]> git.p6c8.net - policy-templates.git/blob - docs/index.md
Merge pull request #1098 from qupig/master
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
21 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
22 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
23 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
24 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
25 | **[`AutofillAddressEnabled`](#autofilladdressenabled)** | Enable autofill for addresses.
26 | **[`AutofillCreditCardEnabled`](#autofillcreditcardenabled)** | Enable autofill for payment methods.
27 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
28 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
29 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
30 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
31 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
32 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
33 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
34 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
35 | **[`Certificates`](#certificates)** |
36 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
37 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
38 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
39 | **[`Cookies`](#cookies)** | Configure cookie preferences.
40 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
41 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
42 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
43 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
44 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
45 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
46 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
47 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
48 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
49 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
50 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
51 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
52 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
53 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
54 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
55 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
56 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
57 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
58 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
59 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
60 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
61 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
62 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
63 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
64 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
65 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
66 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
67 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
68 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
69 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
70 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
71 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
72 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
73 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
74 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
75 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
76 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
77 | **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
78 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
79 | **[`Handlers`](#handlers)** | Configure default application handlers.
80 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
81 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
82 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
83 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
84 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
85 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
86 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
87 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
88 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
89 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
90 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
91 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
92 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
93 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
94 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
95 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
96 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
97 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
98 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
99 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
100 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
101 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
102 | **[`Preferences`](#preferences)** | Set and lock preferences.
103 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
104 | **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
105 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
106 | **[`Proxy`](#proxy)** | Configure proxy settings.
107 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
108 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
109 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
110 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
111 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
112 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
113 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
114 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
115 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
116 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
117 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
118 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
119 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
120 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
121 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
122 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
123 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
124 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
125 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
126 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
127
128 ### 3rdparty
129
130 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
131
132 For GPO and Intune, the extension developer should provide an ADMX file.
133
134 **Compatibility:** Firefox 68\
135 **CCK2 Equivalent:** N/A\
136 **Preferences Affected:** N/A
137
138 #### macOS
139 ```
140 <dict>
141 <key>3rdparty</key>
142 <dict>
143 <key>Extensions</key>
144 <dict>
145 <key>uBlock0@raymondhill.net</key>
146 <dict>
147 <key>adminSettings</key>
148 <dict>
149 <key>selectedFilterLists</key>
150 <array>
151 <string>ublock-privacy</string>
152 <string>ublock-badware</string>
153 <string>ublock-filters</string>
154 <string>user-filters</string>
155 </array>
156 </dict>
157 </dict>
158 </dict>
159 </dict>
160 </dict>
161 ```
162 #### policies.json
163 ```
164 {
165 "policies": {
166 "3rdparty": {
167 "Extensions": {
168 "uBlock0@raymondhill.net": {
169 "adminSettings": {
170 "selectedFilterLists": [
171 "ublock-privacy",
172 "ublock-badware",
173 "ublock-filters",
174 "user-filters"
175 ]
176 }
177 }
178 }
179 }
180 }
181 }
182 ```
183
184 ### AllowedDomainsForApps
185
186 Define domains allowed to access Google Workspace.
187
188 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
189
190 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
191
192 **Compatibility:** Firefox 89, Firefox ESR 78.11\
193 **CCK2 Equivalent:** N/A\
194 **Preferences Affected:** N/A
195
196 #### Windows (GPO)
197 ```
198 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
199 ```
200 #### Windows (Intune)
201 OMA-URI:
202 ```
203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
204 ```
205 Value (string):
206 ```
207 <enabled/>
208 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
209 ```
210 #### macOS
211 ```
212 <dict>
213 <key>AllowedDomainsForApps</key>
214 <string>managedfirefox.com,example.com</string>
215 </dict>
216 ```
217 #### policies.json
218 ```
219 {
220 "policies": {
221 "AllowedDomainsForApps": "managedfirefox.com,example.com"
222 }
223 }
224 ```
225 ### AllowFileSelectionDialogs
226
227 Enable or disable file selection dialogs.
228
229 **Compatibility:** Firefox 124\
230 **CCK2 Equivalent:** N/A\
231 **Preferences Affected:** `widget.disable_file_pickers`
232
233 #### Windows (GPO)
234 ```
235 Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0
236 ```
237 #### Windows (Intune)
238 OMA-URI:
239 ```
240 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate
241 ```
242 Value (string):
243 ```
244 <enabled/> or <disabled/>
245 ```
246 #### macOS
247 ```
248 <dict>
249 <key>AllowFileSelectionDialogs</key>
250 <true/> | <false/>
251 </dict>
252 ```
253 #### policies.json
254 ```
255 {
256 "policies": {
257 "AllowFileSelectionDialogs": true | false
258 }
259 }
260 ```
261 ### AppAutoUpdate
262
263 Enable or disable **automatic** application update.
264
265 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
266
267 If set to false, application updates are downloaded but the user can choose when to install the update.
268
269 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
270
271 **Compatibility:** Firefox 75, Firefox ESR 68.7\
272 **CCK2 Equivalent:** N/A\
273 **Preferences Affected:** `app.update.auto`
274
275 #### Windows (GPO)
276 ```
277 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
278 ```
279 #### Windows (Intune)
280 OMA-URI:
281 ```
282 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
283 ```
284 Value (string):
285 ```
286 <enabled/> or <disabled/>
287 ```
288 #### macOS
289 ```
290 <dict>
291 <key>AppAutoUpdate</key>
292 <true/> | <false/>
293 </dict>
294 ```
295 #### policies.json
296 ```
297 {
298 "policies": {
299 "AppAutoUpdate": true | false
300 }
301 }
302 ```
303 ### AppUpdatePin
304
305 Prevent Firefox from being updated beyond the specified version.
306
307 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
308
309 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
310
311 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
312
313 **Compatibility:** Firefox 102,\
314 **CCK2 Equivalent:** N/A\
315 **Preferences Affected:** N/A
316
317 #### Windows (GPO)
318 ```
319 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
320 ```
321 #### Windows (Intune)
322 OMA-URI:
323 ```
324 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
325 ```
326 Value (string):
327 ```
328 <enabled/>
329 <data id="AppUpdatePin" value="106."/>
330 ```
331 #### macOS
332 ```
333 <dict>
334 <key>AppUpdatePin</key>
335 <string>106.</string>
336 </dict>
337 ```
338 #### policies.json
339 ```
340 {
341 "policies": {
342 "AppUpdatePin": "106."
343 }
344 }
345 ```
346 ### AppUpdateURL
347
348 Change the URL for application update if you are providing Firefox updates from a custom update server.
349
350 **Compatibility:** Firefox 62, Firefox ESR 60.2\
351 **CCK2 Equivalent:** N/A\
352 **Preferences Affected:** `app.update.url`
353
354 #### Windows (GPO)
355 ```
356 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
357 ```
358 #### Windows (Intune)
359 OMA-URI:
360 ```
361 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
362 ```
363 Value (string):
364 ```
365 <enabled/>
366 <data id="AppUpdateURL" value="https://yoursite.com"/>
367 ```
368 #### macOS
369 ```
370 <dict>
371 <key>AppUpdateURL</key>
372 <string>https://yoursite.com</string>
373 </dict>
374 ```
375 #### policies.json
376 ```
377 {
378 "policies": {
379 "AppUpdateURL": "https://yoursite.com"
380 }
381 }
382 ```
383 ### Authentication
384
385 Configure sites that support integrated authentication.
386
387 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
388
389 `PrivateBrowsing` enables integrated authentication in private browsing.
390
391 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
392 **CCK2 Equivalent:** N/A\
393 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
394
395 #### Windows (GPO)
396 ```
397 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
398 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
399 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
400 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
401 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
402 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
403 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
404 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
405 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
406 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
407 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
408 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
409 ```
410 #### Windows (Intune)
411 OMA-URI:
412 ```
413 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
414 ```
415 Value (string):
416 ```
417 <enabled/>
418 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
419 ```
420 OMA-URI:
421 ```
422 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
423 ```
424 Value (string):
425 ```
426 <enabled/>
427 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
428 ```
429 OMA-URI:
430 ```
431 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
432 ```
433 Value (string):
434 ```
435 <enabled/>
436 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
437 ```
438 OMA-URI:
439 ```
440 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
441 ```
442 Value (string):
443 ```
444 <enabled/>
445 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
446 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
447 ```
448 OMA-URI:
449 ```
450 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
451 ```
452 Value (string):
453 ```
454 <enabled/> or <disabled/>
455 ```
456 OMA-URI:
457 ```
458 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
459 ```
460 Value (string):
461 ```
462 <enabled/> or <disabled/>
463 ```
464 #### macOS
465 ```
466 <dict>
467 <key>Authentication</key>
468 <dict>
469 <key>SPNEGO</key>
470 <array>
471 <string>mydomain.com</string>
472 <string>https://myotherdomain.com</string>
473 </array>
474 <key>Delegated</key>
475 <array>
476 <string>mydomain.com</string>
477 <string>https://myotherdomain.com</string>
478 </array>
479 <key>NTLM</key>
480 <array>
481 <string>mydomain.com</string>
482 <string>https://myotherdomain.com</string>
483 </array>
484 <key>AllowNonFQDN</key>
485 <dict>
486 <key>SPNEGO</key>
487 <true/> | <false/>
488 <key>NTLM</key>
489 <true/> | <false/>
490 </dict>
491 <key>AllowProxies</key>
492 <dict>
493 <key>SPNEGO</key>
494 <true/> | <false/>
495 <key>NTLM</key>
496 <true/> | <false/>
497 </dict>
498 <key>Locked</key>
499 <true/> | <false/>
500 <key>PrivateBrowsing</key>
501 <true/> | <false/>
502 </dict>
503 </dict>
504 ```
505 #### policies.json
506 ```
507 {
508 "policies": {
509 "Authentication": {
510 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
511 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
512 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
513 "AllowNonFQDN": {
514 "SPNEGO": true | false,
515 "NTLM": true | false
516 },
517 "AllowProxies": {
518 "SPNEGO": true | false,
519 "NTLM": true | false
520 },
521 "Locked": true | false,
522 "PrivateBrowsing": true | false
523 }
524 }
525 }
526 ```
527 ### AutofillAddressEnabled
528
529 Enables or disables autofill for addresses.
530
531 This only applies when address autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/automatically-fill-your-address-web-forms) for more information.
532
533 **Compatibility:** Firefox 125, Firefox ESR 115.10\
534 **CCK2 Equivalent:** N/A\
535 **Preferences Affected:** `extensions.formautofill.addresses.enabled`
536
537 #### Windows (GPO)
538 ```
539 Software\Policies\Mozilla\Firefox\AutofillAddressEnabled = 0x1 | 0x0
540 ```
541 #### Windows (Intune)
542 OMA-URI:
543 ```
544 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillAddressEnabled
545 ```
546 Value (string):
547 ```
548 <enabled/> or <disabled/>
549 ```
550 #### macOS
551 ```
552 <dict>
553 <key>AutofillAddressEnabled</key>
554 <true/> | <false/>
555 </dict>
556 ```
557 #### policies.json
558 ```
559 {
560 "policies": {
561 "AutofillAddressEnabled": true | false
562 }
563 }
564 ```
565 ### AutofillCreditCardEnabled
566
567 Enables or disables autofill for payment methods.
568
569 This only applies when payment method autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/credit-card-autofill) for more information.
570
571 **Compatibility:** Firefox 125, Firefox ESR 115.10\
572 **CCK2 Equivalent:** N/A\
573 **Preferences Affected:** `extensions.formautofill.creditCards.enabled`
574
575 #### Windows (GPO)
576 ```
577 Software\Policies\Mozilla\Firefox\AutofillCreditCardEnabled = 0x1 | 0x0
578 ```
579 #### Windows (Intune)
580 OMA-URI:
581 ```
582 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillCreditCardEnabled
583 ```
584 Value (string):
585 ```
586 <enabled/> or <disabled/>
587 ```
588 #### macOS
589 ```
590 <dict>
591 <key>AutofillCreditCardEnabled</key>
592 <true/> | <false/>
593 </dict>
594 ```
595 #### policies.json
596 ```
597 {
598 "policies": {
599 "AutofillCreditCardEnabled": true | false
600 }
601 }
602 ```
603 ### AutoLaunchProtocolsFromOrigins
604 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
605
606 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
607
608 The schema is:
609 ```
610 {
611 "items": {
612 "properties": {
613 "allowed_origins": {
614 "items": {
615 "type": "string"
616 },
617 "type": "array"
618 },
619 "protocol": {
620 "type": "string"
621 }
622 },
623 "required": [
624 "protocol",
625 "allowed_origins"
626 ],
627 "type": "object"
628 },
629 "type": "array"
630 }
631 ```
632 **Compatibility:** Firefox 90, Firefox ESR 78.12\
633 **CCK2 Equivalent:** N/A\
634 **Preferences Affected:** N/A
635
636 #### Windows (GPO)
637 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
638 ```
639 [
640 {
641 "protocol": "zoommtg",
642 "allowed_origins": [
643 "https://somesite.zoom.us"
644 ]
645 }
646 ]
647 ```
648 #### Windows (Intune)
649 OMA-URI:
650 ```
651 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
652 ```
653 Value (string):
654 ```
655 <enabled/>
656 <data id="JSON" value='
657 [
658 {
659 "protocol": "zoommtg",
660 "allowed_origins": [
661 "https://somesite.zoom.us"
662 ]
663 }
664 ]'/>
665 ```
666 #### macOS
667 ```
668 <dict>
669 <key>AutoLaunchProtocolsFromOrigins</key>
670 <array>
671 <dict>
672 <key>protocol</key>
673 <string>zoommtg</string>
674 <key>allowed_origins</key>
675 <array>
676 <string>https://somesite.zoom.us</string>
677 </array>
678 </dict>
679 </array>
680 </dict>
681 ```
682 #### policies.json
683 ```
684 {
685 "policies": {
686 "AutoLaunchProtocolsFromOrigins": [{
687 "protocol": "zoommtg",
688 "allowed_origins": [
689 "https://somesite.zoom.us"
690 ]
691 }]
692 }
693 }
694 ```
695 ### BackgroundAppUpdate
696
697 Enable or disable **automatic** application update **in the background**, when the application is not running.
698
699 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
700
701 If set to false, the application will not try to install updates when the application is not running.
702
703 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
704
705 If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows).
706
707 **Compatibility:** Firefox 90 (Windows only)\
708 **CCK2 Equivalent:** N/A\
709 **Preferences Affected:** `app.update.background.enabled`
710
711 #### Windows (GPO)
712 ```
713 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
714 ```
715 #### Windows (Intune)
716 OMA-URI:
717 ```
718 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
719 ```
720 Value (string):
721 ```
722 <enabled/> or <disabled/>
723 ```
724 #### macOS
725 ```
726 <dict>
727 <key>BackgroundAppUpdate</key>
728 <true/> | <false/>
729 </dict>
730 ```
731 #### policies.json
732 ```
733 {
734 "policies": {
735 "BackgroundAppUpdate": true | false
736 }
737 }
738 ```
739 ### BlockAboutAddons
740
741 Block access to the Add-ons Manager (about:addons).
742
743 **Compatibility:** Firefox 60, Firefox ESR 60\
744 **CCK2 Equivalent:** `disableAddonsManager`\
745 **Preferences Affected:** N/A
746
747 #### Windows (GPO)
748 ```
749 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
750 ```
751 #### Windows (Intune)
752 OMA-URI:
753 ```
754 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
755 ```
756 Value (string):
757 ```
758 <enabled/> or <disabled/>
759 ```
760 #### macOS
761 ```
762 <dict>
763 <key>BlockAboutAddons</key>
764 <true/> | <false/>
765 </dict>
766 ```
767 #### policies.json
768 ```
769 {
770 "policies": {
771 "BlockAboutAddons": true | false
772 }
773 }
774 ```
775 ### BlockAboutConfig
776
777 Block access to about:config.
778
779 **Compatibility:** Firefox 60, Firefox ESR 60\
780 **CCK2 Equivalent:** `disableAboutConfig`\
781 **Preferences Affected:** N/A
782
783 #### Windows (GPO)
784 ```
785 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
786 ```
787 #### Windows (Intune)
788 OMA-URI:
789 ```
790 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
791 ```
792 Value (string):
793 ```
794 <enabled/> or <disabled/>
795 ```
796 #### macOS
797 ```
798 <dict>
799 <key>BlockAboutConfig</key>
800 <true/> | <false/>
801 </dict>
802 ```
803 #### policies.json
804 ```
805 {
806 "policies": {
807 "BlockAboutConfig": true | false
808 }
809 }
810 ```
811 ### BlockAboutProfiles
812
813 Block access to About Profiles (about:profiles).
814
815 **Compatibility:** Firefox 60, Firefox ESR 60\
816 **CCK2 Equivalent:** `disableAboutProfiles`\
817 **Preferences Affected:** N/A
818
819 #### Windows (GPO)
820 ```
821 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
822 ```
823 #### Windows (Intune)
