]> git.p6c8.net - policy-templates.git/blob - docs/index.md
Add PostQuantumKeyAgreementEnabled to readme
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
21 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
22 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
23 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
24 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
25 | **[`AutofillAddressEnabled`](#autofilladdressenabled)** | Enable autofill for addresses.
26 | **[`AutofillCreditCardEnabled`](#autofillcreditcardenabled)** | Enable autofill for payment methods.
27 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
28 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
29 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
30 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
31 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
32 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
33 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
34 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
35 | **[`Certificates`](#certificates)** |
36 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
37 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
38 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
39 | **[`Cookies`](#cookies)** | Configure cookie preferences.
40 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
41 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
42 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
43 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
44 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
45 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
46 | **[`DisableEncryptedClientHello`](#disableencryptedclienthello)** | Disable the TLS Feature Encrypted Client Hello (ECH).
47 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
48 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
49 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
50 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
51 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
52 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
53 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
54 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
55 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
56 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
57 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
58 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
59 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
60 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
61 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
62 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
63 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
64 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
65 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
66 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
67 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
68 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
69 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
70 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
71 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
72 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
73 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
74 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
75 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
76 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
77 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
78 | **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
79 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
80 | **[`Handlers`](#handlers)** | Configure default application handlers.
81 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
82 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
83 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
84 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
85 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
86 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
87 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
88 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
89 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
90 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
91 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
92 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
93 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
94 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
95 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
96 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
97 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
98 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
99 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
100 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
101 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
102 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
103 | **[`PostQuantumKeyAgreementEnabled`](#postquantumkeyagreementenabled)** | Enable post-quantum key agreement for TLS.
104 | **[`Preferences`](#preferences)** | Set and lock preferences.
105 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
106 | **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
107 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
108 | **[`Proxy`](#proxy)** | Configure proxy settings.
109 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
110 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
111 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
112 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
113 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
114 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
115 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
116 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
117 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
118 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
119 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
120 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
121 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
122 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
123 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
124 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
125 | **[`TranslateEnabled`](#translateenabled)** | Enable or disable webpage translation.
126 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
127 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
128 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
129 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
130
131 ### 3rdparty
132
133 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/enterprise-development/#how-to-add-policy).
134
135 For GPO and Intune, the extension developer should provide an ADMX file.
136
137 **Compatibility:** Firefox 68\
138 **CCK2 Equivalent:** N/A\
139 **Preferences Affected:** N/A
140
141 #### macOS
142 ```
143 <dict>
144 <key>3rdparty</key>
145 <dict>
146 <key>Extensions</key>
147 <dict>
148 <key>uBlock0@raymondhill.net</key>
149 <dict>
150 <key>adminSettings</key>
151 <dict>
152 <key>selectedFilterLists</key>
153 <array>
154 <string>ublock-privacy</string>
155 <string>ublock-badware</string>
156 <string>ublock-filters</string>
157 <string>user-filters</string>
158 </array>
159 </dict>
160 </dict>
161 </dict>
162 </dict>
163 </dict>
164 ```
165 #### policies.json
166 ```
167 {
168 "policies": {
169 "3rdparty": {
170 "Extensions": {
171 "uBlock0@raymondhill.net": {
172 "adminSettings": {
173 "selectedFilterLists": [
174 "ublock-privacy",
175 "ublock-badware",
176 "ublock-filters",
177 "user-filters"
178 ]
179 }
180 }
181 }
182 }
183 }
184 }
185 ```
186
187 ### AllowedDomainsForApps
188
189 Define domains allowed to access Google Workspace.
190
191 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
192
193 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
194
195 **Compatibility:** Firefox 89, Firefox ESR 78.11\
196 **CCK2 Equivalent:** N/A\
197 **Preferences Affected:** N/A
198
199 #### Windows (GPO)
200 ```
201 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
202 ```
203 #### Windows (Intune)
204 OMA-URI:
205 ```
206 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
207 ```
208 Value (string):
209 ```
210 <enabled/>
211 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
212 ```
213 #### macOS
214 ```
215 <dict>
216 <key>AllowedDomainsForApps</key>
217 <string>managedfirefox.com,example.com</string>
218 </dict>
219 ```
220 #### policies.json
221 ```
222 {
223 "policies": {
224 "AllowedDomainsForApps": "managedfirefox.com,example.com"
225 }
226 }
227 ```
228 ### AllowFileSelectionDialogs
229
230 Enable or disable file selection dialogs.
231
232 **Compatibility:** Firefox 124\
233 **CCK2 Equivalent:** N/A\
234 **Preferences Affected:** `widget.disable_file_pickers`
235
236 #### Windows (GPO)
237 ```
238 Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0
239 ```
240 #### Windows (Intune)
