>"],
6280 "Exceptions": ["http://example.org/*"]
6281 }
6282 }
6283 }
6284 ```
6285 ### WindowsSSO
6286 Allow Windows single sign-on for Microsoft, work, and school accounts.
6287
6288 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6289
6290 **Compatibility:** Firefox 91\
6291 **CCK2 Equivalent:** N/A\
6292 **Preferences Affected:** `network.http.windows-sso.enabled`
6293
6294 #### Windows (GPO)
6295 ```
6296 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6297 ```
6298 #### Windows (Intune)
6299 OMA-URI:
6300 ```
6301 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6302 ```
6303 Value (string):
6304 ```
6305 <enabled/> or <disabled/>
6306 ```
6307 #### policies.json
6308 ```
6309 {
6310 "policies": {
6311 "WindowsSSO": true | false
6312 }
6313 }
6314 ```

patrick-canterino.de