824 OMA-URI:
825 ```
826 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
827 ```
828 Value (string):
829 ```
830 <enabled/> or <disabled/>
831 ```
832 #### macOS
833 ```
834 <dict>
835 <key>BlockAboutProfiles</key>
836 <true/> | <false/>
837 </dict>
838 ```
839 #### policies.json
840 ```
841 {
842 "policies": {
843 "BlockAboutProfiles": true | false
844 }
845 }
846 ```
847 ### BlockAboutSupport
848
849 Block access to Troubleshooting Information (about:support).
850
851 **Compatibility:** Firefox 60, Firefox ESR 60\
852 **CCK2 Equivalent:** `disableAboutSupport`\
853 **Preferences Affected:** N/A
854
855 #### Windows (GPO)
856 ```
857 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
858 ```
859 #### Windows (Intune)
860 OMA-URI:
861 ```
862 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
863 ```
864 Value (string):
865 ```
866 <enabled/> or <disabled/>
867 ```
868 #### macOS
869 ```
870 <dict>
871 <key>BlockAboutSupport</key>
872 <true/> | <false/>
873 </dict>
874 ```
875 #### policies.json
876 ```
877 {
878 "policies": {
879 "BlockAboutSupport": true | false
880 }
881 }
882 ```
883 ### Bookmarks
884
885 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
886
887 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
888
889 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
890
891 **Compatibility:** Firefox 60, Firefox ESR 60\
892 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
893 **Preferences Affected:** N/A
894
895 #### Windows (GPO)
896 ```
897 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
898 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
899 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
900 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
901 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
902
903 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
904 ```
905 []
906 ```
907
908 ```
909 #### Windows (Intune)
910 OMA-URI:
911 ```
912 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
913 ```
914 Value (string):
915 ```
916 <enabled/>
917 <data id="BookmarkTitle" value="Example"/>
918 <data id="BookmarkURL" value="https://example.com"/>
919 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
920 <data id="BookmarkPlacement" value="toolbar | menu"/>
921 <data id="BookmarkFolder" value="FolderName"/>
922 ```
923 OMA-URI:
924 ```
925 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
926 ```
927 Value (string):
928 ```
929 <enabled/>
930 <data id="JSON" value='[]'/>
931 ```
932 #### macOS
933 ```
934 <dict>
935 <key>Bookmarks</key>
936 <array>
937 <dict>
938 <key>Title</key>
939 <string>Example</string>
940 <key>URL</key>
941 <string>https://example.com</string>
942 <key>Favicon</key>
943 <string>https://example.com/favicon.ico</string>
944 <key>Placement</key>
945 <string>toolbar | menu</string>
946 <key>Folder</key>
947 <string>FolderName</string>
948 </dict>
949 </array>
950 </dict>
951 ```
952 #### policies.json
953 ```
954 {
955 "policies": {
956 "Bookmarks": [
957 {
958 "Title": "Example",
959 "URL": "https://example.com",
960 "Favicon": "https://example.com/favicon.ico",
961 "Placement": "toolbar" | "menu",
962 "Folder": "FolderName"
963 }
964 ]
965 }
966 }
967 ```
968 ### CaptivePortal
969 Enable or disable the detection of captive portals.
970
971 **Compatibility:** Firefox 67, Firefox ESR 60.7\
972 **CCK2 Equivalent:** N/A\
973 **Preferences Affected:** `network.captive-portal-service.enabled`
974
975 #### Windows (GPO)
976 ```
977 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
978 ```
979 #### Windows (Intune)
980 OMA-URI:
981 ```
982 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
983 ```
984 Value (string):
985 ```
986 <enabled/> or <disabled/>
987 ```
988 #### macOS
989 ```
990 <dict>
991 <key>CaptivePortal</key>
992 <true/> | <false/>
993 </dict>
994 ```
995 #### policies.json
996 ```
997 {
998 "policies": {
999 "CaptivePortal": true | false
1000 }
1001 }
1002 ```
1003 ### Certificates
1004
1005 ### Certificates | ImportEnterpriseRoots
1006
1007 Trust certificates that have been added to the operating system certificate store by a user or administrator.
1008
1009 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
1010
1011 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
1012
1013 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
1014 **CCK2 Equivalent:** N/A\
1015 **Preferences Affected:** `security.enterprise_roots.enabled`
1016
1017 #### Windows (GPO)
1018 ```
1019 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
1020 ```
1021 #### Windows (Intune)
1022 OMA-URI:
1023 ```
1024 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
1025 ```
1026 Value (string):
1027 ```
1028 <enabled/> or <disabled/>
1029 ```
1030 #### macOS
1031 ```
1032 <dict>
1033 <key>Certificates</key>
1034 <dict>
1035 <key>ImportEnterpriseRoots</key>
1036 <true/> | <false/>
1037 </dict>
1038 </dict>
1039 ```
1040 #### policies.json
1041 ```
1042 {
1043 "policies": {
1044 "Certificates": {
1045 "ImportEnterpriseRoots": true | false
1046 }
1047 }
1048 }
1049 ```
1050 ### Certificates | Install
1051
1052 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
1053
1054 - Windows
1055 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
1056 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
1057 - macOS
1058 - /Library/Application Support/Mozilla/Certificates
1059 - ~/Library/Application Support/Mozilla/Certificates
1060 - Linux
1061 - /usr/lib/mozilla/certificates
1062 - /usr/lib64/mozilla/certificates
1063 - ~/.mozilla/certificates
1064
1065 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
1066
1067 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
1068
1069 Certificates are installed using the trust string `CT,CT,`.
1070
1071 Binary (DER) and ASCII (PEM) certificates are both supported.
1072
1073 **Compatibility:** Firefox 64, Firefox ESR 64\
1074 **CCK2 Equivalent:** `certs.ca`\
1075 **Preferences Affected:** N/A
1076
1077 #### Windows (GPO)
1078 ```
1079 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
1080 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
1081 ```
1082 #### Windows (Intune)
1083 OMA-URI:
1084 ```
1085 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
1086 ```
1087 Value (string):
1088 ```
1089 <enabled/>
1090 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
1091 ```
1092 #### macOS
1093 ```
1094 <dict>
1095 <key>Certificates</key>
1096 <dict>
1097 <key>Install</key>
1098 <array>
1099 <string>cert1.der</string>
1100 <string>/Users/username/cert2.pem</string>
1101 </array>
1102 </dict>
1103 </dict>
1104 ```
1105 #### policies.json
1106 ```
1107 {
1108 "policies": {
1109 "Certificates": {
1110 "Install": ["cert1.der", "/home/username/cert2.pem"]
1111 }
1112 }
1113 }
1114 ```
1115 ### Containers
1116 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1117
1118 Currently you can set the initial set of containers.
1119
1120 For each container, you can specify the name, icon, and color.
1121
1122 | Name | Description |
1123 | --- | --- |
1124 | `name`| Name of container
1125 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1126 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1127
1128 **Compatibility:** Firefox 113\
1129 **CCK2 Equivalent:** N/A\
1130 **Preferences Affected:** N/A
1131
1132 #### Windows (GPO)
1133 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1134 ```
1135 {
1136 "Default": [
1137 {
1138 "name": "My container",
1139 "icon": "pet",
1140 "color": "turquoise"
1141 }
1142 ]
1143 }
1144 ```
1145 #### Windows (Intune)
1146 OMA-URI:
1147 ```
1148 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1149 ```
1150 Value (string):
1151 ```
1152 <enabled/>
1153 <data id="JSON" value='
1154 {
1155 "Default": [
1156 {
1157 "name": "My container",
1158 "icon": "pet",
1159 "color": "turquoise"
1160 }
1161 ]
1162 }
1163 '/>
1164 ```
1165 #### macOS
1166 ```
1167 <dict>
1168 <key>Default</key>
1169 <dict>
1170 <key>Containers</key>
1171 <array>
1172 <dict>
1173 <key>name</key>
1174 <string>My container</string>
1175 <key>icon</key>
1176 <string>pet</string>
1177 <key>color</key>
1178 <string>turquoise</string>
1179 </dict>
1180 </array>
1181 </dict>
1182 </dict>
1183 ```
1184 #### policies.json
1185 ```
1186 {
1187 "policies": {
1188 "Containers": {
1189 "Default": [
1190 {
1191 "name": "My container",
1192 "icon": "pet",
1193 "color": "turquoise"
1194 }
1195 ]
1196 }
1197 }
1198 }
1199 ```
1200 ### Cookies
1201 Configure cookie preferences.
1202
1203 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1204
1205 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1206
1207 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1208
1209 `Behavior` sets the default behavior for cookies based on the values below.
1210
1211 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1212
1213 | Value | Description
1214 | --- | --- |
1215 | accept | Accept all cookies
1216 | reject-foreign | Reject third party cookies
1217 | reject | Reject all cookies
1218 | limit-foreign | Reject third party cookies for sites you haven't visited
1219 | reject-tracker | Reject cookies for known trackers (default)
1220 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1221
1222 `Locked` prevents the user from changing cookie preferences.
1223
1224 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1225 **CCK2 Equivalent:** N/A\
1226 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1227
1228 #### Windows (GPO)
1229 ```
1230 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1231 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1232 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1233 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1234 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1235 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1236 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1237 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1238 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1239 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1240 ```
1241 #### Windows (Intune)
1242 OMA-URI:
1243 ```
1244 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1245 ```
1246 Value (string):
1247 ```
1248 <enabled/>
1249 <data id="Permissions" value="1&#xF000;https://example.com"/>
1250 ```
1251 OMA-URI:
1252 ```
1253 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1254 ```
1255 Value (string):
1256 ```
1257 <enabled/>
1258 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1259 ```
1260 OMA-URI:
1261 ```
1262 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1263 ```
1264 Value (string):
1265 ```
1266 <enabled/>
1267 <data id="Permissions" value="1&#xF000;https://example.org"/>
1268 ```
1269 OMA-URI:
1270 ```
1271 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1272 ```
1273 Value (string):
1274 ```
1275 <enabled/> or <disabled/>
1276 ```
1277 OMA-URI:
1278 ```
1279 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1280 ```
1281 Value (string):
1282 ```
1283 <enabled/>
1284 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1285 ```
1286 OMA-URI:
1287 ```
1288 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1289 ```
1290 Value (string):
1291 ```
1292 <enabled/> or <disabled/>
1293 ```
1294 OMA-URI:
1295 ```
1296 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1297 ```
1298 Value (string):
1299 ```
1300 <enabled/> or <disabled/>
1301 ```
1302 OMA-URI:
1303 ```
1304 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1305 ```
1306 Value (string):
1307 ```
1308 <enabled/> or <disabled/>
1309 ```
1310 OMA-URI:
1311 ```
1312 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1313 ```
1314 Value (string):
1315 ```
1316 <enabled/>
1317 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1318 ```
1319 OMA-URI:
1320 ```
1321 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1322 ```
1323 Value (string):
1324 ```
1325 <enabled/>
1326 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1327 ```
1328 #### macOS
1329 ```
1330 <dict>
1331 <key>Cookies</key>
1332 <dict>
1333 <key>Allow</key>
1334 <array>
1335 <string>http://example.com</string>
1336 </array>
1337 <key>AllowSession</key>
1338 <array>
1339 <string>http://example.edu</string>
1340 </array>
1341 <key>Block</key>
1342 <array>
1343 <string>http://example.org</string>
1344 </array>
1345 <key>Default</key>
1346 <true/> | <false/>
1347 <key>AcceptThirdParty</key>
1348 <string>always | never | from-visited</string>
1349 <key>ExpireAtSessionEnd</key>
1350 <true/> | <false/>
1351 <key>RejectTracker</key>
1352 <true/> | <false/>
1353 <key>Locked</key>
1354 <true/> | <false/>
1355 <key>Behavior</key>
1356 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1357 <key>BehaviorPrivateBrowsing</key>
1358 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1359 </dict>
1360 </dict>
1361 ```
1362 #### policies.json
1363 ```
1364 {
1365 "policies": {
1366 "Cookies": {
1367 "Allow": ["http://example.org/"],
1368 "AllowSession": ["http://example.edu/"],
1369 "Block": ["http://example.edu/"],
1370 "Default": true | false,
1371 "AcceptThirdParty": "always" | "never" | "from-visited",
1372 "ExpireAtSessionEnd": true | false,
1373 "RejectTracker": true | false,
1374 "Locked": true | false,
1375 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1376 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1377 }
1378 }
1379 }
1380 ```
1381 ### DefaultDownloadDirectory
1382 Set the default download directory.
1383
1384 You can use ${home} for the native home directory.
1385
1386 **Compatibility:** Firefox 68, Firefox ESR 68\
1387 **CCK2 Equivalent:** N/A\
1388 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1389
1390 #### Windows (GPO)
1391 ```
1392 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1393 ```
1394 #### Windows (Intune)
1395 OMA-URI:
1396 ```
1397 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1398 ```
1399 Value (string):
1400 ```
1401 <enabled/>
1402 <data id="Preferences_String" value="${home}\Downloads"/>
1403 ```
1404 #### macOS
1405 ```
1406 <dict>
1407 <key>DefaultDownloadDirectory</key>
1408 <string>${home}/Downloads</string>
1409 </dict>
1410 ```
1411 #### policies.json (macOS and Linux)
1412 ```
1413 {
1414 "policies": {
1415 "DefaultDownloadDirectory": "${home}/Downloads"
1416 }
1417 }
1418 ```
1419 #### policies.json (Windows)
1420 ```
1421 {
1422 "policies": {
1423 "DefaultDownloadDirectory": "${home}\\Downloads"
1424 }
1425 }
1426 ```
1427 ### DisableAppUpdate
1428 Turn off application updates within Firefox.
1429
1430 **Compatibility:** Firefox 60, Firefox ESR 60\
1431 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1432 **Preferences Affected:** N/A
1433
1434 #### Windows (GPO)
1435 ```
1436 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1437 ```
1438 #### Windows (Intune)
1439 OMA-URI:
1440 ```
1441 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1442 ```
1443 Value (string):
1444 ```
1445 <enabled/> or <disabled/>
1446 ```
1447 #### macOS
1448 ```
1449 <dict>
1450 <key>DisableAppUpdate</key>
1451 <true/> | <false/>
1452 </dict>
1453 ```
1454 #### policies.json
1455 ```
1456 {
1457 "policies": {
1458 "DisableAppUpdate": true | false
1459 }
1460 }
1461 ```
1462 ### DisableBuiltinPDFViewer
1463 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1464
1465 **Compatibility:** Firefox 60, Firefox ESR 60\
1466 **CCK2 Equivalent:** `disablePDFjs`\
1467 **Preferences Affected:** `pdfjs.disabled`
1468
1469 #### Windows (GPO)
1470 ```
1471 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1472 ```
1473 #### Windows (Intune)
1474 OMA-URI:
1475 ```
1476 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1477 ```
1478 Value (string):
1479 ```
1480 <enabled/> or <disabled/>
1481 ```
1482 #### macOS
1483 ```
1484 <dict>
1485 <key>DisableBuiltinPDFViewer</key>
1486 <true/> | <false/>
1487 </dict>
1488 ```
1489 #### policies.json
1490 ```
1491 {
1492 "policies": {
1493 "DisableBuiltinPDFViewer": true | false
1494 }
1495 }
1496 ```
1497 ### DisabledCiphers
1498 Disable specific cryptographic ciphers, listed below.
1499
1500 ```
1501 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1502 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1503 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1504 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1505 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1506 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1507 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1508 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1509 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1510 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1511 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1512 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1513 TLS_RSA_WITH_AES_128_GCM_SHA256
1514 TLS_RSA_WITH_AES_256_GCM_SHA384
1515 TLS_RSA_WITH_AES_128_CBC_SHA
1516 TLS_RSA_WITH_AES_256_CBC_SHA
1517 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1518 ```
1519
1520 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1521
1522 ---
1523 **Note:**
1524
1525 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1526
1527 ---
1528 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1529 **CCK2 Equivalent:** N/A\
1530 **Preferences Affected:** N/A
1531
1532 #### Windows (GPO)
1533 ```
1534 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1535 ```
1536 #### Windows (Intune)
1537 OMA-URI:
1538 ```
1539 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1540
1541 ```
1542 Value (string):
1543 ```
1544 <enabled/> or <disabled/>
1545 ```
1546 #### macOS
1547 ```
1548 <dict>
1549 <key>DisabledCiphers</key>
1550 <dict>
1551 <key>CIPHER_NAME</key>
1552 <true/> | <false/>
1553 </dict>
1554 </dict>
1555 ```
1556 #### policies.json
1557 ```
1558 {
1559 "policies": {
1560 "DisabledCiphers": {
1561 "CIPHER_NAME": true | false,
1562 }
1563 }
1564 }
1565 ```
1566 ### DisableDefaultBrowserAgent
1567 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1568
1569 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1570
1571 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1572 **CCK2 Equivalent:** N/A\
1573 **Preferences Affected:** N/A
1574
1575 #### Windows (GPO)
1576 ```
1577 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1578 ```
1579 #### Windows (Intune)
1580 OMA-URI:
1581 ```
1582 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1583 ```
1584 Value (string):
1585 ```
1586 <enabled/> or <disabled/>
1587 ```
1588 #### policies.json
1589 ```
1590 {
1591 "policies": {
1592 "DisableDefaultBrowserAgent": true | false
1593 }
1594 }
1595 ```
1596 ### DisableDeveloperTools
1597 Remove access to all developer tools.
1598
1599 **Compatibility:** Firefox 60, Firefox ESR 60\
1600 **CCK2 Equivalent:** `removeDeveloperTools`\
1601 **Preferences Affected:** `devtools.policy.disabled`
1602
1603 #### Windows (GPO)
1604 ```
1605 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1606 ```
1607 #### Windows (Intune)
1608 OMA-URI:
1609 ```
1610 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1611 ```
1612 Value (string):
1613 ```
1614 <enabled/> or <disabled/>
1615 ```
1616 #### macOS
1617 ```
1618 <dict>
1619 <key>DisableDeveloperTools</key>
1620 <true/> | <false/>
1621 </dict>
1622 ```
1623 #### policies.json
1624 ```
1625 {
1626 "policies": {
1627 "DisableDeveloperTools": true | false
1628 }
1629 }
1630 ```
1631 ### DisableFeedbackCommands
1632 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1633
1634 **Compatibility:** Firefox 60, Firefox ESR 60\
1635 **CCK2 Equivalent:** N/A\
1636 **Preferences Affected:** N/A
1637
1638 #### Windows (GPO)
1639 ```
1640 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1641 ```
1642 #### Windows (Intune)