241 OMA-URI:
242 ```
243 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate
244 ```
245 Value (string):
246 ```
247 <enabled/> or <disabled/>
248 ```
249 #### macOS
250 ```
251 <dict>
252 <key>AllowFileSelectionDialogs</key>
253 <true/> | <false/>
254 </dict>
255 ```
256 #### policies.json
257 ```
258 {
259 "policies": {
260 "AllowFileSelectionDialogs": true | false
261 }
262 }
263 ```
264 ### AppAutoUpdate
265
266 Enable or disable **automatic** application update.
267
268 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
269
270 If set to false, application updates are downloaded but the user can choose when to install the update.
271
272 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
273
274 **Compatibility:** Firefox 75, Firefox ESR 68.7\
275 **CCK2 Equivalent:** N/A\
276 **Preferences Affected:** `app.update.auto`
277
278 #### Windows (GPO)
279 ```
280 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
281 ```
282 #### Windows (Intune)
283 OMA-URI:
284 ```
285 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
286 ```
287 Value (string):
288 ```
289 <enabled/> or <disabled/>
290 ```
291 #### macOS
292 ```
293 <dict>
294 <key>AppAutoUpdate</key>
295 <true/> | <false/>
296 </dict>
297 ```
298 #### policies.json
299 ```
300 {
301 "policies": {
302 "AppAutoUpdate": true | false
303 }
304 }
305 ```
306 ### AppUpdatePin
307
308 Prevent Firefox from being updated beyond the specified version.
309
310 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
311
312 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
313
314 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
315
316 **Compatibility:** Firefox 102,\
317 **CCK2 Equivalent:** N/A\
318 **Preferences Affected:** N/A
319
320 #### Windows (GPO)
321 ```
322 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
323 ```
324 #### Windows (Intune)
325 OMA-URI:
326 ```
327 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
328 ```
329 Value (string):
330 ```
331 <enabled/>
332 <data id="AppUpdatePin" value="106."/>
333 ```
334 #### macOS
335 ```
336 <dict>
337 <key>AppUpdatePin</key>
338 <string>106.</string>
339 </dict>
340 ```
341 #### policies.json
342 ```
343 {
344 "policies": {
345 "AppUpdatePin": "106."
346 }
347 }
348 ```
349 ### AppUpdateURL
350
351 Change the URL for application update if you are providing Firefox updates from a custom update server.
352
353 **Compatibility:** Firefox 62, Firefox ESR 60.2\
354 **CCK2 Equivalent:** N/A\
355 **Preferences Affected:** `app.update.url`
356
357 #### Windows (GPO)
358 ```
359 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
360 ```
361 #### Windows (Intune)
362 OMA-URI:
363 ```
364 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
365 ```
366 Value (string):
367 ```
368 <enabled/>
369 <data id="AppUpdateURL" value="https://yoursite.com"/>
370 ```
371 #### macOS
372 ```
373 <dict>
374 <key>AppUpdateURL</key>
375 <string>https://yoursite.com</string>
376 </dict>
377 ```
378 #### policies.json
379 ```
380 {
381 "policies": {
382 "AppUpdateURL": "https://yoursite.com"
383 }
384 }
385 ```
386 ### Authentication
387
388 Configure sites that support integrated authentication.
389
390 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
391
392 `PrivateBrowsing` enables integrated authentication in private browsing.
393
394 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
395 **CCK2 Equivalent:** N/A\
396 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
397
398 #### Windows (GPO)
399 ```
400 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
401 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
402 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
403 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
404 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
405 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
406 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
407 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
408 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
409 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
410 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
411 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
412 ```
413 #### Windows (Intune)