1643 OMA-URI:
1644 ```
1645 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1646 ```
1647 Value (string):
1648 ```
1649 <enabled/> or <disabled/>
1650 ```
1651 #### macOS
1652 ```
1653 <dict>
1654 <key>DisableFeedbackCommands</key>
1655 <true/> | <false/>
1656 </dict>
1657 ```
1658 #### policies.json
1659 ```
1660 {
1661 "policies": {
1662 "DisableFeedbackCommands": true | false
1663 }
1664 }
1665 ```
1666 ### DisableFirefoxAccounts
1667 Disable Firefox Accounts integration (Sync).
1668
1669 **Compatibility:** Firefox 60, Firefox ESR 60\
1670 **CCK2 Equivalent:** `disableSync`\
1671 **Preferences Affected:** `identity.fxaccounts.enabled`
1672
1673 #### Windows (GPO)
1674 ```
1675 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1676 ```
1677 #### Windows (Intune)
1678 OMA-URI:
1679 ```
1680 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1681 ```
1682 Value (string):
1683 ```
1684 <enabled/> or <disabled/>
1685 ```
1686 #### macOS
1687 ```
1688 <dict>
1689 <key>DisableFirefoxAccounts</key>
1690 <true/> | <false/>
1691 </dict>
1692 ```
1693 #### policies.json
1694 ```
1695 {
1696 "policies": {
1697 "DisableFirefoxAccounts": true | false
1698 }
1699 }
1700 ```
1701 ### DisableFirefoxScreenshots
1702 Remove access to Firefox Screenshots.
1703
1704 **Compatibility:** Firefox 60, Firefox ESR 60\
1705 **CCK2 Equivalent:** N/A\
1706 **Preferences Affected:** `extensions.screenshots.disabled`
1707
1708 #### Windows (GPO)
1709 ```
1710 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1711 ```
1712 #### Windows (Intune)
1713 OMA-URI:
1714 ```
1715 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1716 ```
1717 Value (string):
1718 ```
1719 <enabled/> or <disabled/>
1720 ```
1721 #### macOS
1722 ```
1723 <dict>
1724 <key>DisableFirefoxScreenshots</key>
1725 <true/> | <false/>
1726 </dict>
1727 ```
1728 #### policies.json
1729 ```
1730 {
1731 "policies": {
1732 "DisableFirefoxScreenshots": true | false
1733 }
1734 }
1735 ```
1736 ### DisableFirefoxStudies
1737 Disable Firefox studies (Shield).
1738
1739 **Compatibility:** Firefox 60, Firefox ESR 60\
1740 **CCK2 Equivalent:** N/A\
1741 **Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
1742
1743 #### Windows (GPO)
1744 ```
1745 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1746 ```
1747 #### Windows (Intune)
1748 OMA-URI:
1749 ```
1750 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1751 ```
1752 Value (string):
1753 ```
1754 <enabled/> or <disabled/>
1755 ```
1756 #### macOS
1757 ```
1758 <dict>
1759 <key>DisableFirefoxStudies</key>
1760 <true/> | <false/>
1761 </dict>
1762 ```
1763 #### policies.json
1764 ```
1765 {
1766 "policies": {
1767 "DisableFirefoxStudies": true | false
1768 }
1769 }
1770 ```
1771 ### DisableForgetButton
1772 Disable the "Forget" button.
1773
1774 **Compatibility:** Firefox 60, Firefox ESR 60\
1775 **CCK2 Equivalent:** `disableForget`\
1776 **Preferences Affected:** N/A
1777
1778 #### Windows (GPO)
1779 ```
1780 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1781 ```
1782 #### Windows (Intune)
1783 OMA-URI:
1784 ```
1785 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1786 ```
1787 Value (string):
1788 ```
1789 <enabled/> or <disabled/>
1790 ```
1791 #### macOS
1792 ```
1793 <dict>
1794 <key>DisableForgetButton</key>
1795 <true/> | <false/>
1796 </dict>
1797 ```
1798 #### policies.json
1799 ```
1800 {
1801 "policies": {
1802 "DisableForgetButton": true | false
1803 }
1804 }
1805 ```
1806 ### DisableFormHistory
1807 Turn off saving information on web forms and the search bar.
1808
1809 **Compatibility:** Firefox 60, Firefox ESR 60\
1810 **CCK2 Equivalent:** `disableFormFill`\
1811 **Preferences Affected:** `browser.formfill.enable`
1812
1813 #### Windows (GPO)
1814 ```
1815 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1816 ```
1817 #### Windows (Intune)
1818 OMA-URI:
1819 ```
1820 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1821 ```
1822 Value (string):
1823 ```
1824 <enabled/> or <disabled/>
1825 ```
1826 #### macOS
1827 ```
1828 <dict>
1829 <key>DisableFormHistory</key>
1830 <true/> | <false/>
1831 </dict>
1832 ```
1833 #### policies.json
1834 ```
1835 {
1836 "policies": {
1837 "DisableFormHistory": true | false
1838 }
1839 }
1840 ```
1841 ### DisableMasterPasswordCreation
1842 Remove the master password functionality.
1843
1844 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1845
1846 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1847
1848 **Compatibility:** Firefox 60, Firefox ESR 60\
1849 **CCK2 Equivalent:** `noMasterPassword`\
1850 **Preferences Affected:** N/A
1851
1852 #### Windows (GPO)
1853 ```
1854 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1855 ```
1856 #### Windows (Intune)
1857 OMA-URI:
1858 ```
1859 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1860 ```
1861 Value (string):
1862 ```
1863 <enabled/> or <disabled/>
1864 ```
1865 #### macOS
1866 ```
1867 <dict>
1868 <key>DisableMasterPasswordCreation</key>
1869 <true/> | <false/>
1870 </dict>
1871 ```
1872 #### policies.json
1873 ```
1874 {
1875 "policies": {
1876 "DisableMasterPasswordCreation": true | false
1877 }
1878 }
1879 ```
1880 ### DisablePasswordReveal
1881 Do not allow passwords to be shown in saved logins
1882
1883 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1884 **CCK2 Equivalent:** N/A
1885 **Preferences Affected:** N/A
1886
1887 #### Windows (GPO)
1888 ```
1889 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1890 ```
1891 #### Windows (Intune)
1892 OMA-URI:
1893 ```
1894 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1895 ```
1896 Value (string):
1897 ```
1898 <enabled/> or <disabled/>
1899 ```
1900 #### macOS
1901 ```
1902 <dict>
1903 <key>DisablePasswordReveal</key>
1904 <true/> | <false/>
1905 </dict>
1906 ```
1907 #### policies.json
1908 ```
1909 {
1910 "policies": {
1911 "DisablePasswordReveal": true | false
1912 }
1913 }
1914 ```
1915 ### DisablePocket
1916 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1917
1918 **Compatibility:** Firefox 60, Firefox ESR 60\
1919 **CCK2 Equivalent:** `disablePocket`\
1920 **Preferences Affected:** `extensions.pocket.enabled`
1921
1922 #### Windows (GPO)
1923 ```
1924 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1925 ```
1926 #### Windows (Intune)
1927 OMA-URI:
1928 ```
1929 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1930 ```
1931 Value (string):
1932 ```
1933 <enabled/> or <disabled/>
1934 ```
1935 #### macOS
1936 ```
1937 <dict>
1938 <key>DisablePocket</key>
1939 <true/> | <false/>
1940 </dict>
1941 ```
1942 #### policies.json
1943 ```
1944 {
1945 "policies": {
1946 "DisablePocket": true | false
1947 }
1948 }
1949 ```
1950 ### DisablePrivateBrowsing
1951 Remove access to private browsing.
1952
1953 **Compatibility:** Firefox 60, Firefox ESR 60\
1954 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1955 **Preferences Affected:** N/A
1956
1957 #### Windows (GPO)
1958 ```
1959 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1960 ```
1961 #### Windows (Intune)
1962 OMA-URI:
1963 ```
1964 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1965 ```
1966 Value (string):
1967 ```
1968 <enabled/> or <disabled/>
1969 ```
1970 #### macOS
1971 ```
1972 <dict>
1973 <key>DisablePrivateBrowsing</key>
1974 <true/> | <false/>
1975 </dict>
1976 ```
1977 #### policies.json
1978 ```
1979 {
1980 "policies": {
1981 "DisablePrivateBrowsing": true | false
1982 }
1983 }
1984 ```
1985 ### DisableProfileImport
1986 Disables the "Import data from another browser" option in the bookmarks window.
1987
1988 **Compatibility:** Firefox 60, Firefox ESR 60\
1989 **CCK2 Equivalent:** N/A\
1990 **Preferences Affected:** N/A
1991
1992 #### Windows (GPO)
1993 ```
1994 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1995 ```
1996 #### Windows (Intune)
1997 OMA-URI:
1998 ```
1999 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
2000 ```
2001 Value (string):
2002 ```
2003 <enabled/> or <disabled/>
2004 ```
2005 #### macOS
2006 ```
2007 <dict>
2008 <key>DisableProfileImport</key>
2009 <true/> | <false/>
2010 </dict>
2011 ```
2012 #### policies.json
2013 ```
2014 {
2015 "policies": {
2016 "DisableProfileImport": true | false
2017 }
2018 }
2019 ```
2020 ### DisableProfileRefresh
2021 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
2022
2023 **Compatibility:** Firefox 60, Firefox ESR 60\
2024 **CCK2 Equivalent:** `disableResetFirefox`\
2025 **Preferences Affected:** `browser.disableResetPrompt`
2026
2027 #### Windows (GPO)
2028 ```
2029 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
2030 ```
2031 #### Windows (Intune)
2032 OMA-URI:
2033 ```
2034 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
2035 ```
2036 Value (string):
2037 ```
2038 <enabled/> or <disabled/>
2039 ```
2040 #### macOS
2041 ```
2042 <dict>
2043 <key>DisableProfileRefresh</key>
2044 <true/> | <false/>
2045 </dict>
2046 ```
2047 #### policies.json
2048 ```
2049 {
2050 "policies": {
2051 "DisableProfileRefresh": true | false
2052 }
2053 }
2054 ```
2055 ### DisableSafeMode
2056 Disable safe mode within the browser.
2057
2058 On Windows, this disables safe mode via the command line as well.
2059
2060 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
2061 **CCK2 Equivalent:** `disableSafeMode`\
2062 **Preferences Affected:** N/A
2063
2064 #### Windows (GPO)
2065 ```
2066 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
2067 ```
2068 #### Windows (Intune)
2069 OMA-URI:
2070 ```
2071 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
2072 ```
2073 Value (string):
2074 ```
2075 <enabled/> or <disabled/>
2076 ```
2077 #### macOS
2078 ```
2079 <dict>
2080 <key>DisableSafeMode</key>
2081 <true/> | <false/>
2082 </dict>
2083 ```
2084 #### policies.json
2085 ```
2086 {
2087 "policies": {
2088 "DisableSafeMode": true | false
2089 }
2090 }
2091 ```
2092 ### DisableSecurityBypass
2093 Prevent the user from bypassing security in certain cases.
2094
2095 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
2096
2097 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
2098
2099 These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
2100
2101 **Compatibility:** Firefox 60, Firefox ESR 60\
2102 **CCK2 Equivalent:** N/A\
2103 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
2104
2105 #### Windows (GPO)
2106 ```
2107 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2108 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2109 ```
2110 #### Windows (Intune)
2111 OMA-URI:
2112 ```
2113 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2114 ```
2115 Value (string):
2116 ```
2117 <enabled/> or <disabled/>
2118 ```
2119 OMA-URI:
2120 ```
2121 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2122 ```
2123 Value (string):
2124 ```
2125 <enabled/> or <disabled/>
2126 ```
2127
2128 #### macOS
2129 ```
2130 <dict>
2131 <key>DisableSecurityBypass</key>
2132 <dict>
2133 <key>InvalidCertificate</key>
2134 <true/> | <false/>
2135 <key>SafeBrowsing</key>
2136 <true/> | <false/>
2137 </dict>
2138 </dict>
2139 ```
2140 #### policies.json
2141 ```
2142 {
2143 "policies": {
2144 "DisableSecurityBypass": {
2145 "InvalidCertificate": true | false,
2146 "SafeBrowsing": true | false
2147 }
2148 }
2149 }
2150 ```
2151 ### DisableSetDesktopBackground
2152 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2153
2154 **Compatibility:** Firefox 60, Firefox ESR 60\
2155 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2156 **Preferences Affected:** N/A
2157
2158 #### Windows (GPO)
2159 ```
2160 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2161 ```
2162 #### Windows (Intune)
2163 OMA-URI:
2164 ```
2165 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2166 ```
2167 Value (string):
2168 ```
2169 <enabled/> or <disabled/>
2170 ```
2171 #### macOS
2172 ```
2173 <dict>
2174 <key>DisableSetDesktopBackground</key>
2175 <true/> | <false/>
2176 </dict>
2177 ```
2178 #### policies.json
2179 ```
2180 {
2181 "policies": {
2182 "DisableSetDesktopBackground": true | false
2183 }
2184 }
2185 ```
2186 ### DisableSystemAddonUpdate
2187 Prevent system add-ons from being installed or updated.
2188
2189 **Compatibility:** Firefox 60, Firefox ESR 60\
2190 **CCK2 Equivalent:** N/A\
2191 **Preferences Affected:** N/A
2192
2193 #### Windows (GPO)
2194 ```
2195 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2196 ```
2197 #### Windows (Intune)
2198 OMA-URI:
2199 ```
2200 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2201 ```
2202 Value (string):
2203 ```
2204 <enabled/> or <disabled/>
2205 ```
2206 #### macOS
2207 ```
2208 <dict>
2209 <key>DisableSystemAddonUpdate</key>
2210 <true/> | <false/>
2211 </dict>
2212 ```
2213 #### policies.json
2214 ```
2215 {
2216 "policies": {
2217 "DisableSystemAddonUpdate": true | false
2218 }
2219 }
2220 ```
2221 ### DisableTelemetry
2222 Prevent the upload of telemetry data.
2223
2224 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2225
2226 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2227
2228 **Compatibility:** Firefox 60, Firefox ESR 60\
2229 **CCK2 Equivalent:** `disableTelemetry`\
2230 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2231
2232 #### Windows (GPO)
2233 ```
2234 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2235 ```
2236 #### Windows (Intune)
2237 OMA-URI:
2238 ```
2239 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2240 ```
2241 Value (string):
2242 ```
2243 <enabled/> or <disabled/>
2244 ```
2245 #### macOS
2246 ```
2247 <dict>
2248 <key>DisableTelemetry</key>
2249 <true/> | <false/>
2250 </dict>
2251 ```
2252 #### policies.json
2253 ```
2254 {
2255 "policies": {
2256 "DisableTelemetry": true | false
2257 }
2258 }
2259 ```
2260 ### DisableThirdPartyModuleBlocking
2261 Do not allow blocking third-party modules from the `about:third-party` page.
2262
2263 This policy only works on Windows through GPO (not policies.json).
2264
2265 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2266 **CCK2 Equivalent:** N/A\
2267 **Preferences Affected:** N/A
2268
2269 #### Windows (GPO)
2270 ```
2271 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2272 ```
2273 #### Windows (Intune)
2274 OMA-URI:
2275 ```
2276 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2277 ```
2278 Value (string):
2279 ```
2280 <enabled/> or <disabled/>
2281 ```
2282 ### DisplayBookmarksToolbar
2283 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2284
2285 `always` means the bookmarks toolbar is always shown.
2286
2287 `never` means the bookmarks toolbar is not shown.
2288
2289 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2290
2291 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2292 **CCK2 Equivalent:** N/A\
2293 **Preferences Affected:** N/A
2294
2295 #### Windows (GPO)
2296 ```
2297 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2298 ```
2299 #### Windows (Intune)
2300 OMA-URI:
2301 ```
2302 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2303 ```
2304 Value (string):
2305 ```
2306 <enabled/>
2307 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2308 ```
2309 #### macOS
2310 ```
2311 <dict>
2312 <key>DisplayBookmarksToolbar</key>
2313 <string>always | never | newtab</string>
2314 </dict>
2315 ```
2316 #### policies.json
2317 ```
2318 {
2319 "policies": {
2320 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2321 }
2322 }
2323 ```
2324 ### DisplayMenuBar
2325 Set the state of the menubar.
2326
2327 `always` means the menubar is shown and cannot be hidden.
2328
2329 `never` means the menubar is hidden and cannot be shown.
2330
2331 `default-on` means the menubar is on by default but can be hidden.
2332
2333 `default-off` means the menubar is off by default but can be shown.
2334
2335 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2336 **CCK2 Equivalent:** `displayMenuBar`\
2337 **Preferences Affected:** N/A
2338
2339 #### Windows (GPO)
2340 ```
2341 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2342 ```
2343 #### Windows (Intune)
2344 OMA-URI:
2345 ```
2346 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2347 ```
2348 Value (string):
2349 ```
2350 <enabled/>
2351 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2352 ```
2353 #### macOS
2354 ```
2355 <dict>
2356 <key>DisplayMenuBar</key>
2357 <string>always | never | default-on | default-off</string>
2358 </dict>
2359 ```
2360 #### policies.json
2361 ```
2362 {
2363 "policies": {
2364 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2365 }
2366 }
2367 ```
2368 ### DNSOverHTTPS
2369 Configure DNS over HTTPS.
2370
2371 `Enabled` determines whether DNS over HTTPS is enabled
2372
2373 `ProviderURL` is a URL to another provider.
2374
2375 `Locked` prevents the user from changing DNS over HTTPS preferences.
2376
2377 `ExcludedDomains` excludes domains from DNS over HTTPS.
2378
2379 `Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider.
2380
2381 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\
2382 **CCK2 Equivalent:** N/A\
2383 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2384
2385 #### Windows (GPO)
2386 ```
2387 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2388 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2389 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2390 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2391 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0
2392 ```
2393 #### Windows (Intune)
2394 OMA-URI:
2395 ```
2396 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2397 ```
2398 Value (string):
2399 ```
2400 <enabled/> or <disabled/>
2401 ```
2402 OMA-URI:
2403 ```
2404 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2405 ```
2406 Value (string):
2407 ```
2408 <enabled/>
2409 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2410 ```
2411 OMA-URI:
2412 ```
2413 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2414 ```
2415 Value (string):
2416 ```
2417 <enabled/> or <disabled/>
2418 ```
2419 OMA-URI:
2420 ```
2421 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2422 ```
2423 Value (string):
2424 ```
2425 <enabled/>
2426 <data id="List" value="1&#xF000;example.com"/>
2427 ```
2428 OMA-URI:
2429 ```
2430 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback
2431 ```
2432 Value (string):
2433 ```
2434 <enabled/> or <disabled/>
2435 ```
2436 #### macOS
2437 ```
2438 <dict>
2439 <key>DNSOverHTTPS</key>
2440 <dict>
2441 <key>Enabled</key>
2442 <true/> | <false/>
2443 <key>ProviderURL</key>
2444 <string>URL_TO_ALTERNATE_PROVIDER</string>
2445 <key>Locked</key>
2446 <true/> | <false/>
2447 <key>ExcludedDomains</key>
2448 <array>
2449 <string>example.com</string>
2450 </array>
2451 <key>Fallback</key>
2452 <true/> | <false/>
2453 </dict>
2454 </dict>
2455 ```
2456 #### policies.json
2457 ```
2458 {
2459 "policies": {
2460 "DNSOverHTTPS": {
2461 "Enabled": true | false,
2462 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2463 "Locked": true | false,
2464 "ExcludedDomains": ["example.com"],
2465 "Fallback": true | false,
2466 }
2467 }
2468 }
2469 ```
2470 ### DontCheckDefaultBrowser
2471 Don't check if Firefox is the default browser at startup.
2472
2473 **Compatibility:** Firefox 60, Firefox ESR 60\
2474 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2475 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2476
2477 #### Windows (GPO)
2478 ```
2479 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2480 ```
2481 #### Windows (Intune)
2482 OMA-URI:
2483 ```
2484 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2485 ```
2486 Value (string):
2487 ```
2488 <enabled/> or <disabled/>
2489 ```
2490 #### macOS
2491 ```
2492 <dict>
2493 <key>DontCheckDefaultBrowser</key>
2494 <true/> | <false/>
2495 </dict>
2496 ```
2497 #### policies.json
2498 ```
2499 {
2500 "policies": {
2501 "DontCheckDefaultBrowser": true | false
2502 }
2503 }
2504 ```
2505 ### DownloadDirectory
2506 Set and lock the download directory.
2507
2508 You can use ${home} for the native home directory.
2509
2510 **Compatibility:** Firefox 68, Firefox ESR 68\
2511 **CCK2 Equivalent:** N/A\
2512 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2513
2514 #### Windows (GPO)
2515 ```
2516 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2517 ```
2518 #### Windows (Intune)
2519 OMA-URI:
2520 ```
2521 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2522 ```
2523 Value (string):
2524 ```
2525 <enabled/>
2526 <data id="Preferences_String" value="${home}\Downloads"/>
2527 ```
2528 #### macOS
2529 ```
2530 <dict>
2531 <key>DownloadDirectory</key>
2532 <string>${home}/Downloads</string>
2533 </dict>
2534 ```
2535 #### policies.json (macOS and Linux)
2536 ```
2537 {
2538 "policies": {
2539 "DownloadDirectory": "${home}/Downloads"
2540 }
2541 ```
2542 #### policies.json (Windows)
2543 ```
2544 {
2545 "policies": {
2546 "DownloadDirectory": "${home}\\Downloads"
2547 }
2548 ```
2549 ### EnableTrackingProtection
2550 Configure tracking protection.
2551
2552 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2553
2554 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2555
2556 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2557
2558 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2559
2560 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2561
2562 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2563
2564 `Exceptions` are origins for which tracking protection is not enabled.
2565
2566 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2567 **CCK2 Equivalent:** N/A\
2568 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2569
2570 #### Windows (GPO)
2571 ```
2572 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2573 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2574 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2575 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2576 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2577 ```
2578 #### Windows (Intune)
2579 OMA-URI:
2580 ```
2581 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2582 ```
2583 Value (string):
2584 ```
2585 <enabled/> or <disabled/>
2586 ```
2587 OMA-URI:
2588 ```
2589 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2590 ```
2591 Value (string):
2592 ```
2593 <enabled/> or <disabled/>
2594 ```
2595 OMA-URI:
2596 ```
2597 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2598 ```
2599 Value (string):
2600 ```
2601 <enabled/> or <disabled/>
2602 ```
2603 OMA-URI:
2604 ```
2605 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2606 ```
2607 Value (string):
2608 ```
2609 <enabled/>
2610 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2611 ```
2612 OMA-URI:
2613 ```
2614 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2615 ```
2616 Value (string):
2617 ```
2618 <enabled/> or <disabled/>
2619 ```
2620 #### macOS
2621 ```
2622 <dict>
2623 <key>EnableTrackingProtection</key>
2624 <dict>
2625 <key>Value</key>
2626 <true/> | <false/>
2627 <key>Locked</key>
2628 <true/> | <false/>
2629 <key>Cryptomining</key>
2630 <true/> | <false/>
2631 <key>Fingerprinting</key>
2632 <true/> | <false/>
2633 <key>Exceptions</key>
2634 <array>
2635 <string>https://example.com</string>
2636 </array>
2637 </dict>
2638 </dict>
2639 ```
2640 #### policies.json
2641 ```
2642 {
2643 "policies": {
2644 "EnableTrackingProtection": {
2645 "Value": true | false,
2646 "Locked": true | false,
2647 "Cryptomining": true | false,
2648 "Fingerprinting": true | false,
2649 "Exceptions": ["https://example.com"]
2650 }
2651 }
2652 }
2653 ```
2654 ### EncryptedMediaExtensions
2655 Enable or disable Encrypted Media Extensions and optionally lock it.
2656
2657 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2658
2659 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2660
2661 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2662 **CCK2 Equivalent:** N/A\
2663 **Preferences Affected:** `media.eme.enabled`
2664
2665 #### Windows (GPO)
2666 ```
2667 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2668 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2669 ```
2670 #### Windows (Intune)
2671 OMA-URI:
2672 ```
2673 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2674 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2675 ```
2676 Value (string):
2677 ```
2678 <enabled/>or <disabled/>
2679 ```
2680 #### macOS
2681 ```
2682 <dict>
2683 <key>EncryptedMediaExtensions</key>
2684 <dict>
2685 <key>Enabled</key>
2686 <true/> | <false/>
2687 <key>Locked</key>
2688 <true/> | <false/>
2689 </dict>
2690 </dict>
2691 ```
2692 #### policies.json
2693 ```
2694 {
2695 "policies": {
2696 "EncryptedMediaExtensions": {
2697 "Enabled": true | false,
2698 "Locked": true | false
2699 }
2700 }
2701 }
2702 ```
2703 ### EnterprisePoliciesEnabled
2704 Enable policy support on macOS.
2705
2706 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2707 **CCK2 Equivalent:** N/A\
2708 **Preferences Affected:** N/A
2709
2710 #### macOS
2711 ```
2712 <dict>
2713 <key>EnterprisePoliciesEnabled</key>
2714 <true/>
2715 </dict>
2716 ```
2717 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2718
2719 Disable warnings based on file extension for specific file types on domains.
2720
2721 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2722
2723 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2724
2725 **Compatibility:** Firefox 102\
2726 **CCK2 Equivalent:** N/A\
2727 **Preferences Affected:** N/A
2728
2729 #### Windows (GPO)
2730 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2731 ```
2732 [
2733 {
2734 "file_extension": "jnlp",
2735 "domains": ["example.com"]
2736 }
2737 ]
2738 ```
2739 #### Windows (Intune)
2740 OMA-URI:
2741 ```
2742 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2743 ```
2744 Value (string):
2745 ```
2746 <enabled/>
2747 <data id="JSON" value='
2748 [
2749 {
2750 "file_extension": "jnlp",
2751 "domains": ["example.com"]
2752 }
2753 ]
2754 '/>
2755 ```
2756 #### macOS
2757 ```
2758 <dict>
2759 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2760 <array>
2761 <dict>
2762 <key>file_extension</key>
2763 <string>jnlp</string>
2764 <key>domains</key>
2765 <array>
2766 <string>example.com</string>
2767 </array>
2768 </dict>
2769 </array>
2770 </dict>
2771 ```
2772 #### policies.json
2773 ```
2774 {
2775 "policies": {
2776 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2777 "file_extension": "jnlp",
2778 "domains": ["example.com"]
2779 }]
2780 }
2781 }
2782 ```
2783 ### Extensions
2784 Control the installation, uninstallation and locking of extensions.
2785
2786 We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2787
2788 This method will be deprecated in the near future.
2789
2790 `Install` is a list of URLs or native paths for extensions to be installed.
2791
2792 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2793
2794 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2795
2796 **Compatibility:** Firefox 60, Firefox ESR 60\
2797 **CCK2 Equivalent:** `addons`\
2798 **Preferences Affected:** N/A
2799
2800 #### Windows (GPO)
2801 ```
2802 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2803 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2804 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2805 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2806 ```
2807 #### Windows (Intune)
2808 OMA-URI:
2809 ```
2810 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2811 ```
2812 Value (string):
2813 ```
2814 <enabled/>
2815 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2816 ```
2817 OMA-URI:
2818 ```
2819 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2820 ```
2821 Value (string):
2822 ```
2823 <enabled/>
2824 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2825 ```
2826 OMA-URI:
2827 ```
2828 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2829 ```
2830 Value (string):
2831 ```
2832 <enabled/>
2833 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2834 ```
2835 #### macOS
2836 ```
2837 <dict>
2838 <key>Extensions</key>
2839 <dict>
2840 <key>Install</key>
2841 <array>
2842 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2843 <string>//path/to/xpi</string>
2844 </array>
2845 <key>Uninstall</key>
2846 <array>
2847 <string>bad_addon_id@mozilla.org</string>
2848 </array>
2849 <key>Locked</key>
2850 <array>
2851 <string>addon_id@mozilla.org</string>
2852 </array>
2853 </dict>
2854 </dict>
2855 ```
2856 #### policies.json
2857 ```
2858 {
2859 "policies": {
2860 "Extensions": {
2861 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2862 "Uninstall": ["bad_addon_id@mozilla.org"],
2863 "Locked": ["addon_id@mozilla.org"]
2864 }
2865 }
2866 }
2867 ```
2868 ### ExtensionSettings
2869 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2870
2871 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2872
2873 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2874
2875 The configuration for each extension is another dictionary that can contain the fields documented below.
2876
2877 | Name | Description |
2878 | --- | --- |
2879 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2880 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2881 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2882 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2883 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2884 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2885 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2886 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2887 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2888 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2889 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2890 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2891
2892 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2893 **CCK2 Equivalent:** N/A\
2894 **Preferences Affected:** N/A
2895
2896 #### Windows (GPO)
2897 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2898 ```
2899 {
2900 "*": {
2901 "blocked_install_message": "Custom error message.",
2902 "install_sources": ["https://yourwebsite.com/*"],
2903 "installation_mode": "blocked",
2904 "allowed_types": ["extension"]
2905 },
2906 "uBlock0@raymondhill.net": {
2907 "installation_mode": "force_installed",
2908 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2909 },
2910 "https-everywhere@eff.org": {
2911 "installation_mode": "allowed",
2912 "updates_disabled": false
2913 }
2914 }
2915 ```
2916 #### Windows (Intune)
2917 OMA-URI:
2918 ```
2919 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2920 ```
2921 Value (string):
2922 ```
2923 <enabled/>
2924 <data id="ExtensionSettings" value='
2925 {
2926 "*": {
2927 "blocked_install_message": "Custom error message.",
2928 "install_sources": ["https://yourwebsite.com/*"],
2929 "installation_mode": "blocked",
2930 "allowed_types": ["extension"]
2931 },
2932 "uBlock0@raymondhill.net": {
2933 "installation_mode": "force_installed",
2934 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2935 },
2936 "https-everywhere@eff.org": {
2937 "installation_mode": "allowed",
2938 "updates_disabled": false
2939 }
2940 }'/>
2941 ```
2942 #### macOS
2943 ```
2944 <dict>
2945 <key>ExtensionSettings</key>
2946 <dict>
2947 <key>*</key>
2948 <dict>
2949 <key>blocked_install_message</key>
2950 <string>Custom error message.</string>
2951 <key>install_sources</key>
2952 <array>
2953 <string>"https://yourwebsite.com/*"</string>
2954 </array>
2955 <key>installation_mode</key>
2956 <string>blocked</string>
2957 <key>allowed_types</key>
2958 <array>
2959 <string>extension</string>
2960 </array>
2961 </dict>
2962 <key>uBlock0@raymondhill.net</key>
2963 <dict>
2964 <key>installation_mode</key>
2965 <string>force_installed</string>
2966 <key>install_url</key>
2967 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2968 </dict>
2969 <key>https-everywhere@eff.org</key>
2970 <dict>
2971 <key>installation_mode</key>
2972 <string>allowed</string>
2973 <key>updates_disabled</key>
2974 <true/> | <false/>
2975 </dict>
2976 </dict>
2977 </dict>
2978 ```
2979 #### policies.json
2980 ```
2981 {
2982 "policies": {
2983 "ExtensionSettings": {
2984 "*": {
2985 "blocked_install_message": "Custom error message.",
2986 "install_sources": ["https://yourwebsite.com/*"],
2987 "installation_mode": "blocked",
2988 "allowed_types": ["extension"]
2989 },
2990 "uBlock0@raymondhill.net": {
2991 "installation_mode": "force_installed",
2992 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2993 },
2994 "https-everywhere@eff.org": {
2995 "installation_mode": "allowed",
2996 "updates_disabled": false
2997 }
2998 }
2999 }
3000 }
3001 ```
3002 ### ExtensionUpdate
3003 Control extension updates.
3004
3005 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3006 **CCK2 Equivalent:** N/A\
3007 **Preferences Affected:** `extensions.update.enabled`
3008
3009 #### Windows (GPO)
3010 ```
3011 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
3012 ```
3013 #### Windows (Intune)
3014 OMA-URI:
3015 ```
3016 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
3017 ```
3018 Value (string):
3019 ```
3020 <enabled/> or <disabled/>
3021 ```
3022 #### macOS
3023 ```
3024 <dict>
3025 <key>ExtensionUpdate</key>
3026 <true/> | <false/>
3027 </dict>
3028 ```
3029 #### policies.json
3030 ```
3031 {
3032 "policies": {
3033 "ExtensionUpdate": true | false
3034 }
3035 }
3036 ```
3037 ### FirefoxHome
3038 Customize the Firefox Home page.
3039
3040 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
3041 **CCK2 Equivalent:** N/A\
3042 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
3043
3044 #### Windows (GPO)
3045 ```
3046 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
3047 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
3048 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
3049 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
3050 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
3051 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
3052 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
3053 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
3054 ```
3055 #### Windows (Intune)
3056 OMA-URI:
3057 ```
3058 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
3059 ```
3060 Value (string):
3061 ```
3062 <enabled/>
3063 <data id="FirefoxHome_Search" value="true | false"/>
3064 <data id="FirefoxHome_TopSites" value="true | false"/>
3065 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3066 <data id="FirefoxHome_Highlights" value="true | false"/>
3067 <data id="FirefoxHome_Pocket" value="true | false"/>
3068 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3069 <data id="FirefoxHome_Snippets" value="true | false"/>
3070 <data id="FirefoxHome_Locked" value="true | false"/>
3071 ```
3072 #### macOS
3073 ```
3074 <dict>
3075 <key>FirefoxHome</key>
3076 <dict>
3077 <key>Search</key>
3078 <true/> | <false/>
3079 <key>TopSites</key>
3080 <true/> | <false/>
3081 <key>SponsoredTopSites</key>
3082 <true/> | <false/>
3083 <key>Highlights</key>
3084 <true/> | <false/>
3085 <key>Pocket</key>
3086 <true/> | <false/>
3087 <key>SponsoredPocket</key>
3088 <true/> | <false/>
3089 <key>Snippets</key>
3090 <true/> | <false/>
3091 <key>Locked</key>
3092 <true/> | <false/>
3093 </dict>
3094 </dict>
3095 ```
3096 #### policies.json
3097 ```
3098 {
3099 "policies": {
3100 "FirefoxHome": {
3101 "Search": true | false,
3102 "TopSites": true | false,
3103 "SponsoredTopSites": true | false,
3104 "Highlights": true | false,
3105 "Pocket": true | false,
3106 "SponsoredPocket": true | false,
3107 "Snippets": true | false,
3108 "Locked": true | false
3109 }
3110 }
3111 }
3112 ```
3113 ### FirefoxSuggest
3114 Customize Firefox Suggest (US only).
3115
3116 **Compatibility:** Firefox 118, Firefox ESR 115.3.
3117 **CCK2 Equivalent:** N/A\
3118 **Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
3119
3120 #### Windows (GPO)
3121 ```
3122 Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
3123 Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
3124 Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
3125 Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
3126 ```
3127 #### Windows (Intune)
3128 OMA-URI:
3129 ```
3130 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
3131 ```
3132 Value (string):
3133 ```
3134 <enabled/> or <disabled/>
3135 ```
3136 OMA-URI:
3137 ```
3138 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
3139 ```
3140 Value (string):
3141 ```
3142 <enabled/> or <disabled/>
3143 ```
3144 OMA-URI:
3145 ```
3146 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
3147 ```
3148 Value (string):
3149 ```
3150 <enabled/> or <disabled/>
3151 ```
3152 OMA-URI:
3153 ```
3154 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
3155 ```
3156 Value (string):
3157 ```
3158 <enabled/> or <disabled/>
3159 ```
3160 #### macOS
3161 ```
3162 <dict>
3163 <key>FirefoxSuggest</key>
3164 <dict>
3165 <key>WebSuggestions</key>
3166 <true/> | <false/>
3167 <key>SponsoredSuggestions</key>
3168 <true/> | <false/>
3169 <key>ImproveSuggest</key>
3170 <true/> | <false/>
3171 <key>Locked</key>
3172 <true/> | <false/>
3173 </dict>
3174 </dict>
3175 ```
3176 #### policies.json
3177 ```
3178 {
3179 "policies": {
3180 "FirefoxSuggest": {
3181 "WebSuggestions": true | false,
3182 "SponsoredSuggestions": true | false,
3183 "ImproveSuggest": true | false,
3184 "Locked": true | false
3185 }
3186 }
3187 }
3188 ```
3189 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3190 Whether to always go through the DNS server before sending a single word search string to a search engine.