414 OMA-URI:
415 ```
416 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
417 ```
418 Value (string):
419 ```
420 <enabled/>
421 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
422 ```
423 OMA-URI:
424 ```
425 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
426 ```
427 Value (string):
428 ```
429 <enabled/>
430 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
431 ```
432 OMA-URI:
433 ```
434 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
435 ```
436 Value (string):
437 ```
438 <enabled/>
439 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
440 ```
441 OMA-URI:
442 ```
443 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
444 ```
445 Value (string):
446 ```
447 <enabled/>
448 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
449 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
450 ```
451 OMA-URI:
452 ```
453 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
454 ```
455 Value (string):
456 ```
457 <enabled/> or <disabled/>
458 ```
459 OMA-URI:
460 ```
461 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
462 ```
463 Value (string):
464 ```
465 <enabled/> or <disabled/>
466 ```
467 #### macOS
468 ```
469 <dict>
470 <key>Authentication</key>
471 <dict>
472 <key>SPNEGO</key>
473 <array>
474 <string>mydomain.com</string>
475 <string>https://myotherdomain.com</string>
476 </array>
477 <key>Delegated</key>
478 <array>
479 <string>mydomain.com</string>
480 <string>https://myotherdomain.com</string>
481 </array>
482 <key>NTLM</key>
483 <array>
484 <string>mydomain.com</string>
485 <string>https://myotherdomain.com</string>
486 </array>
487 <key>AllowNonFQDN</key>
488 <dict>
489 <key>SPNEGO</key>
490 <true/> | <false/>
491 <key>NTLM</key>
492 <true/> | <false/>
493 </dict>
494 <key>AllowProxies</key>
495 <dict>
496 <key>SPNEGO</key>
497 <true/> | <false/>
498 <key>NTLM</key>
499 <true/> | <false/>
500 </dict>
501 <key>Locked</key>
502 <true/> | <false/>
503 <key>PrivateBrowsing</key>
504 <true/> | <false/>
505 </dict>
506 </dict>
507 ```
508 #### policies.json
509 ```
510 {
511 "policies": {
512 "Authentication": {
513 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
514 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
515 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
516 "AllowNonFQDN": {
517 "SPNEGO": true | false,
518 "NTLM": true | false
519 },
520 "AllowProxies": {
521 "SPNEGO": true | false,
522 "NTLM": true | false
523 },
524 "Locked": true | false,
525 "PrivateBrowsing": true | false
526 }
527 }
528 }
529 ```
530 ### AutofillAddressEnabled
531
532 Enables or disables autofill for addresses.
533
534 This only applies when address autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/automatically-fill-your-address-web-forms) for more information.
535
536 **Compatibility:** Firefox 125, Firefox ESR 115.10\
537 **CCK2 Equivalent:** N/A\
538 **Preferences Affected:** `extensions.formautofill.addresses.enabled`
539
540 #### Windows (GPO)
541 ```
542 Software\Policies\Mozilla\Firefox\AutofillAddressEnabled = 0x1 | 0x0
543 ```
544 #### Windows (Intune)
545 OMA-URI:
546 ```
547 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillAddressEnabled
548 ```
549 Value (string):
550 ```
551 <enabled/> or <disabled/>
552 ```
553 #### macOS
554 ```
555 <dict>
556 <key>AutofillAddressEnabled</key>
557 <true/> | <false/>
558 </dict>
559 ```
560 #### policies.json
561 ```
562 {
563 "policies": {
564 "AutofillAddressEnabled": true | false
565 }
566 }
567 ```
568 ### AutofillCreditCardEnabled
569
570 Enables or disables autofill for payment methods.
571
572 This only applies when payment method autofill is enabled for a particular Firefox version or region. See [this page](https://support.mozilla.org/kb/credit-card-autofill) for more information.
573
574 **Compatibility:** Firefox 125, Firefox ESR 115.10\
575 **CCK2 Equivalent:** N/A\
576 **Preferences Affected:** `extensions.formautofill.creditCards.enabled`
577
578 #### Windows (GPO)
579 ```
580 Software\Policies\Mozilla\Firefox\AutofillCreditCardEnabled = 0x1 | 0x0
581 ```
582 #### Windows (Intune)
583 OMA-URI:
584 ```
585 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutofillCreditCardEnabled
586 ```
587 Value (string):
588 ```
589 <enabled/> or <disabled/>
590 ```
591 #### macOS
592 ```
593 <dict>
594 <key>AutofillCreditCardEnabled</key>
595 <true/> | <false/>
596 </dict>
597 ```
598 #### policies.json
599 ```
600 {
601 "policies": {
602 "AutofillCreditCardEnabled": true | false
603 }
604 }
605 ```
606 ### AutoLaunchProtocolsFromOrigins
607 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
608
609 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
610
611 The schema is:
612 ```
613 {
614 "items": {
615 "properties": {
616 "allowed_origins": {
617 "items": {
618 "type": "string"
619 },
620 "type": "array"
621 },
622 "protocol": {
623 "type": "string"
624 }
625 },
626 "required": [
627 "protocol",
628 "allowed_origins"
629 ],
630 "type": "object"
631 },
632 "type": "array"
633 }
634 ```
635 **Compatibility:** Firefox 90, Firefox ESR 78.12\
636 **CCK2 Equivalent:** N/A\
637 **Preferences Affected:** N/A
638
639 #### Windows (GPO)
640 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
641 ```
642 [
643 {
644 "protocol": "zoommtg",
645 "allowed_origins": [
646 "https://somesite.zoom.us"
647 ]
648 }
649 ]
650 ```
651 #### Windows (Intune)
652 OMA-URI:
653 ```
654 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
655 ```
656 Value (string):
657 ```
658 <enabled/>
659 <data id="JSON" value='
660 [
661 {
662 "protocol": "zoommtg",
663 "allowed_origins": [
664 "https://somesite.zoom.us"
665 ]
666 }
667 ]'/>
668 ```
669 #### macOS
670 ```
671 <dict>
672 <key>AutoLaunchProtocolsFromOrigins</key>
673 <array>
674 <dict>
675 <key>protocol</key>
676 <string>zoommtg</string>
677 <key>allowed_origins</key>
678 <array>
679 <string>https://somesite.zoom.us</string>
680 </array>
681 </dict>
682 </array>
683 </dict>
684 ```
685 #### policies.json
686 ```
687 {
688 "policies": {
689 "AutoLaunchProtocolsFromOrigins": [{
690 "protocol": "zoommtg",
691 "allowed_origins": [
692 "https://somesite.zoom.us"
693 ]
694 }]
695 }
696 }
697 ```
698 ### BackgroundAppUpdate
699
700 Enable or disable **automatic** application update **in the background**, when the application is not running.
701
702 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
703
704 If set to false, the application will not try to install updates when the application is not running.
705
706 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
707
708 If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows).
709
710 **Compatibility:** Firefox 90 (Windows only)\
711 **CCK2 Equivalent:** N/A\
712 **Preferences Affected:** `app.update.background.enabled`
713
714 #### Windows (GPO)
715 ```
716 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
717 ```
718 #### Windows (Intune)
719 OMA-URI:
720 ```
721 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
722 ```
723 Value (string):
724 ```
725 <enabled/> or <disabled/>
726 ```
727 #### macOS
728 ```
729 <dict>
730 <key>BackgroundAppUpdate</key>
731 <true/> | <false/>
732 </dict>
733 ```
734 #### policies.json
735 ```
736 {
737 "policies": {
738 "BackgroundAppUpdate": true | false
739 }
740 }
741 ```
742 ### BlockAboutAddons
743
744 Block access to the Add-ons Manager (about:addons).
745
746 **Compatibility:** Firefox 60, Firefox ESR 60\
747 **CCK2 Equivalent:** `disableAddonsManager`\
748 **Preferences Affected:** N/A
749
750 #### Windows (GPO)
751 ```
752 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
753 ```
754 #### Windows (Intune)
755 OMA-URI:
756 ```
757 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
758 ```
759 Value (string):
760 ```
761 <enabled/> or <disabled/>
762 ```
763 #### macOS
764 ```
765 <dict>
766 <key>BlockAboutAddons</key>
767 <true/> | <false/>
768 </dict>
769 ```
770 #### policies.json
771 ```
772 {
773 "policies": {
774 "BlockAboutAddons": true | false
775 }
776 }
777 ```
778 ### BlockAboutConfig
779
780 Block access to about:config.
781
782 **Compatibility:** Firefox 60, Firefox ESR 60\
783 **CCK2 Equivalent:** `disableAboutConfig`\
784 **Preferences Affected:** N/A
785
786 #### Windows (GPO)
787 ```
788 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
789 ```
790 #### Windows (Intune)
791 OMA-URI:
792 ```
793 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
794 ```
795 Value (string):
796 ```
797 <enabled/> or <disabled/>
798 ```
799 #### macOS
800 ```
801 <dict>
802 <key>BlockAboutConfig</key>
803 <true/> | <false/>
804 </dict>
805 ```
806 #### policies.json
807 ```
808 {
809 "policies": {
810 "BlockAboutConfig": true | false
811 }
812 }
813 ```
814 ### BlockAboutProfiles
815
816 Block access to About Profiles (about:profiles).
817
818 **Compatibility:** Firefox 60, Firefox ESR 60\
819 **CCK2 Equivalent:** `disableAboutProfiles`\
820 **Preferences Affected:** N/A
821
822 #### Windows (GPO)
823 ```
824 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
825 ```
826 #### Windows (Intune)
827 OMA-URI:
828 ```
829 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
830 ```
831 Value (string):
832 ```
833 <enabled/> or <disabled/>
834 ```
835 #### macOS
836 ```
837 <dict>
838 <key>BlockAboutProfiles</key>
839 <true/> | <false/>
840 </dict>
841 ```
842 #### policies.json
843 ```
844 {
845 "policies": {
846 "BlockAboutProfiles": true | false
847 }
848 }
849 ```
850 ### BlockAboutSupport
851
852 Block access to Troubleshooting Information (about:support).
853
854 **Compatibility:** Firefox 60, Firefox ESR 60\
855 **CCK2 Equivalent:** `disableAboutSupport`\
856 **Preferences Affected:** N/A
857
858 #### Windows (GPO)
859 ```
860 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
861 ```
862 #### Windows (Intune)
863 OMA-URI:
864 ```
865 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
866 ```
867 Value (string):
868 ```
869 <enabled/> or <disabled/>
870 ```
871 #### macOS
872 ```
873 <dict>
874 <key>BlockAboutSupport</key>
875 <true/> | <false/>
876 </dict>
877 ```
878 #### policies.json
879 ```
880 {
881 "policies": {
882 "BlockAboutSupport": true | false
883 }
884 }
885 ```
886 ### Bookmarks
887
888 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
889
890 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
891
892 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
893
894 **Compatibility:** Firefox 60, Firefox ESR 60\
895 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
896 **Preferences Affected:** N/A
897
898 #### Windows (GPO)
899 ```
900 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
901 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
902 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
903 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
904 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
905
906 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
907 ```
908 []
909 ```
910
911 ```
912 #### Windows (Intune)
913 OMA-URI:
914 ```
915 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
916 ```
917 Value (string):
918 ```
919 <enabled/>
920 <data id="BookmarkTitle" value="Example"/>
921 <data id="BookmarkURL" value="https://example.com"/>
922 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
923 <data id="BookmarkPlacement" value="toolbar | menu"/>
924 <data id="BookmarkFolder" value="FolderName"/>
925 ```
926 OMA-URI:
927 ```
928 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
929 ```
930 Value (string):
931 ```
932 <enabled/>
933 <data id="JSON" value='[]'/>
934 ```
935 #### macOS
936 ```
937 <dict>
938 <key>Bookmarks</key>
939 <array>
940 <dict>
941 <key>Title</key>
942 <string>Example</string>
943 <key>URL</key>
944 <string>https://example.com</string>
945 <key>Favicon</key>
946 <string>https://example.com/favicon.ico</string>
947 <key>Placement</key>
948 <string>toolbar | menu</string>
949 <key>Folder</key>
950 <string>FolderName</string>
951 </dict>
952 </array>
953 </dict>
954 ```
955 #### policies.json
956 ```
957 {
958 "policies": {
959 "Bookmarks": [
960 {
961 "Title": "Example",
962 "URL": "https://example.com",
963 "Favicon": "https://example.com/favicon.ico",
964 "Placement": "toolbar" | "menu",
965 "Folder": "FolderName"
966 }
967 ]