3191
3192 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3193
3194 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3195
3196 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3197
3198 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3199
3200 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3201
3202 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3203 **CCK2 Equivalent:** `N/A`\
3204 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3205
3206 #### Windows (GPO)
3207 ```
3208 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3209 ```
3210 #### Windows (Intune)
3211 OMA-URI:
3212 ```
3213 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3214 ```
3215 Value (string):
3216 ```
3217 <enabled/> or <disabled/>
3218 ```
3219 #### macOS
3220 ```
3221 <dict>
3222 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3223 <true/> | <false/>
3224 </dict>
3225 ```
3226 #### policies.json
3227 ```
3228 {
3229 "policies": {
3230 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3231 }
3232 }
3233 ```
3234 ### Handlers
3235 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3236
3237 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3238
3239 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3240
3241 | Name | Description |
3242 | --- | --- |
3243 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3244 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3245 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3246 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3247 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3248 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3249
3250 **Compatibility:** Firefox 78, Firefox ESR 78\
3251 **CCK2 Equivalent:** N/A\
3252 **Preferences Affected:** N/A
3253
3254 #### Windows (GPO)
3255 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3256 ```
3257 {
3258 "mimeTypes": {
3259 "application/msword": {
3260 "action": "useSystemDefault",
3261 "ask": true | false
3262 }
3263 },
3264 "schemes": {
3265 "mailto": {
3266 "action": "useHelperApp",
3267 "ask": true | false,
3268 "handlers": [{
3269 "name": "Gmail",
3270 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3271 }]
3272 }
3273 },
3274 "extensions": {
3275 "pdf": {
3276 "action": "useHelperApp",
3277 "ask": true | false,
3278 "handlers": [{
3279 "name": "Adobe Acrobat",
3280 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3281 }]
3282 }
3283 }
3284 }
3285 ```
3286 #### Windows (Intune)
3287 OMA-URI:
3288 ```
3289 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3290 ```
3291 Value (string):
3292 ```
3293 <enabled/>
3294 <data id="Handlers" value='
3295 {
3296 "mimeTypes": {
3297 "application/msword": {
3298 "action": "useSystemDefault",
3299 "ask": true | false
3300 }
3301 },
3302 "schemes": {
3303 "mailto": {
3304 "action": "useHelperApp",
3305 "ask": true | false,
3306 "handlers": [{
3307 "name": "Gmail",
3308 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3309 }]
3310 }
3311 },
3312 "extensions": {
3313 "pdf": {
3314 "action": "useHelperApp",
3315 "ask": true | false,
3316 "handlers": [{
3317 "name": "Adobe Acrobat",
3318 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3319 }]
3320 }
3321 }
3322 }
3323 '/>
3324 ```
3325 #### macOS
3326 ```
3327 <dict>
3328 <key>Handlers</key>
3329 <dict>
3330 <key>mimeTypes</key>
3331 <dict>
3332 <key>application/msword</key>
3333 <dict>
3334 <key>action</key>
3335 <string>useSystemDefault</string>
3336 <key>ask</key>
3337 <true/> | <false/>
3338 </dict>
3339 </dict>
3340 <key>schemes</key>
3341 <dict>
3342 <key>mailto</key>
3343 <dict>
3344 <key>action</key>
3345 <string>useHelperApp</string>
3346 <key>ask</key>
3347 <true/> | <false/>
3348 <key>handlers</key>
3349 <array>
3350 <dict>
3351 <key>name</key>
3352 <string>Gmail</string>
3353 <key>uriTemplate</key>
3354 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3355 </dict>
3356 </array>
3357 </dict>
3358 </dict>
3359 <key>extensions</key>
3360 <dict>
3361 <key>pdf</key>
3362 <dict>
3363 <key>action</key>
3364 <string>useHelperApp</string>
3365 <key>ask</key>
3366 <true/> | <false/>
3367 <key>handlers</key>
3368 <array>
3369 <dict>
3370 <key>name</key>
3371 <string>Adobe Acrobat</string>
3372 <key>path</key>
3373 <string>/System/Applications/Preview.app</string>
3374 </dict>
3375 </array>
3376 </dict>
3377 </dict>
3378 </dict>
3379 </dict>
3380 ```
3381 #### policies.json
3382 ```
3383 {
3384 "policies": {
3385 "Handlers": {
3386 "mimeTypes": {
3387 "application/msword": {
3388 "action": "useSystemDefault",
3389 "ask": false
3390 }
3391 },
3392 "schemes": {
3393 "mailto": {
3394 "action": "useHelperApp",
3395 "ask": true | false,
3396 "handlers": [{
3397 "name": "Gmail",
3398 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3399 }]
3400 }
3401 },
3402 "extensions": {
3403 "pdf": {
3404 "action": "useHelperApp",
3405 "ask": true | false,
3406 "handlers": [{
3407 "name": "Adobe Acrobat",
3408 "path": "/usr/bin/acroread"
3409 }]
3410 }
3411 }
3412 }
3413 }
3414 }
3415 ```
3416 ### HardwareAcceleration
3417 Control hardware acceleration.
3418
3419 **Compatibility:** Firefox 60, Firefox ESR 60\
3420 **CCK2 Equivalent:** N/A\
3421 **Preferences Affected:** `layers.acceleration.disabled`
3422
3423 #### Windows (GPO)
3424 ```
3425 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3426 ```
3427 #### Windows (Intune)
3428 OMA-URI:
3429 ```
3430 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3431 ```
3432 Value (string):
3433 ```
3434 <enabled/> or <disabled/>
3435 ```
3436 #### macOS
3437 ```
3438 <dict>
3439 <key>HardwareAcceleration</key>
3440 <true/> | <false/>
3441 </dict>
3442 ```
3443 #### policies.json
3444 ```
3445 {
3446 "policies": {
3447 "HardwareAcceleration": true | false
3448 }
3449 }
3450 ```
3451 ### Homepage
3452 Configure the default homepage and how Firefox starts.
3453
3454 `URL` is the default homepage.
3455
3456 `Locked` prevents the user from changing homepage preferences.
3457
3458 `Additional` allows for more than one homepage.
3459
3460 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3461
3462 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3463
3464 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3465 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3466 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3467
3468 #### Windows (GPO)
3469 ```
3470 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3471 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3472 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3473 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3474 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3475 ```
3476 #### Windows (Intune)
3477 OMA-URI:
3478 ```
3479 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3480 ```
3481 Value (string):
3482 ```
3483 <enabled/>
3484
3485 <data id="HomepageURL" value="https://example.com"/>
3486 <data id="HomepageLocked" value="true | false"/>
3487 ```
3488 OMA-URI:
3489 ```
3490 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3491 ```
3492 Value (string):
3493 ```
3494 <enabled/>
3495
3496 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3497 ```
3498 OMA-URI:
3499 ```
3500 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3501 ```
3502 Value (string):
3503 ```
3504 <enabled/>
3505
3506 <data id="StartPage" value="none | homepage | previous-session"/>
3507 ```
3508 #### macOS
3509 ```
3510 <dict>
3511 <key>Homepage</key>
3512 <dict>
3513 <key>URL</key>
3514 <string>http://example.com</string>
3515 <key>Locked</key>
3516 <true/> | <false/>
3517 <key>Additional</key>
3518 <array>
3519 <string>http://example.org</string>
3520 <string>http://example.edu</string>
3521 </array>
3522 <key>StartPage</key>
3523 <string>none | homepage | previous-session | homepage-locked</string>
3524 </dict>
3525 </dict>
3526 ```
3527 #### policies.json
3528 ```
3529 {
3530 "policies": {
3531 "Homepage": {
3532 "URL": "http://example.com/",
3533 "Locked": true | false,
3534 "Additional": ["http://example.org/",
3535 "http://example.edu/"],
3536 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3537 }
3538 }
3539 }
3540 ```
3541 ### InstallAddonsPermission
3542 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3543
3544 `Allow` is a list of origins where extension installs are allowed.
3545
3546 `Default` determines whether or not extension installs are allowed by default.
3547
3548 **Compatibility:** Firefox 60, Firefox ESR 60\
3549 **CCK2 Equivalent:** `permissions.install`\
3550 **Preferences Affected:** `xpinstall.enabled`
3551
3552 #### Windows (GPO)
3553 ```
3554 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3555 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3556 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3557 ```
3558 #### Windows (Intune)
3559 OMA-URI:
3560 ```
3561 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3562 ```
3563 Value (string):
3564 ```
3565 <enabled/>
3566 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3567 ```
3568 OMA-URI:
3569 ```
3570 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3571 ```
3572 Value (string):
3573 ```
3574 <enabled/>
3575 ```
3576 #### macOS
3577 ```
3578 <dict>
3579 <key>InstallAddonsPermission</key>
3580 <dict>
3581 <key>Allow</key>
3582 <array>
3583 <string>http://example.org</string>
3584 <string>http://example.edu</string>
3585 </array>
3586 <key>Default</key>
3587 <true/> | <false/>
3588 </dict>
3589 </dict>
3590 ```
3591 #### policies.json
3592 ```
3593 {
3594 "policies": {
3595 "InstallAddonsPermission": {
3596 "Allow": ["http://example.org/",
3597 "http://example.edu/"],
3598 "Default": true | false
3599 }
3600 }
3601 }
3602 ```
3603 ### LegacyProfiles
3604 Disable the feature enforcing a separate profile for each installation.
3605
3606 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3607
3608 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3609
3610 This policy only work on Windows via GPO (not policies.json).
3611
3612 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3613 **CCK2 Equivalent:** N/A\
3614 **Preferences Affected:** N/A
3615
3616 #### Windows (GPO)
3617 ```
3618 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3619 ```
3620 #### Windows (Intune)
3621 OMA-URI:
3622 ```
3623 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3624 ```
3625 Value (string):
3626 ```
3627 <enabled/> or <disabled/>
3628 ```
3629 ### LegacySameSiteCookieBehaviorEnabled
3630 Enable default legacy SameSite cookie behavior setting.
3631
3632 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3633
3634 **Compatibility:** Firefox 96\
3635 **CCK2 Equivalent:** N/A\
3636 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3637
3638 #### Windows (GPO)
3639 ```
3640 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3641 ```
3642 #### Windows (Intune)
3643 OMA-URI:
3644 ```
3645 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3646 ```
3647 Value (string):
3648 ```
3649 <enabled/> or <disabled/>
3650 ```
3651 #### macOS
3652 ```
3653 <dict>
3654 <key>LegacySameSiteCookieBehaviorEnabled</key>
3655 <true/> | <false/>
3656 </dict>
3657 ```
3658 #### policies.json
3659 ```
3660 {
3661 "policies": {
3662 "LegacySameSiteCookieBehaviorEnabled": true | false
3663 }
3664 ```
3665 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3666 Revert to legacy SameSite behavior for cookies on specified sites.
3667
3668 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3669
3670 **Compatibility:** Firefox 96\
3671 **CCK2 Equivalent:** N/A\
3672 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3673
3674 #### Windows (GPO)
3675 ```
3676 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3677 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3678 ```
3679 #### Windows (Intune)
3680 OMA-URI:
3681 ```
3682 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3683 ```
3684 Value (string):
3685 ```
3686 <enabled/>
3687 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3688 ```
3689 #### macOS
3690 ```
3691 <dict>
3692 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3693 <array>
3694 <string>example.org</string>
3695 <string>example.edu</string>
3696 </array>
3697 </dict>
3698 ```
3699 #### policies.json
3700 ```
3701 {
3702 "policies": {
3703 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3704 "example.edu"]
3705 }
3706 }
3707 ```
3708 ### LocalFileLinks
3709 Enable linking to local files by origin.
3710
3711 **Compatibility:** Firefox 68, Firefox ESR 68\
3712 **CCK2 Equivalent:** N/A\
3713 **Preferences Affected:** `capability.policy.localfilelinks.*`
3714
3715 #### Windows (GPO)
3716 ```
3717 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3718 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3719 ```
3720 #### Windows (Intune)
3721 OMA-URI:
3722 ```
3723 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3724 ```
3725 Value (string):
3726 ```
3727 <enabled/>
3728 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3729 ```
3730 #### macOS
3731 ```
3732 <dict>
3733 <key>LocalFileLinks</key>
3734 <array>
3735 <string>http://example.org</string>
3736 <string>http://example.edu</string>
3737 </array>
3738 </dict>
3739 ```
3740 #### policies.json
3741 ```
3742 {
3743 "policies": {
3744 "LocalFileLinks": ["http://example.org/",
3745 "http://example.edu/"]
3746 }
3747 }
3748 ```
3749 ### ManagedBookmarks
3750 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3751
3752 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3753
3754 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3755 ```
3756 {
3757 "items": {
3758 "id": "BookmarkType",
3759 "properties": {
3760 "children": {
3761 "items": {
3762 "$ref": "BookmarkType"
3763 },
3764 "type": "array"
3765 },
3766 "name": {
3767 "type": "string"
3768 },
3769 "toplevel_name": {
3770 "type": "string"
3771 },
3772 "url": {
3773 "type": "string"
3774 }
3775 },
3776 "type": "object"
3777 },
3778 "type": "array"
3779 }
3780 ```
3781 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3782 **CCK2 Equivalent:** N/A\
3783 **Preferences Affected:** N/A
3784
3785 #### Windows (GPO)
3786 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3787 ```
3788 [
3789 {
3790 "toplevel_name": "My managed bookmarks folder"
3791 },
3792 {
3793 "url": "example.com",
3794 "name": "Example"
3795 },
3796 {
3797 "name": "Mozilla links",
3798 "children": [
3799 {
3800 "url": "https://mozilla.org",
3801 "name": "Mozilla.org"
3802 },
3803 {
3804 "url": "https://support.mozilla.org/",
3805 "name": "SUMO"
3806 }
3807 ]
3808 }
3809 ]
3810 ```
3811 #### Windows (Intune)
3812 OMA-URI:
3813 ```
3814 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3815 ```
3816 Value (string):
3817 ```
3818 <enabled/>
3819 <data id="JSON" value='
3820 [
3821 {
3822 "toplevel_name": "My managed bookmarks folder"
3823 },
3824 {
3825 "url": "example.com",
3826 "name": "Example"
3827 },
3828 {
3829 "name": "Mozilla links",
3830 "children": [
3831 {
3832 "url": "https://mozilla.org",
3833 "name": "Mozilla.org"
3834 },
3835 {
3836 "url": "https://support.mozilla.org/",
3837 "name": "SUMO"
3838 }
3839 ]
3840 }
3841 ]'/>
3842 ```
3843 #### macOS
3844 ```
3845 <dict>
3846 <key>ManagedBookmarks</key>
3847 <array>
3848 <dict>
3849 <key>toplevel_name</key>
3850 <string>My managed bookmarks folder</string>
3851 <dict>
3852 <key>url</key>
3853 <string>example.com</string>
3854 <key>name</key>
3855 <string>Example</string>
3856 </dict>
3857 <dict>
3858 <key>name</key>
3859 <string>Mozilla links</string>
3860 <key>children</key>
3861 <array>
3862 <dict>
3863 <key>url</key>
3864 <string>https://mozilla.org</string>
3865 <key>name</key>
3866 <string>Mozilla</string>
3867 </dict>
3868 <dict>
3869 <key>url</key>
3870 <string>https://support.mozilla.org/</string>
3871 <key>name</key>
3872 <string>SUMO</string>
3873 </dict>
3874 </array>
3875 </dict>
3876 </array>
3877 </dict>
3878 ```
3879 #### policies.json
3880 ```
3881 {
3882 "policies": {
3883 "ManagedBookmarks": [
3884 {
3885 "toplevel_name": "My managed bookmarks folder"
3886 },
3887 {
3888 "url": "example.com",
3889 "name": "Example"
3890 },
3891 {
3892 "name": "Mozilla links",
3893 "children": [
3894 {
3895 "url": "https://mozilla.org",
3896 "name": "Mozilla.org"
3897 },
3898 {
3899 "url": "https://support.mozilla.org/",
3900 "name": "SUMO"
3901 }
3902 ]
3903 }
3904 ]
3905 }
3906 }
3907 ```
3908 ### ManualAppUpdateOnly
3909
3910 Switch to manual updates only.
3911
3912 If this policy is enabled:
3913 1. The user will never be prompted to install updates
3914 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3915 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3916
3917 This policy is primarily intended for advanced end users, not for enterprises, but it is available via GPO.
3918
3919 **Compatibility:** Firefox 87\
3920 **CCK2 Equivalent:** N/A\
3921 **Preferences Affected:** N/A
3922
3923 #### Windows (GPO)
3924 ```
3925 Software\Policies\Mozilla\Firefox\ManualAppUpdateOnly = 0x1 | 0x0
3926 ```
3927 #### Windows (Intune)
3928 OMA-URI:
3929 ```
3930 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManualAppUpdateOnly
3931 ```
3932 Value (string):
3933 ```
3934 <enabled/> or <disabled/>
3935 ```
3936 #### macOS
3937 ```
3938 <dict>
3939 <key>ManualAppUpdateOnly</key>
3940 <true/> | <false/>
3941 </dict>
3942 ```
3943 #### policies.json
3944 ```
3945 {
3946 "policies": {
3947 "ManualAppUpdateOnly": true | false
3948 }
3949 }
3950 ```
3951 ### NetworkPrediction
3952 Enable or disable network prediction (DNS prefetching).
3953
3954 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3955 **CCK2 Equivalent:** N/A\
3956 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3957
3958 #### Windows (GPO)
3959 ```
3960 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3961 ```
3962 #### Windows (Intune)