968 }
969 }
970 ```
971 ### CaptivePortal
972 Enable or disable the detection of captive portals.
973
974 **Compatibility:** Firefox 67, Firefox ESR 60.7\
975 **CCK2 Equivalent:** N/A\
976 **Preferences Affected:** `network.captive-portal-service.enabled`
977
978 #### Windows (GPO)
979 ```
980 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
981 ```
982 #### Windows (Intune)
983 OMA-URI:
984 ```
985 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
986 ```
987 Value (string):
988 ```
989 <enabled/> or <disabled/>
990 ```
991 #### macOS
992 ```
993 <dict>
994 <key>CaptivePortal</key>
995 <true/> | <false/>
996 </dict>
997 ```
998 #### policies.json
999 ```
1000 {
1001 "policies": {
1002 "CaptivePortal": true | false
1003 }
1004 }
1005 ```
1006 ### Certificates
1007
1008 ### Certificates | ImportEnterpriseRoots
1009
1010 Trust certificates that have been added to the operating system certificate store by a user or administrator.
1011
1012 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
1013
1014 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
1015
1016 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
1017 **CCK2 Equivalent:** N/A\
1018 **Preferences Affected:** `security.enterprise_roots.enabled`
1019
1020 #### Windows (GPO)
1021 ```
1022 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
1023 ```
1024 #### Windows (Intune)
1025 OMA-URI:
1026 ```
1027 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
1028 ```
1029 Value (string):
1030 ```
1031 <enabled/> or <disabled/>
1032 ```
1033 #### macOS
1034 ```
1035 <dict>
1036 <key>Certificates</key>
1037 <dict>
1038 <key>ImportEnterpriseRoots</key>
1039 <true/> | <false/>
1040 </dict>
1041 </dict>
1042 ```
1043 #### policies.json
1044 ```
1045 {
1046 "policies": {
1047 "Certificates": {
1048 "ImportEnterpriseRoots": true | false
1049 }
1050 }
1051 }
1052 ```
1053 ### Certificates | Install
1054
1055 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
1056
1057 - Windows
1058 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
1059 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
1060 - macOS
1061 - /Library/Application Support/Mozilla/Certificates
1062 - ~/Library/Application Support/Mozilla/Certificates
1063 - Linux
1064 - /usr/lib/mozilla/certificates
1065 - /usr/lib64/mozilla/certificates
1066 - ~/.mozilla/certificates
1067
1068 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
1069
1070 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
1071
1072 Certificates are installed using the trust string `CT,CT,`.
1073
1074 Binary (DER) and ASCII (PEM) certificates are both supported.
1075
1076 **Compatibility:** Firefox 64, Firefox ESR 64\
1077 **CCK2 Equivalent:** `certs.ca`\
1078 **Preferences Affected:** N/A
1079
1080 #### Windows (GPO)
1081 ```
1082 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
1083 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
1084 ```
1085 #### Windows (Intune)
1086 OMA-URI:
1087 ```
1088 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
1089 ```
1090 Value (string):
1091 ```
1092 <enabled/>
1093 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
1094 ```
1095 #### macOS
1096 ```
1097 <dict>
1098 <key>Certificates</key>
1099 <dict>
1100 <key>Install</key>
1101 <array>
1102 <string>cert1.der</string>
1103 <string>/Users/username/cert2.pem</string>
1104 </array>
1105 </dict>
1106 </dict>
1107 ```
1108 #### policies.json
1109 ```
1110 {
1111 "policies": {
1112 "Certificates": {
1113 "Install": ["cert1.der", "/home/username/cert2.pem"]
1114 }
1115 }
1116 }
1117 ```
1118 ### Containers
1119 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1120
1121 Currently you can set the initial set of containers.
1122
1123 For each container, you can specify the name, icon, and color.
1124
1125 | Name | Description |
1126 | --- | --- |
1127 | `name`| Name of container
1128 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1129 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1130
1131 **Compatibility:** Firefox 113\
1132 **CCK2 Equivalent:** N/A\
1133 **Preferences Affected:** N/A
1134
1135 #### Windows (GPO)
1136 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1137 ```
1138 {
1139 "Default": [
1140 {
1141 "name": "My container",
1142 "icon": "pet",
1143 "color": "turquoise"
1144 }
1145 ]
1146 }
1147 ```
1148 #### Windows (Intune)
1149 OMA-URI:
1150 ```
1151 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1152 ```
1153 Value (string):
1154 ```
1155 <enabled/>
1156 <data id="JSON" value='
1157 {
1158 "Default": [
1159 {
1160 "name": "My container",
1161 "icon": "pet",
1162 "color": "turquoise"
1163 }
1164 ]
1165 }
1166 '/>
1167 ```
1168 #### macOS
1169 ```
1170 <dict>
1171 <key>Default</key>
1172 <dict>
1173 <key>Containers</key>
1174 <array>
1175 <dict>
1176 <key>name</key>
1177 <string>My container</string>
1178 <key>icon</key>
1179 <string>pet</string>
1180 <key>color</key>
1181 <string>turquoise</string>
1182 </dict>
1183 </array>
1184 </dict>
1185 </dict>
1186 ```
1187 #### policies.json
1188 ```
1189 {
1190 "policies": {
1191 "Containers": {
1192 "Default": [
1193 {
1194 "name": "My container",
1195 "icon": "pet",
1196 "color": "turquoise"
1197 }
1198 ]
1199 }
1200 }
1201 }
1202 ```
1203 ### Cookies
1204 Configure cookie preferences.
1205
1206 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1207
1208 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1209
1210 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1211
1212 `Behavior` sets the default behavior for cookies based on the values below.
1213
1214 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1215
1216 | Value | Description
1217 | --- | --- |
1218 | accept | Accept all cookies
1219 | reject-foreign | Reject third party cookies
1220 | reject | Reject all cookies
1221 | limit-foreign | Reject third party cookies for sites you haven't visited
1222 | reject-tracker | Reject cookies for known trackers (default)
1223 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1224
1225 `Locked` prevents the user from changing cookie preferences.
1226
1227 `Default` determines whether cookies are accepted at all. (*Deprecated*. Use `Behavior` instead)
1228
1229 `AcceptThirdParty` determines how third-party cookies are handled. (*Deprecated*. Use `Behavior` instead)
1230
1231 `RejectTracker` only rejects cookies for trackers. (*Deprecated*. Use `Behavior` instead)
1232
1233 `ExpireAtSessionEnd` determines when cookies expire. (*Deprecated*. Use [`SanitizeOnShutdown`](#sanitizeonshutdown-selective) instead)
1234
1235 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1236 **CCK2 Equivalent:** N/A\
1237 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1238
1239 #### Windows (GPO)
1240 ```
1241 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1242 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1243 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1244 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1245 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1246 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1247 ```
1248 #### Windows (Intune)
1249 OMA-URI:
1250 ```
1251 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1252 ```
1253 Value (string):
1254 ```
1255 <enabled/>
1256 <data id="Permissions" value="1&#xF000;https://example.com"/>
1257 ```
1258 OMA-URI:
1259 ```
1260 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1261 ```
1262 Value (string):
1263 ```
1264 <enabled/>
1265 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1266 ```
1267 OMA-URI:
1268 ```
1269 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1270 ```
1271 Value (string):
1272 ```
1273 <enabled/>
1274 <data id="Permissions" value="1&#xF000;https://example.org"/>
1275 ```
1276 OMA-URI:
1277 ```
1278 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1279 ```
1280 Value (string):
1281 ```
1282 <enabled/> or <disabled/>
1283 ```
1284 OMA-URI:
1285 ```
1286 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1287 ```
1288 Value (string):
1289 ```
1290 <enabled/>
1291 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1292 ```
1293 OMA-URI:
1294 ```
1295 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1296 ```
1297 Value (string):
1298 ```
1299 <enabled/>
1300 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1301 ```
1302 #### macOS
1303 ```
1304 <dict>
1305 <key>Cookies</key>
1306 <dict>
1307 <key>Allow</key>
1308 <array>
1309 <string>http://example.com</string>
1310 </array>
1311 <key>AllowSession</key>
1312 <array>
1313 <string>http://example.edu</string>
1314 </array>
1315 <key>Block</key>
1316 <array>
1317 <string>http://example.org</string>
1318 </array>
1319 <key>Locked</key>
1320 <true/> | <false/>
1321 <key>Behavior</key>
1322 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1323 <key>BehaviorPrivateBrowsing</key>
1324 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1325 </dict>
1326 </dict>
1327 ```
1328 #### policies.json
1329 ```
1330 {
1331 "policies": {
1332 "Cookies": {
1333 "Allow": ["http://example.org/"],
1334 "AllowSession": ["http://example.edu/"],
1335 "Block": ["http://example.edu/"],
1336 "Locked": true | false,
1337 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1338 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1339 }