3963 OMA-URI:
3964 ```
3965 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3966 ```
3967 Value (string):
3968 ```
3969 <enabled/> or <disabled/>
3970 ```
3971 #### macOS
3972 ```
3973 <dict>
3974 <key>NetworkPrediction</key>
3975 <true/> | <false/>
3976 </dict>
3977 ```
3978 #### policies.json
3979 ```
3980 {
3981 "policies": {
3982 "NetworkPrediction": true | false
3983 }
3984 ```
3985 ### NewTabPage
3986 Enable or disable the New Tab page.
3987
3988 **Compatibility:** Firefox 68, Firefox ESR 68\
3989 **CCK2 Equivalent:** N/A\
3990 **Preferences Affected:** `browser.newtabpage.enabled`
3991
3992 #### Windows (GPO)
3993 ```
3994 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3995 ```
3996 #### Windows (Intune)
3997 OMA-URI:
3998 ```
3999 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
4000 ```
4001 Value (string):
4002 ```
4003 <enabled/> or <disabled/>
4004 ```
4005 #### macOS
4006 ```
4007 <dict>
4008 <key>NewTabPage</key>
4009 <true/> | <false/>
4010 </dict>
4011 ```
4012 #### policies.json
4013 ```
4014 {
4015 "policies": {
4016 "NewTabPage": true | false
4017 }
4018 ```
4019 ### NoDefaultBookmarks
4020 Disable the creation of default bookmarks.
4021
4022 This policy is only effective if the user profile has not been created yet.
4023
4024 **Compatibility:** Firefox 60, Firefox ESR 60\
4025 **CCK2 Equivalent:** `removeDefaultBookmarks`\
4026 **Preferences Affected:** N/A
4027
4028 #### Windows (GPO)
4029 ```
4030 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
4031 ```
4032 #### Windows (Intune)
4033 OMA-URI:
4034 ```
4035 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
4036 ```
4037 Value (string):
4038 ```
4039 <enabled/> or <disabled/>
4040 ```
4041 #### macOS
4042 ```
4043 <dict>
4044 <key>NoDefaultBookmarks</key>
4045 <true/> | <false/>
4046 </dict>
4047 ```
4048 #### policies.json
4049 ```
4050 {
4051 "policies": {
4052 "NoDefaultBookmarks": true | false
4053 }
4054 }
4055 ```
4056 ### OfferToSaveLogins
4057 Control whether or not Firefox offers to save passwords.
4058
4059 **Compatibility:** Firefox 60, Firefox ESR 60\
4060 **CCK2 Equivalent:** `dontRememberPasswords`\
4061 **Preferences Affected:** `signon.rememberSignons`
4062
4063 #### Windows (GPO)
4064 ```
4065 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
4066 ```
4067 #### Windows (Intune)
4068 OMA-URI:
4069 ```
4070 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
4071 ```
4072 Value (string):
4073 ```
4074 <enabled/> or <disabled/>
4075 ```
4076 #### macOS
4077 ```
4078 <dict>
4079 <key>OfferToSaveLogins</key>
4080 <true/> | <false/>
4081 </dict>
4082 ```
4083 #### policies.json
4084 ```
4085 {
4086 "policies": {
4087 "OfferToSaveLogins": true | false
4088 }
4089 }
4090 ```
4091 ### OfferToSaveLoginsDefault
4092 Sets the default value of signon.rememberSignons without locking it.
4093
4094 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4095 **CCK2 Equivalent:** `dontRememberPasswords`\
4096 **Preferences Affected:** `signon.rememberSignons`
4097
4098 #### Windows (GPO)
4099 ```
4100 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4101 ```
4102 #### Windows (Intune)
4103 OMA-URI:
4104 ```
4105 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4106 ```
4107 Value (string):
4108 ```
4109 <enabled/> or <disabled/>
4110 ```
4111 #### macOS
4112 ```
4113 <dict>
4114 <key>OfferToSaveLoginsDefault</key>
4115 <true/> | <false/>
4116 </dict>
4117 ```
4118 #### policies.json
4119 ```
4120 {
4121 "policies": {
4122 "OfferToSaveLoginsDefault": true | false
4123 }
4124 }
4125 ```
4126 ### OverrideFirstRunPage
4127 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4128
4129 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4130
4131 **Compatibility:** Firefox 60, Firefox ESR 60\
4132 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4133 **Preferences Affected:** `startup.homepage_welcome_url`
4134
4135 #### Windows (GPO)
4136 ```
4137 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4138 ```
4139 #### Windows (Intune)
4140 OMA-URI:
4141 ```
4142 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4143 ```
4144 Value (string):
4145 ```
4146 <enabled/>
4147 <data id="OverridePage" value="https://example.com"/>
4148 ```
4149 #### macOS
4150 ```
4151 <dict>
4152 <key>OverrideFirstRunPage</key>
4153 <string>http://example.org</string>
4154 </dict>
4155 ```
4156 #### policies.json
4157 ```
4158 {
4159 "policies": {
4160 "OverrideFirstRunPage": "http://example.org"
4161 }
4162 }
4163 ```
4164 ### OverridePostUpdatePage
4165 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4166
4167 **Compatibility:** Firefox 60, Firefox ESR 60\
4168 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4169 **Preferences Affected:** `startup.homepage_override_url`
4170
4171 #### Windows (GPO)
4172 ```
4173 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4174 ```
4175 #### Windows (Intune)
4176 OMA-URI:
4177 ```
4178 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4179 ```
4180 Value (string):
4181 ```
4182 <enabled/>
4183 <data id="OverridePage" value="https://example.com"/>
4184 ```
4185 #### macOS
4186 ```
4187 <dict>
4188 <key>OverridePostUpdatePage</key>
4189 <string>http://example.org</string>
4190 </dict>
4191 ```
4192 #### policies.json
4193 ```
4194 {
4195 "policies": {
4196 "OverridePostUpdatePage": "http://example.org"
4197 }
4198 }
4199 ```
4200 ### PasswordManagerEnabled
4201 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4202
4203 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4204 **CCK2 Equivalent:** N/A\
4205 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4206
4207 #### Windows (GPO)
4208 ```
4209 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4210 ```
4211 #### Windows (Intune)
4212 OMA-URI:
4213 ```
4214 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4215 ```
4216 Value (string):
4217 ```
4218 <enabled/> or <disabled/>
4219 ```
4220 #### macOS
4221 ```
4222 <dict>
4223 <key>PasswordManagerEnabled</key>
4224 <true/> | <false/>
4225 </dict>
4226 ```
4227 #### policies.json
4228 ```
4229 {
4230 "policies": {
4231 "PasswordManagerEnabled": true | false
4232 }
4233 }
4234 ```
4235 ### PasswordManagerExceptions
4236 Prevent Firefox from saving passwords for specific sites.
4237
4238 The sites are specified as a list of origins.
4239
4240 **Compatibility:** Firefox 101\
4241 **CCK2 Equivalent:** N/A\
4242 **Preferences Affected:** N/A
4243
4244 #### Windows (GPO)
4245 ```
4246 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4247 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4248 ```
4249 #### Windows (Intune)
4250 OMA-URI:
4251 ```
4252 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4253 ```
4254 Value (string):
4255 ```
4256 <enabled/>
4257 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4258 ```
4259 #### macOS
4260 ```
4261 <dict>
4262 <key>PasswordManagerExceptions</key>
4263 <array>
4264 <string>https://example.org</string>
4265 <string>https://example.edu</string>
4266 </array>
4267 </dict>
4268 ```
4269 #### policies.json
4270 ```
4271 {
4272 "policies": {
4273 "PasswordManagerExceptions": ["https://example.org",
4274 "https://example.edu"]
4275 }
4276 }
4277 ```
4278
4279 ### PDFjs
4280 Disable or configure PDF.js, the built-in PDF viewer.
4281
4282 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4283
4284 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4285
4286 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4287
4288 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4289 **CCK2 Equivalent:** N/A\
4290 **Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
4291
4292 #### Windows (GPO)
4293 ```
4294 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4295 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4296 ```
4297 #### Windows (Intune)
4298 OMA-URI:
4299 ```
4300 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4301 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4302 ```
4303 Value (string):
4304 ```
4305 <enabled/>or <disabled/>
4306 ```
4307 #### macOS
4308 ```
4309 <dict>
4310 <key>PDFjs</key>
4311 <dict>
4312 <key>Enabled</key>
4313 <true/> | <false/>
4314 <key>EnablePermissions</key>
4315 <true/> | <false/>
4316 </dict>
4317 </dict>
4318 ```
4319 #### policies.json
4320 ```
4321 {
4322 "policies": {
4323 "PDFjs": {
4324 "Enabled": true | false,
4325 "EnablePermissions": true | false
4326 }
4327 }
4328 }
4329 ```
4330 ### Permissions
4331 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4332
4333 `Allow` is a list of origins where the feature is allowed.
4334
4335 `Block` is a list of origins where the feature is not allowed.
4336
4337 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4338
4339 `Locked` prevents the user from changing preferences for the feature.
4340
4341 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4342
4343 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4344 **CCK2 Equivalent:** N/A\
4345 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4346
4347 #### Windows (GPO)
4348 ```
4349 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4350 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4351 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4352 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4353 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4354 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4355 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4356 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4357 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4358 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4359 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4360 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4361 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4362 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4363 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4364 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4365 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4366 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4367 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4368 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4369 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4370 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4371 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4372 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4373 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4374 ```
4375 #### Windows (Intune)
4376 OMA-URI:
4377 ```
4378 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4379 ```
4380 Value (string):
4381 ```
4382 <enabled/> or <disabled/>
4383 ```
4384 OMA-URI:
4385 ```
4386 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4387 ```
4388 Value (string):
4389 ```
4390 <enabled/> or <disabled/>
4391 ```
4392 OMA-URI:
4393 ```
4394 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4395 ```
4396 Value (string):
4397 ```
4398 <enabled/>
4399 <data id="Permissions" value="1&#xF000;https://example.org"/>
4400 ```
4401 OMA-URI:
4402 ```
4403 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4404 ```
4405 Value (string):
4406 ```
4407 <enabled/> or <disabled/>
4408 ```
4409 OMA-URI:
4410 ```
4411 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4412 ```
4413 Value (string):
4414 ```
4415 <enabled/> or <disabled/>
4416 ```
4417 OMA-URI:
4418 ```
4419 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4420 ```
4421 Value (string):
4422 ```
4423 <enabled/>
4424 <data id="Permissions" value="1&#xF000;https://example.org"/>
4425 ```
4426 OMA-URI:
4427 ```
4428 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4429 ```
4430 Value (string):
4431 ```
4432 <enabled/>
4433 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4434 ```
4435 OMA-URI:
4436 ```
4437 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4438 ```
4439 Value (string):
4440 ```
4441 <enabled/>
4442 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4443 ```
4444 OMA-URI:
4445 ```
4446 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4447 ```
4448 Value (string):
4449 ```
4450 <enabled/> or <disabled/>
4451 ```
4452 OMA-URI:
4453 ```
4454 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4455 ```
4456 Value (string):
4457 ```
4458 <enabled/>
4459 <data id="Permissions" value="1&#xF000;https://example.org"/>
4460 ```
4461 OMA-URI:
4462 ```
4463 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4464 ```
4465 Value (string):
4466 ```
4467 <enabled/>
4468 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4469 ```
4470 OMA-URI:
4471 ```
4472 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4473 ```
4474 Value (string):
4475 ```
4476 <enabled/> or <disabled/>
4477 ```
4478 OMA-URI:
4479 ```
4480 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4481 ```
4482 Value (string):
4483 ```
4484 <enabled/> or <disabled/>
4485 ```
4486 #### macOS
4487 ```
4488 <dict>
4489 <key>Permissions</key>
4490 <dict>
4491 <key>Camera</key>
4492 <dict>
4493 <key>Allow</key>
4494 <array>
4495 <string>https://example.org</string>
4496 <string>https://example.org:1234</string>
4497 </array>
4498 <key>Block</key>
4499 <array>
4500 <string>https://example.edu</string>
4501 </array>
4502 <key>BlockNewRequests</key>
4503 <true/> | <false/>
4504 <key>Locked</key>
4505 <true/> | <false/>
4506 </dict>
4507 <key>Microphone</key>
4508 <dict>
4509 <key>Allow</key>
4510 <array>
4511 <string>https://example.org</string>
4512 </array>
4513 <key>Block</key>
4514 <array>
4515 <string>https://example.edu</string>
4516 </array>
4517 <key>BlockNewRequests</key>
4518 <true/> | <false/>
4519 <key>Locked</key>
4520 <true/> | <false/>
4521 </dict>
4522 <key>Location</key>
4523 <dict>
4524 <key>Allow</key>
4525 <array>
4526 <string>https://example.org</string>
4527 </array>
4528 <key>Block</key>
4529 <array>
4530 <string>https://example.edu</string>
4531 </array>
4532 <key>BlockNewRequests</key>
4533 <true/> | <false/>
4534 <key>Locked</key>
4535 <true/> | <false/>
4536 </dict>
4537 <key>Notifications</key>
4538 <dict>
4539 <key>Allow</key>
4540 <array>
4541 <string>https://example.org</string>
4542 </array>
4543 <key>Block</key>
4544 <array>
4545 <string>https://example.edu</string>
4546 </array>
4547 <key>BlockNewRequests</key>
4548 <true/>
4549 <key>Locked</key>
4550 <true/>
4551 </dict>
4552 <key>Autoplay</key>
4553 <dict>
4554 <key>Allow</key>
4555 <array>
4556 <string>https://example.org</string>
4557 </array>
4558 <key>Block</key>
4559 <array>
4560 <string>https://example.edu</string>
4561 </array>
4562 <key>Default</key>
4563 <string>allow-audio-video | block-audio | block-audio-video</string>
4564 <key>Locked</key>
4565 <true/> | <false/>
4566 </dict>
4567 </dict>
4568 </dict>
4569 ```
4570 #### policies.json
4571 ```
4572 {
4573 "policies": {
4574 "Permissions": {
4575 "Camera": {
4576 "Allow": ["https://example.org","https://example.org:1234"],
4577 "Block": ["https://example.edu"],
4578 "BlockNewRequests": true | false,
4579 "Locked": true | false
4580 },
4581 "Microphone": {
4582 "Allow": ["https://example.org"],
4583 "Block": ["https://example.edu"],
4584 "BlockNewRequests": true | false,
4585 "Locked": true | false
4586 },
4587 "Location": {
4588 "Allow": ["https://example.org"],
4589 "Block": ["https://example.edu"],
4590 "BlockNewRequests": true | false,
4591 "Locked": true | false
4592 },
4593 "Notifications": {
4594 "Allow": ["https://example.org"],
4595 "Block": ["https://example.edu"],
4596 "BlockNewRequests": true | false,
4597 "Locked": true | false
4598 },
4599 "Autoplay": {
4600 "Allow": ["https://example.org"],
4601 "Block": ["https://example.edu"],
4602 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4603 "Locked": true | false
4604 }
4605 }
4606 }
4607 }
4608 ```
4609 ### PictureInPicture
4610
4611 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4612
4613 **Compatibility:** Firefox 78, Firefox ESR 78\
4614 **CCK2 Equivalent:** N/A\
4615 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4616
4617 #### Windows (GPO)
4618 ```
4619 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4620 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4621
4622 ```
4623 #### Windows (Intune)
4624 OMA-URI:
4625 ```
4626 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4627 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4628 ```
4629 Value (string):
4630 ```
4631 <enabled/> or <disabled/>
4632 ```
4633 #### macOS
4634 ```
4635 <dict>
4636 <key>PictureInPicture</key>
4637 <dict>
4638 <key>Enabled</key>
4639 <true/> | <false/>
4640 <key>Locked</key>
4641 <true/> | <false/>
4642 </dict>
4643 </dict>
4644 ```
4645 #### policies.json
4646 ```
4647 {
4648 "policies": {
4649 "PictureInPicture": {
4650 "Enabled": true | false,
4651 "Locked": true | false
4652 }
4653 }
4654 }
4655 ```
4656 ### PopupBlocking
4657 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4658
4659 `Allow` is a list of origins where popup-windows are allowed.
4660
4661 `Default` determines whether or not pop-up windows are allowed by default.
4662
4663 `Locked` prevents the user from changing pop-up preferences.
4664
4665 **Compatibility:** Firefox 60, Firefox ESR 60\
4666 **CCK2 Equivalent:** `permissions.popup`\
4667 **Preferences Affected:** `dom.disable_open_during_load`
4668
4669 #### Windows (GPO)
4670 ```
4671 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4672 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4673 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4674 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4675 ```
4676 #### Windows (Intune)
4677 OMA-URI:
4678 ```
4679 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4680 ```
4681 Value (string):
4682 ```
4683 <enabled/>
4684 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4685 ```
4686 OMA-URI:
4687 ```
4688 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4689 ```
4690 Value (string):
4691 ```
4692 <enabled/> or <disabled/>
4693 ```
4694 OMA-URI:
4695 ```
4696 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4697 ```
4698 Value (string):
4699 ```
4700 <enabled/> or <disabled/>
4701 ```
4702 #### macOS
4703 ```
4704 <dict>
4705 <key>PopupBlocking</key>
4706 <dict>
4707 <key>Allow</key>
4708 <array>
4709 <string>http://example.org</string>
4710 <string>http://example.edu</string>
4711 </array>
4712 <key>Default</key>
4713 <true/> | <false/>
4714 <key>Locked</key>
4715 <true/> | <false/>
4716 </dict>
4717 </dict>
4718 ```
4719 #### policies.json
4720 ```
4721 {
4722 "policies": {
4723 "PopupBlocking": {
4724 "Allow": ["http://example.org/",
4725 "http://example.edu/"],
4726 "Default": true | false,
4727 "Locked": true | false
4728 }
4729 }
4730 }
4731 ```
4732 ### Preferences
4733 Set and lock preferences.
4734
4735 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4736
4737 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4738
4739 Preferences that start with the following prefixes are supported:
4740 ```
4741 accessibility.
4742 alerts.* (Firefox 122, Firefox ESR 115.7)
4743 app.update.* (Firefox 86, Firefox ESR 78.8)
4744 browser.
4745 datareporting.policy.
4746 dom.
4747 extensions.
4748 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4749 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4750 geo.
4751 gfx.
4752 intl.
4753 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4754 layers.
4755 layout.
4756 media.
4757 network.
4758 pdfjs. (Firefox 84, Firefox ESR 78.6)
4759 places.
4760 pref.
4761 print.
4762 signon. (Firefox 83, Firefox ESR 78.5)
4763 spellchecker. (Firefox 84, Firefox ESR 78.6)
4764 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4765 ui.
4766 widget.
4767 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4768 xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
4769 ```
4770 as well as the following security preferences:
4771
4772 | Preference | Type | Default
4773 | --- | --- | --- |
4774 | security.default_personal_cert | string | Ask Every Time
4775 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4776 | security.disable_button.openCertManager | string | N/A
4777 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4778 | security.disable_button.openDeviceManager | string | N/A
4779 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4780 | security.insecure_connection_text.enabled | bool | false
4781 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4782 | security.insecure_connection_text.pbmode.enabled | bool | false
4783 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4784 | security.mixed_content.block_active_content | boolean | true
4785 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4786 | security.osclientcerts.autoload | boolean | false
4787 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4788 | security.OCSP.enabled | integer | 1
4789 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4790 | security.OCSP.require | boolean | false
4791 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4792 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4793 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4794 | security.ssl.enable_ocsp_stapling | boolean | true
4795 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4796 | security.ssl.errorReporting.enabled | boolean | true
4797 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4798 | security.ssl.require_safe_negotiation | boolean | false
4799 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4800 | security.tls.enable_0rtt_data | boolean | true
4801 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4802 | security.tls.hello_downgrade_check | boolean | true
4803 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4804 | security.tls.version.enable-deprecated | boolean | false
4805 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4806 | security.warn_submit_secure_to_insecure | boolean | true
4807 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4808
4809 Using the preference as the key, set the `Value` to the corresponding preference value.
4810
4811 `Status` can be "default", "locked", "user" or "clear"
4812
4813 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4814 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4815 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4816 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4817
4818 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4819
4820 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4821
4822 You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.
4823
4824 See the examples below for more detail.
4825
4826 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4827
4828 Status
4829 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4830 **CCK2 Equivalent:** `preferences`\
4831 **Preferences Affected:** Many
4832
4833 #### Windows (GPO)
4834 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4835 ```
4836 {
4837 "accessibility.force_disabled": {
4838 "Value": 1,
4839 "Status": "default",
4840 "Type": "number"
4841
4842 },
4843 "browser.cache.disk.parent_directory": {
4844 "Value": "SOME_NATIVE_PATH",
4845 "Status": "user"
4846 },
4847 "browser.tabs.warnOnClose": {
4848 "Value": false,
4849 "Status": "locked"
4850 }
4851 }
4852 ```
4853 #### Windows (Intune)
4854 OMA-URI:
4855 ```
4856 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4857 ```
4858 Value (string):
4859 ```
4860 <enabled/>
4861 <data id="JSON" value='
4862 {
4863 "accessibility.force_disabled": {
4864 "Value": 1,
4865 "Status": "default",
4866 "Type": "number"
4867 },
4868 "browser.cache.disk.parent_directory": {
4869 "Value": "SOME_NATIVE_PATH",
4870 "Status": "user"
4871 },
4872 "browser.tabs.warnOnClose": {
4873 "Value": false,
4874 "Status": "locked"
4875 }
4876 }'/>
4877 ```
4878 #### macOS
4879 ```
4880 <dict>
4881 <key>Preferences</key>
4882 <dict>
4883 <key>accessibility.force_disabled</key>
4884 <dict>
4885 <key>Value</key>
4886 <integer>1</integer>
4887 <key>Status</key>
4888 <string>default</string>
4889 <key>Type</key>
4890 <string>number</string>
4891 </dict>
4892 <key>browser.cache.disk.parent_directory</key>
4893 <dict>
4894 <key>Value</key>
4895 <string>SOME_NATIVE_PATH</string>
4896 <key>Status</key>
4897 <string>user</string>
4898 </dict>
4899 <key>browser.tabs.warnOnClose</key>
4900 <dict>
4901 <key>Value</key>
4902 <false/>
4903 <key>Status</key>
4904 <string>locked</string>
4905 </dict>
4906 </dict>
4907 </dict>
4908 ```
4909 #### policies.json
4910 ```
4911 {
4912 "policies": {
4913 "Preferences": {
4914 "accessibility.force_disabled": {
4915 "Value": 1,
4916 "Status": "default"
4917 "Type": "number"
4918 },
4919 "browser.cache.disk.parent_directory": {
4920 "Value": "SOME_NATIVE_PATH",
4921 "Status": "user"
4922 },
4923 "browser.tabs.warnOnClose": {
4924 "Value": false,
4925 "Status": "locked"
4926 }
4927 }
4928 }
4929 }
4930 ```
4931 ### PrimaryPassword
4932 Require or prevent using a primary (formerly master) password.
4933
4934 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4935
4936 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4937
4938 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4939 **CCK2 Equivalent:** `noMasterPassword`\
4940 **Preferences Affected:** N/A
4941
4942 #### Windows (GPO)
4943 ```
4944 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4945 ```
4946 #### Windows (Intune)
4947 OMA-URI:
4948 ```
4949 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4950 ```
4951 Value (string):
4952 ```
4953 <enabled/> or <disabled/>
4954 ```
4955 #### macOS
4956 ```
4957 <dict>
4958 <key>PrimaryPassword</key>
4959 <true/> | <false/>
4960 </dict>
4961 ```
4962 #### policies.json
4963 ```
4964 {
4965 "policies": {
4966 "PrimaryPassword": true | false
4967 }
4968 }
4969 ```
4970 ### PrintingEnabled
4971 Enable or disable printing.
4972
4973 **Compatibility:** Firefox 120, Firefox ESR 115.5\
4974 **CCK2 Equivalent:** N/A\
4975 **Preferences Affected:** `print.enabled`
4976
4977 #### Windows (GPO)
4978 ```
4979 Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
4980 ```
4981 #### Windows (Intune)
4982 OMA-URI:
4983 ```
4984 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
4985 ```
4986 Value (string):
4987 ```
4988 <enabled/> or <disabled/>
4989 ```
4990 #### macOS
4991 ```
4992 <dict>
4993 <key>PrintingEnabled</key>
4994 <true/> | <false/>
4995 </dict>
4996 ```
4997 #### policies.json
4998 ```
4999 {
5000 "policies": {
5001 "PrintingEnabled": true | false
5002 }
5003 }
5004 ```
5005 ### PromptForDownloadLocation
5006 Ask where to save each file before downloading.
5007
5008 **Compatibility:** Firefox 68, Firefox ESR 68\
5009 **CCK2 Equivalent:** N/A\
5010 **Preferences Affected:** `browser.download.useDownloadDir`
5011
5012 #### Windows (GPO)
5013 ```
5014 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
5015 ```
5016 #### Windows (Intune)
5017 OMA-URI:
5018 ```
5019 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
5020 ```
5021 Value (string):
5022 ```
5023 <enabled/> or <disabled/>
5024 ```
5025 #### macOS
5026 ```
5027 <dict>
5028 <key>PromptForDownloadLocation</key>
5029 <true/> | <false/>
5030 </dict>
5031 ```
5032 #### policies.json
5033 ```
5034 {
5035 "policies": {
5036 "PromptForDownloadLocation": true | false
5037 }
5038 }
5039 ```
5040 ### Proxy
5041 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5042 To specify ports, append them to the hostnames with a colon (:).
5043
5044 Unless you lock this policy, changes the user already has in place will take effect.
5045
5046 `Mode` is the proxy method being used.
5047
5048 `Locked` is whether or not proxy settings can be changed.
5049
5050 `HTTPProxy` is the HTTP proxy server.
5051
5052 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5053
5054 `SSLProxy` is the SSL proxy server.
5055
5056 `FTPProxy` is the FTP proxy server.
5057
5058 `SOCKSProxy` is the SOCKS proxy server
5059
5060 `SOCKSVersion` is the SOCKS version (4 or 5)
5061
5062 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5063
5064 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5065
5066 `AutoLogin` means do not prompt for authentication if password is saved.
5067
5068 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5069
5070 **Compatibility:** Firefox 60, Firefox ESR 60\
5071 **CCK2 Equivalent:** `networkProxy*`\
5072 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5073
5074 #### Windows (GPO)
5075 ```
5076 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5077 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5078 Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
5079 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5080 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5081 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5082 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5083 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5084 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5085 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5086 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5087 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5088 ```
5089 #### Windows (Intune)
5090 **Note**
5091 These setttings were moved to a category to make them easier to configure via Intune.
5092
5093 OMA-URI:
5094 ```
5095 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5096 ```
5097 Value (string):
5098 ```
5099 <enabled/> or <disabled/>
5100 ```
5101 OMA-URI:
5102 ```
5103 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5104 ```
5105 Value (string):
5106 ```
5107 <enabled/>
5108 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5109 ```
5110 OMA-URI:
5111 ```
5112 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5113 ```
5114 Value (string):
5115 ```
5116 <enabled/>
5117 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5118 ```
5119 OMA-URI:
5120 ```
5121 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5122 ```
5123 Value (string):
5124 ```
5125 <enabled/> or <disabled/>
5126 ```
5127 OMA-URI:
5128 ```
5129 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5130 ```
5131 Value (string):
5132 ```
5133 <enabled/>
5134 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5135 ```
5136 OMA-URI:
5137 ```
5138 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5139 ```
5140 Value (string):
5141 ```
5142 <enabled/>
5143 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5144 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5145 ```
5146 OMA-URI:
5147 ```
5148 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5149 ```
5150 Value (string):
5151 ```
5152 <enabled/>
5153 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5154 ```
5155 OMA-URI:
5156 ```
5157 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5158 ```
5159 Value (string):
5160 ```
5161 <enabled/>
5162 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5163 ```
5164 OMA-URI:
5165 ```
5166 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5167 ```
5168 Value (string):
5169 ```
5170 <enabled/> or <disabled/>
5171 ```
5172 OMA-URI:
5173 ```
5174 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5175 ```
5176 Value (string):
5177 ```
5178 <enabled/> or <disabled/>
5179 ```
5180 OMA-URI (Old way):
5181 ```
5182 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5183 ```
5184 Value (string):
5185 ```
5186 <enabled/>
5187 <data id="ProxyLocked" value="true | false"/>
5188 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5189 <data id="HTTPProxy" value="httpproxy.example.com"/>
5190 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5191 <data id="SSLProxy" value="sslproxy.example.com"/>
5192 <data id="FTPProxy" value="ftpproxy.example.com"/>
5193 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5194 <data id="SOCKSVersion" value="4 | 5"/>
5195 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5196 <data id="Passthrough" value="<local>"/>
5197 <data id="AutoLogin" value="true | false"/>
5198 <data id="UseProxyForDNS" value="true | false"/>
5199 ```
5200 #### macOS
5201 ```
5202 <dict>
5203 <key>Proxy</key>
5204 <dict>
5205 <key>Mode</key>
5206 <string>none | system | manual | autoDetect | autoConfig</string>
5207 <key>Locked</key>
5208 <true> | </false>
5209 <key>HTTPProxy</key>
5210 <string>https://httpproxy.example.com</string>
5211 <key>UseHTTPProxyForAllProtocols</key>
5212 <true> | </false>
5213 <key>SSLProxy</key>
5214 <string>https://sslproxy.example.com</string>
5215 <key>FTPProxy</key>
5216 <string>https://ftpproxy.example.com</string>
5217 <key>SOCKSProxy</key>
5218 <string>https://socksproxy.example.com</string>
5219 <key>SOCKSVersion</key>
5220 <string>4 | 5</string>
5221 <key>Passthrough</key>
5222 <string>&lt;local>&gt;</string>
5223 <key>AutoConfigURL</key>
5224 <string>URL_TO_AUTOCONFIG</string>
5225 <key>AutoLogin</key>
5226 <true> | </false>
5227 <key>UseProxyForDNS</key>
5228 <true> | </false>
5229 </dict>
5230 </dict>
5231 ```
5232 #### policies.json
5233 ```
5234 {
5235 "policies": {
5236 "Proxy": {
5237 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5238 "Locked": true | false,
5239 "HTTPProxy": "hostname",
5240 "UseHTTPProxyForAllProtocols": true | false,
5241 "SSLProxy": "hostname",
5242 "FTPProxy": "hostname",
5243 "SOCKSProxy": "hostname",
5244 "SOCKSVersion": 4 | 5,
5245 "Passthrough": "<local>",
5246 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5247 "AutoLogin": true | false,
5248 "UseProxyForDNS": true | false
5249 }
5250 }
5251 }
5252 ```
5253 ### RequestedLocales
5254 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5255
5256 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5257
5258 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5259 **CCK2 Equivalent:** N/A\
5260 **Preferences Affected:** N/A
5261 #### Windows (GPO)
5262 ```
5263 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5264 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5265
5266 or
5267
5268 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5269 ```
5270 #### Windows (Intune)
5271 OMA-URI:
5272 ```
5273 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5274 ```
5275 Value (string):
5276 ```
5277 <enabled/>
5278 <data id="Preferences_String" value="de,en-US"/>
5279 ```
5280 #### macOS
5281 ```
5282 <dict>
5283 <key>RequestedLocales</key>
5284 <array>
5285 <string>de</string>
5286 <string>en-US</string>
5287 </array>
5288 </dict>
5289
5290 or
5291
5292 <dict>
5293 <key>RequestedLocales</key>
5294 <string>de,en-US</string>
5295 </dict>
5296
5297 ```
5298 #### policies.json
5299 ```
5300 {
5301 "policies": {
5302 "RequestedLocales": ["de", "en-US"]
5303 }
5304 }
5305
5306 or
5307
5308 {
5309 "policies": {
5310 "RequestedLocales": "de,en-US"
5311 }
5312 }
5313 ```
5314 <a name="SanitizeOnShutdown"></a>
5315
5316 ### SanitizeOnShutdown (Selective)
5317 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5318
5319 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5320
5321 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5322 **CCK2 Equivalent:** N/A\
5323 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5324 #### Windows (GPO)
5325 ```
5326 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5327 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5328 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5329 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5330 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5331 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5332 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5333 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5334 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5335 ```
5336 #### Windows (Intune)
5337 OMA-URI:
5338 ```
5339 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5340 ```
5341 Value (string):
5342 ```
5343 <enabled/> or <disabled/>
5344 ```
5345 OMA-URI:
5346 ```
5347 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5348 ```
5349 Value (string):
5350 ```
5351 <enabled/> or <disabled/>
5352 ```
5353 OMA-URI:
5354 ```
5355 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5356 ```
5357 Value (string):
5358 ```
5359 <enabled/> or <disabled/>
5360 ```
5361 OMA-URI:
5362 ```
5363 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5364 ```
5365 Value (string):
5366 ```
5367 <enabled/> or <disabled/>
5368 ```
5369 OMA-URI:
5370 ```
5371 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5372 ```
5373 Value (string):
5374 ```
5375 <enabled/> or <disabled/>
5376 ```
5377 OMA-URI:
5378 ```
5379 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5380 ```
5381 Value (string):
5382 ```
5383 <enabled/> or <disabled/>
5384 ```
5385 OMA-URI:
5386 ```
5387 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5388 ```
5389 Value (string):
5390 ```
5391 <enabled/> or <disabled/>
5392 ```
5393 OMA-URI:
5394 ```
5395 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5396 ```
5397 Value (string):
5398 ```
5399 <enabled/> or <disabled/>
5400 ```
5401 OMA-URI:
5402 ```
5403 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5404 ```
5405 Value (string):
5406 ```
5407 <enabled/> or <disabled/>
5408 ```
5409 #### macOS
5410 ```
5411 <dict>
5412 <key>SanitizeOnShutdown</key>
5413 <dict>
5414 <key>Cache</key>
5415 <true/> | <false/>
5416 <key>Cookies</key>
5417 <true/> | <false/>
5418 <key>Downloads</key>
5419 <true/> | <false/>
5420 <key>FormData</key>
5421 <true/> | <false/>
5422 <key>History</key>
5423 <true/> | <false/>
5424 <key>Sessions</key>
5425 <true/> | <false/>
5426 <key>SiteSettings</key>
5427 <true/> | <false/>
5428 <key>OfflineApps</key>
5429 <true/> | <false/>
5430 <key>Locked</key>
5431 <true/> | <false/>
5432 </dict>
5433 </dict>
5434 ```
5435 #### policies.json
5436 ```
5437 {
5438 "policies": {
5439 "SanitizeOnShutdown": {
5440 "Cache": true | false,
5441 "Cookies": true | false,
5442 "Downloads": true | false,
5443 "FormData": true | false,
5444 "History": true | false,
5445 "Sessions": true | false,
5446 "SiteSettings": true | false,
5447 "OfflineApps": true | false,
5448 "Locked": true | false
5449 }
5450 }
5451 }
5452 ```
5453 ### SanitizeOnShutdown (All)
5454 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5455
5456 **Compatibility:** Firefox 60, Firefox ESR 60\
5457 **CCK2 Equivalent:** N/A\
5458 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5459 #### Windows (GPO)
5460 ```
5461 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5462 ```
5463 #### Windows (Intune)
5464 OMA-URI:
5465 ```
5466 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5467 ```
5468 Value (string):
5469 ```
5470 <enabled/> or <disabled/>
5471 ```
5472 #### macOS
5473 ```
5474 <dict>
5475 <key>SanitizeOnShutdown</key>
5476 <true/> | <false/>
5477 </dict>
5478 ```
5479 #### policies.json
5480 ```
5481 {
5482 "policies": {
5483 "SanitizeOnShutdown": true | false
5484 }
5485 }
5486 ```
5487 ### SearchBar
5488 Set whether or not search bar is displayed.
5489
5490 **Compatibility:** Firefox 60, Firefox ESR 60\
5491 **CCK2 Equivalent:** `showSearchBar`\
5492 **Preferences Affected:** N/A
5493
5494 #### Windows (GPO)
5495 ```
5496 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5497 ```
5498
5499 #### Windows (Intune)
5500 OMA-URI:
5501 ```
5502 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5503 ```
5504 Value (string):
5505 ```
5506 <enabled/>
5507 <data id="SearchBar" value="unified | separate"/>
5508 ```
5509 #### macOS
5510 ```
5511 <dict>
5512 <key>SearchBar</key>
5513 <string>unified | separate</string>
5514 </dict>
5515 ```
5516 #### policies.json
5517 ```
5518 {
5519 "policies": {
5520 "SearchBar": "unified" | "separate"
5521 }
5522 }
5523 ```
5524 <a name="SearchEngines"></a>
5525
5526 ### SearchEngines (This policy is only available on the ESR.)