1340 }
1341 }
1342 ```
1343 ### DefaultDownloadDirectory
1344 Set the default download directory.
1345
1346 You can use ${home} for the native home directory.
1347
1348 **Compatibility:** Firefox 68, Firefox ESR 68\
1349 **CCK2 Equivalent:** N/A\
1350 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1351
1352 #### Windows (GPO)
1353 ```
1354 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1355 ```
1356 #### Windows (Intune)
1357 OMA-URI:
1358 ```
1359 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1360 ```
1361 Value (string):
1362 ```
1363 <enabled/>
1364 <data id="Preferences_String" value="${home}\Downloads"/>
1365 ```
1366 #### macOS
1367 ```
1368 <dict>
1369 <key>DefaultDownloadDirectory</key>
1370 <string>${home}/Downloads</string>
1371 </dict>
1372 ```
1373 #### policies.json (macOS and Linux)
1374 ```
1375 {
1376 "policies": {
1377 "DefaultDownloadDirectory": "${home}/Downloads"
1378 }
1379 }
1380 ```
1381 #### policies.json (Windows)
1382 ```
1383 {
1384 "policies": {
1385 "DefaultDownloadDirectory": "${home}\\Downloads"
1386 }
1387 }
1388 ```
1389 ### DisableAppUpdate
1390 Turn off application updates within Firefox.
1391
1392 **Compatibility:** Firefox 60, Firefox ESR 60\
1393 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1394 **Preferences Affected:** N/A
1395
1396 #### Windows (GPO)
1397 ```
1398 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1399 ```
1400 #### Windows (Intune)
1401 OMA-URI:
1402 ```
1403 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1404 ```
1405 Value (string):
1406 ```
1407 <enabled/> or <disabled/>
1408 ```
1409 #### macOS
1410 ```
1411 <dict>
1412 <key>DisableAppUpdate</key>
1413 <true/> | <false/>
1414 </dict>
1415 ```
1416 #### policies.json
1417 ```
1418 {
1419 "policies": {
1420 "DisableAppUpdate": true | false
1421 }
1422 }
1423 ```
1424 ### DisableBuiltinPDFViewer
1425 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1426
1427 **Compatibility:** Firefox 60, Firefox ESR 60\
1428 **CCK2 Equivalent:** `disablePDFjs`\
1429 **Preferences Affected:** `pdfjs.disabled`
1430
1431 #### Windows (GPO)
1432 ```
1433 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1434 ```
1435 #### Windows (Intune)
1436 OMA-URI:
1437 ```
1438 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1439 ```
1440 Value (string):
1441 ```
1442 <enabled/> or <disabled/>
1443 ```
1444 #### macOS
1445 ```
1446 <dict>
1447 <key>DisableBuiltinPDFViewer</key>
1448 <true/> | <false/>
1449 </dict>
1450 ```
1451 #### policies.json
1452 ```
1453 {
1454 "policies": {
1455 "DisableBuiltinPDFViewer": true | false
1456 }
1457 }
1458 ```
1459 ### DisabledCiphers
1460 Disable specific cryptographic ciphers, listed below.
1461
1462 ```
1463 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1464 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1465 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1466 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1467 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1468 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1469 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1470 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1471 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1472 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1473 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1474 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1475 TLS_RSA_WITH_AES_128_GCM_SHA256
1476 TLS_RSA_WITH_AES_256_GCM_SHA384
1477 TLS_RSA_WITH_AES_128_CBC_SHA
1478 TLS_RSA_WITH_AES_256_CBC_SHA
1479 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1480 ```
1481
1482 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1483
1484 ---
1485 **Note:**
1486
1487 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1488
1489 ---
1490 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1491 **CCK2 Equivalent:** N/A\
1492 **Preferences Affected:** N/A
1493
1494 #### Windows (GPO)
1495 ```
1496 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1497 ```
1498 #### Windows (Intune)
1499 OMA-URI:
1500 ```
1501 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1502
1503 ```
1504 Value (string):
1505 ```
1506 <enabled/> or <disabled/>
1507 ```
1508 #### macOS
1509 ```
1510 <dict>
1511 <key>DisabledCiphers</key>
1512 <dict>
1513 <key>CIPHER_NAME</key>
1514 <true/> | <false/>
1515 </dict>
1516 </dict>
1517 ```
1518 #### policies.json
1519 ```
1520 {
1521 "policies": {
1522 "DisabledCiphers": {
1523 "CIPHER_NAME": true | false,
1524 }
1525 }
1526 }
1527 ```
1528 ### DisableDefaultBrowserAgent
1529 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1530
1531 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1532
1533 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1534 **CCK2 Equivalent:** N/A\
1535 **Preferences Affected:** N/A
1536
1537 #### Windows (GPO)
1538 ```
1539 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1540 ```
1541 #### Windows (Intune)