5527
5528 ### SearchEngines | Add
5529
5530 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5531
5532 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5533
5534 `Name` is the name of the search engine.
5535
5536 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5537
5538 `Method` is either GET or POST
5539
5540 `IconURL` is a URL for the icon to use.
5541
5542 `Alias` is a keyword to use for the engine.
5543
5544 `Description` is a description of the search engine.
5545
5546 `PostData` is the POST data as name value pairs separated by &.
5547
5548 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5549
5550 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5551
5552 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5553 **CCK2 Equivalent:** `searchplugins`\
5554 **Preferences Affected:** N/A
5555
5556 #### Windows (GPO)
5557 ```
5558 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5559 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5560 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5561 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5562 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5563 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5564 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5565 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5566 ```
5567 #### Windows (Intune)
5568 OMA-URI:
5569 ```
5570 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5571 ```
5572 Value (string):
5573 ```
5574 <enabled/>
5575 <data id="SearchEngine_Name" value="Example1"/>
5576 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5577 <data id="SearchEngine_Method" value="GET | POST"/>
5578 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5579 <data id="SearchEngine_Alias" value="example"/>
5580 <data id="SearchEngine_Description" value="Example Description"/>
5581 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5582 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5583 ```
5584 #### macOS
5585 ```
5586 <dict>
5587 <key>SearchEngines</key>
5588 <dict>
5589 <key>Add</key>
5590 <array>
5591 <dict>
5592 <key>Name</key>
5593 <string>Example1</string>
5594 <key>URLTemplate</key>
5595 <string>https://www.example.org/q={searchTerms}</string>
5596 <key>Method</key>
5597 <string>GET | POST </string>
5598 <key>IconURL</key>
5599 <string>https://www.example.org/favicon.ico</string>
5600 <key>Alias</key>
5601 <string>example</string>
5602 <key>Description</key>
5603 <string>Example Description</string>
5604 <key>SuggestURLTemplate</key>
5605 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5606 <key>PostData</key>
5607 <string>name=value&q={searchTerms}</string>
5608 </dict>
5609 <array>
5610 </dict>
5611 </dict>
5612 ```
5613 #### policies.json
5614 ```
5615 {
5616 "policies": {
5617 "SearchEngines": {
5618 "Add": [
5619 {
5620 "Name": "Example1",
5621 "URLTemplate": "https://www.example.org/q={searchTerms}",
5622 "Method": "GET" | "POST",
5623 "IconURL": "https://www.example.org/favicon.ico",
5624 "Alias": "example",
5625 "Description": "Description",
5626 "PostData": "name=value&q={searchTerms}",
5627 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5628 }
5629 ]
5630 }
5631 }
5632 }
5633 ```
5634 ### SearchEngines | Default
5635
5636 Set the default search engine. This policy is only available on the ESR.
5637
5638 **Compatibility:** Firefox ESR 60\
5639 **CCK2 Equivalent:** `defaultSearchEngine`\
5640 **Preferences Affected:** N/A
5641
5642 #### Windows (GPO)
5643 ```
5644 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5645 ```
5646 #### Windows (Intune)
5647 OMA-URI:
5648 ```
5649 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5650 ```
5651 Value (string):
5652 ```
5653 <enabled/>
5654 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5655 ```
5656 #### macOS
5657 ```
5658 <dict>
5659 <key>SearchEngines</key>
5660 <dict>
5661 <key>Default</key>
5662 <string>NAME_OF_SEARCH_ENGINE</string>
5663 </dict>
5664 </dict>
5665 ```
5666 #### policies.json
5667 ```
5668 {
5669 "policies": {
5670 "SearchEngines": {
5671 "Default": "NAME_OF_SEARCH_ENGINE"
5672 }
5673 }
5674 }
5675 ```
5676 ### SearchEngines | PreventInstalls
5677
5678 Prevent installing search engines from webpages.
5679
5680 **Compatibility:** Firefox ESR 60\
5681 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5682 **Preferences Affected:** N/A
5683
5684 #### Windows (GPO)
5685 ```
5686 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5687 ```
5688 #### Windows (Intune)
5689 OMA-URI:
5690 ```
5691 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5692 ```
5693 Value (string):
5694 ```
5695 <enabled/> or <disabled/>
5696 ```
5697 #### macOS
5698 ```
5699 <dict>
5700 <key>SearchEngines</key>
5701 <dict>
5702 <key>PreventInstalls</key>
5703 <true/> | <false/>
5704 </dict>
5705 </dict>
5706 ```
5707 #### policies.json
5708 ```
5709 {
5710 "policies": {
5711 "SearchEngines": {
5712 "PreventInstalls": true | false
5713 }
5714 }
5715 }
5716 ```
5717 ### SearchEngines | Remove
5718
5719 Hide built-in search engines. This policy is only available on the ESR.
5720
5721 **Compatibility:** Firefox ESR 60.2\
5722 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5723 **Preferences Affected:** N/A
5724
5725 #### Windows (GPO)
5726 ```
5727 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5728 ```
5729 #### Windows (Intune)
5730 OMA-URI:
5731 ```
5732 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5733 ```
5734 Value (string):
5735 ```
5736 <enabled/>
5737 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5738 ```
5739 #### macOS
5740 ```
5741 <dict>
5742 <key>SearchEngines</key>
5743 <dict>
5744 <key>Remove</key>
5745 <array>
5746 <string>NAME_OF_SEARCH_ENGINE</string>
5747 </array>
5748 </dict>
5749 </dict>
5750 ```
5751 #### policies.json
5752 ```
5753 {
5754 "policies": {
5755 "SearchEngines": {
5756 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5757 }
5758 }
5759 }
5760 ```
5761 ### SearchSuggestEnabled
5762
5763 Enable search suggestions.
5764
5765 **Compatibility:** Firefox 68, Firefox ESR 68\
5766 **CCK2 Equivalent:** N/A\
5767 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5768
5769 #### Windows (GPO)
5770 ```
5771 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5772 ```
5773 #### Windows (Intune)
5774 OMA-URI:
5775 ```
5776 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5777 ```
5778 Value (string):
5779 ```
5780 <enabled/> or <disabled/>
5781 ```
5782 #### macOS
5783 ```
5784 <dict>
5785 <key>SearchSuggestEnabled</key>
5786 <true/> | <false/>
5787 </dict>
5788 ```
5789 #### policies.json
5790 ```
5791 {
5792 "policies": {
5793 "SearchSuggestEnabled": true | false
5794 }
5795 }
5796 ```
5797 ### SecurityDevices
5798
5799 Add or delete PKCS #11 modules.
5800
5801 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5802 **CCK2 Equivalent:** N/A\
5803 **Preferences Affected:** N/A
5804
5805 #### Windows (GPO)
5806 ```
5807 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5808 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5809 ```
5810 #### Windows (Intune)
5811 OMA-URI:
5812 ```
5813 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5814 ```
5815 Value (string):
5816 ```
5817 <enabled/>
5818 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5819 ```
5820 OMA-URI:
5821 ```
5822 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5823 ```
5824 Value (string):
5825 ```
5826 <enabled/>
5827 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5828 ```
5829 #### macOS
5830 ```
5831 <dict>
5832 <key>SecurityDevices</key>
5833 <dict>
5834 <key>Add<key>
5835 <dict>
5836 <key>NAME_OF_DEVICE_TO_ADD</key>
5837 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5838 </dict>
5839 <key>Delete</add>
5840 <array>
5841 <string>NAME_OF_DEVICE_TO_DELETE</string>
5842 </array>
5843 </dict>
5844 </dict>
5845 ```
5846 #### policies.json
5847 ```
5848 {
5849 "policies": {
5850 "SecurityDevices": {
5851 "Add": {
5852 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5853 },
5854 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5855 }
5856 }
5857 }
5858 ```
5859 ### SecurityDevices (Deprecated)
5860
5861 Install PKCS #11 modules.
5862
5863 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5864 **CCK2 Equivalent:** `certs.devices`\
5865 **Preferences Affected:** N/A
5866
5867 #### Windows (GPO)
5868 ```
5869 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5870 ```
5871 #### Windows (Intune)
5872 OMA-URI:
5873 ```
5874 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5875 ```
5876 Value (string):
5877 ```
5878 <enabled/>
5879 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5880 ```
5881 #### macOS
5882 ```
5883 <dict>
5884 <key>SecurityDevices</key>
5885 <dict>
5886 <key>NAME_OF_DEVICE</key>
5887 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5888 </dict>
5889 </dict>
5890 ```
5891 #### policies.json
5892 ```
5893 {
5894 "policies": {
5895 "SecurityDevices": {
5896 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5897 }
5898 }
5899 }
5900 ```
5901 ### ShowHomeButton
5902 Show the home button on the toolbar.
5903
5904 Future versions of Firefox will not show the home button by default.
5905
5906 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5907 **CCK2 Equivalent:** N/A\
5908 **Preferences Affected:** N/A
5909
5910 #### Windows (GPO)
5911 ```
5912 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5913 ```
5914 #### Windows (Intune)
5915 OMA-URI:
5916 ```
5917 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5918 ```
5919 Value (string):
5920 ```
5921 <enabled/> or <disabled/>
5922 ```
5923 #### macOS
5924 ```
5925 <dict>
5926 <key>ShowHomeButton</key>
5927 <true/> | <false/>
5928 </dict>
5929 ```
5930 #### policies.json
5931 ```
5932 {
5933 "policies": {
5934 "ShowHomeButton": true | false
5935 }
5936 }
5937 ```
5938 ### SSLVersionMax
5939
5940 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5941
5942 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5943 **CCK2 Equivalent:** N/A\
5944 **Preferences Affected:** `security.tls.version.max`
5945
5946 #### Windows (GPO)
5947 ```
5948 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5949 ```
5950 #### Windows (Intune)
5951 OMA-URI:
5952 ```
5953 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5954 ```
5955 Value (string):
5956 ```
5957 <enabled/>
5958 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5959 ```
5960 #### macOS
5961 ```
5962 <dict>
5963 <key>SSLVersionMax</key>
5964 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5965 </dict>
5966 ```
5967
5968 #### policies.json
5969 ```
5970 {
5971 "policies": {
5972 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5973 }
5974 }
5975 ```
5976 ### SSLVersionMin
5977
5978 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5979
5980 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5981 **CCK2 Equivalent:** N/A\
5982 **Preferences Affected:** `security.tls.version.min`
5983
5984 #### Windows (GPO)
5985 ```
5986 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5987 ```
5988 #### Windows (Intune)
5989 OMA-URI:
5990 ```
5991 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5992 ```
5993 Value (string):
5994 ```
5995 <enabled/>
5996 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5997 ```
5998 #### macOS
5999 ```
6000 <dict>
6001 <key>SSLVersionMin</key>
6002 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
6003 </dict>
6004 ```
6005
6006 #### policies.json
6007 ```
6008 {
6009 "policies": {
6010 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6011 }
6012 }
6013 ```
6014 ### SupportMenu
6015 Add a menuitem to the help menu for specifying support information.
6016
6017 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
6018 **CCK2 Equivalent:** helpMenu\
6019 **Preferences Affected:** N/A
6020
6021 #### Windows (GPO)
6022 ```
6023 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
6024 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
6025 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
6026 ```
6027 #### Windows (Intune)
6028 OMA-URI:
6029 ```
6030 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
6031 ```
6032 Value (string):
6033 ```
6034 <enabled/>
6035 <data id="SupportMenuTitle" value="Support Menu"/>
6036 <data id="SupportMenuURL" value="http://example.com/support"/>
6037 <data id="SupportMenuAccessKey" value="S"/>
6038 ```
6039 #### macOS
6040 ```
6041 <dict>
6042 <key>SupportMenu</key>
6043 <dict>
6044 <key>Title</key>
6045 <string>SupportMenu</string>
6046 <key>URL</key>
6047 <string>http://example.com/support</string>
6048 <key>AccessKey</key>
6049 <string>S</string>
6050 </dict>
6051 </dict>
6052 ```
6053 #### policies.json
6054 ```
6055 {
6056 "policies": {
6057 "SupportMenu": {
6058 "Title": "Support Menu",
6059 "URL": "http://example.com/support",
6060 "AccessKey": "S"
6061 }
6062 }
6063 }
6064 ```
6065 ### StartDownloadsInTempDirectory
6066 Force downloads to start off in a local, temporary location rather than the default download directory.
6067
6068 **Compatibility:** Firefox 102\
6069 **CCK2 Equivalent:** N/A\
6070 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
6071
6072 #### Windows (GPO)
6073 ```
6074 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
6075 ```
6076 #### Windows (Intune)
6077 OMA-URI:
6078 ```
6079 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
6080 ```
6081 Value (string):
6082 ```
6083 <enabled/> or <disabled/>
6084 ```
6085 #### macOS
6086 ```
6087 <dict>
6088 <key>StartDownloadsInTempDirectory</key>
6089 <true/> | <false/>
6090 </dict>
6091 ```
6092 #### policies.json
6093 ```
6094 {
6095 "policies": {
6096 "StartDownloadsInTempDirectory": true | false
6097 }
6098 ```
6099 ### UserMessaging
6100
6101 Prevent Firefox from messaging the user in certain situations.
6102
6103 `WhatsNew` Remove the "What's New" icon and menuitem.
6104
6105 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6106
6107 `FeatureRecommendations` If false, don't recommend browser features.
6108
6109 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6110
6111 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6112
6113 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6114
6115 `Locked` prevents the user from changing user messaging preferences.
6116
6117 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6118 **CCK2 Equivalent:** N/A\
6119 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6120
6121 #### Windows (GPO)
6122 ```
6123 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
6124 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6125 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6126 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6127 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6128 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6129 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
6130 ```
6131 #### Windows (Intune)
6132 OMA-URI:
6133 ```
6134 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6135 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6136 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6137 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6138 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6139 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6140 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
6141 ```
6142 Value (string):
6143 ```
6144 <enabled/> or <disabled/>
6145 ```
6146 #### macOS
6147 ```
6148 <dict>
6149 <key>UserMessaging</key>
6150 <dict>
6151 <key>WhatsNew</key>
6152 <true/> | <false/>
6153 <key>ExtensionRecommendations</key>
6154 <true/> | <false/>
6155 <key>FeatureRecommendations</key>
6156 <true/> | <false/>
6157 <key>UrlbarInterventions</key>
6158 <true/> | <false/>
6159 <key>SkipOnboarding</key>
6160 <true/> | <false/>
6161 <key>MoreFromMozilla</key>
6162 <true/> | <false/>
6163 <key>Locked</key>
6164 <true/> | <false/>
6165 </dict>
6166 </dict>
6167 ```
6168 #### policies.json
6169 ```
6170 {
6171 "policies": {
6172 "UserMessaging": {
6173 "WhatsNew": true | false,
6174 "ExtensionRecommendations": true | false,
6175 "FeatureRecommendations": true | false,
6176 "UrlbarInterventions": true | false,
6177 "SkipOnboarding": true | false,
6178 "MoreFromMozilla": true | false,
6179 "Locked": true | false
6180 }
6181 }
6182 }
6183 ```
6184 ### UseSystemPrintDialog
6185 Use the system print dialog instead of the print preview window.
6186
6187 **Compatibility:** Firefox 102\
6188 **CCK2 Equivalent:** N/A\
6189 **Preferences Affected:** `print.prefer_system_dialog`
6190
6191 #### Windows (GPO)
6192 ```
6193 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6194 ```
6195 #### Windows (Intune)
6196 OMA-URI:
6197 ```
6198 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6199 ```
6200 Value (string):
6201 ```
6202 <enabled/> or <disabled/>
6203 ```
6204 #### macOS
6205 ```
6206 <dict>
6207 <key>UseSystemPrintDialog</key>
6208 <true/> | <false/>
6209 </dict>
6210 ```
6211 #### policies.json
6212 ```
6213 {
6214 "policies": {
6215 "UseSystemPrintDialog": true | false
6216 }
6217 }
6218 ```
6219 ### WebsiteFilter
6220 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6221 The arrays are limited to 1000 entries each.
6222
6223 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6224
6225 For specific protocols, use `https://*/*` or `http://*/*`.
6226
6227 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6228
6229 **Compatibility:** Firefox 60, Firefox ESR 60\
6230 **CCK2 Equivalent:** N/A\
6231 **Preferences Affected:** N/A
6232
6233 #### Windows (GPO)
6234 ```
6235 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6236 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6237 ```
6238 #### Windows (Intune)
6239 OMA-URI:
6240 ```
6241 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6242 ```
6243 Value (string):
6244 ```
6245 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6246 ```
6247 OMA-URI:
6248 ```
6249 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6250 ```
6251 Value (string):
6252 ```
6253 <enabled/>
6254 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6255 ```
6256 #### macOS
6257 ```
6258 <dict>
6259 <key>WebsiteFilter</key>
6260 <dict>
6261 <key>Block</key>
6262 <array>
6263 <string><all_urls></string>
6264 </array>
6265 <key>Exceptions</key>
6266 <array>
6267 <string>http://example.org/*</string>
6268 </array>
6269 </dict>
6270
6271 </dict>
6272 ```
6273 #### policies.json
6274 ```
6275 {
6276 "policies": {
6277 "WebsiteFilter": {
6278 "Block": ["<all_urls>"],
6279 "Exceptions": ["http://example.org/*"]
6280 }
6281 }
6282 }
6283 ```
6284 ### WindowsSSO
6285 Allow Windows single sign-on for Microsoft, work, and school accounts.
6286
6287 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6288
6289 **Compatibility:** Firefox 91\
6290 **CCK2 Equivalent:** N/A\
6291 **Preferences Affected:** `network.http.windows-sso.enabled`
6292
6293 #### Windows (GPO)
6294 ```
6295 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6296 ```
6297 #### Windows (Intune)
6298 OMA-URI:
6299 ```
6300 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6301 ```
6302 Value (string):
6303 ```
6304 <enabled/> or <disabled/>
6305 ```
6306 #### policies.json
6307 ```
6308 {
6309 "policies": {
6310 "WindowsSSO": true | false
6311 }
6312 }
6313 ```

patrick-canterino.de