1542 OMA-URI:
1543 ```
1544 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1545 ```
1546 Value (string):
1547 ```
1548 <enabled/> or <disabled/>
1549 ```
1550 #### policies.json
1551 ```
1552 {
1553 "policies": {
1554 "DisableDefaultBrowserAgent": true | false
1555 }
1556 }
1557 ```
1558 ### DisableDeveloperTools
1559 Remove access to all developer tools.
1560
1561 **Compatibility:** Firefox 60, Firefox ESR 60\
1562 **CCK2 Equivalent:** `removeDeveloperTools`\
1563 **Preferences Affected:** `devtools.policy.disabled`
1564
1565 #### Windows (GPO)
1566 ```
1567 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1568 ```
1569 #### Windows (Intune)
1570 OMA-URI:
1571 ```
1572 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1573 ```
1574 Value (string):
1575 ```
1576 <enabled/> or <disabled/>
1577 ```
1578 #### macOS
1579 ```
1580 <dict>
1581 <key>DisableDeveloperTools</key>
1582 <true/> | <false/>
1583 </dict>
1584 ```
1585 #### policies.json
1586 ```
1587 {
1588 "policies": {
1589 "DisableDeveloperTools": true | false
1590 }
1591 }
1592 ```
1593 ### DisableFeedbackCommands
1594 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1595
1596 **Compatibility:** Firefox 60, Firefox ESR 60\
1597 **CCK2 Equivalent:** N/A\
1598 **Preferences Affected:** N/A
1599
1600 #### Windows (GPO)
1601 ```
1602 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1603 ```
1604 #### Windows (Intune)
1605 OMA-URI:
1606 ```
1607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1608 ```
1609 Value (string):
1610 ```
1611 <enabled/> or <disabled/>
1612 ```
1613 #### macOS
1614 ```
1615 <dict>
1616 <key>DisableFeedbackCommands</key>
1617 <true/> | <false/>
1618 </dict>
1619 ```
1620 #### policies.json
1621 ```
1622 {
1623 "policies": {
1624 "DisableFeedbackCommands": true | false
1625 }
1626 }
1627 ```
1628 ### DisableEncryptedClientHello
1629 Disable the TLS Feature for Encrypted Client Hello. Note that TLS Client Hellos will still contain an ECH extension, but this extension will not be used by Firefox during the TLS handshake.
1630
1631 **Compatibility:** Firefox 127, Firefox ESR 128\
1632 **CCK2 Equivalent:** N/A\
1633 **Preferences Affected:** `network.dns.echconfig.enabled`, `network.dns.http3_echconfig.enabled`
1634
1635 #### Windows (GPO)
1636 ```
1637 Software\Policies\Mozilla\Firefox\DisableEncryptedClientHello = 0x1 | 0x0
1638 ```
1639 #### Windows (Intune)
1640 OMA-URI:
1641 ```
1642 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableEncryptedClientHello
1643 ```
1644 Value (string):
1645 ```
1646 <enabled/> or <disabled/>
1647 ```
1648 #### macOS
1649 ```
1650 <dict>
1651 <key>DisableEncryptedClientHello</key>
1652 <true/> | <false/>
1653 </dict>
1654 ```
1655 #### policies.json
1656 ```
1657 {
1658 "policies": {
1659 "DisableEncryptedClientHello": true | false
1660 }
1661 }
1662 ```
1663 ### DisableFirefoxAccounts
1664 Disable Firefox Accounts integration (Sync).
1665
1666 **Compatibility:** Firefox 60, Firefox ESR 60\
1667 **CCK2 Equivalent:** `disableSync`\
1668 **Preferences Affected:** `identity.fxaccounts.enabled`
1669
1670 #### Windows (GPO)
1671 ```
1672 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1673 ```
1674 #### Windows (Intune)
1675 OMA-URI:
1676 ```
1677 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1678 ```
1679 Value (string):
1680 ```
1681 <enabled/> or <disabled/>
1682 ```
1683 #### macOS
1684 ```
1685 <dict>
1686 <key>DisableFirefoxAccounts</key>
1687 <true/> | <false/>
1688 </dict>
1689 ```
1690 #### policies.json
1691 ```
1692 {
1693 "policies": {
1694 "DisableFirefoxAccounts": true | false
1695 }
1696 }
1697 ```
1698 ### DisableFirefoxScreenshots
1699 Remove access to Firefox Screenshots.
1700
1701 **Compatibility:** Firefox 60, Firefox ESR 60\
1702 **CCK2 Equivalent:** N/A\
1703 **Preferences Affected:** `extensions.screenshots.disabled`
1704
1705 #### Windows (GPO)
1706 ```
1707 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1708 ```
1709 #### Windows (Intune)
1710 OMA-URI:
1711 ```
1712 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1713 ```
1714 Value (string):
1715 ```
1716 <enabled/> or <disabled/>
1717 ```
1718 #### macOS
1719 ```
1720 <dict>
1721 <key>DisableFirefoxScreenshots</key>
1722 <true/> | <false/>
1723 </dict>
1724 ```
1725 #### policies.json
1726 ```
1727 {
1728 "policies": {
1729 "DisableFirefoxScreenshots": true | false
1730 }
1731 }
1732 ```
1733 ### DisableFirefoxStudies
1734 Disable Firefox studies (Shield).
1735
1736 **Compatibility:** Firefox 60, Firefox ESR 60\
1737 **CCK2 Equivalent:** N/A\
1738 **Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
1739
1740 #### Windows (GPO)
1741 ```
1742 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1743 ```
1744 #### Windows (Intune)
1745 OMA-URI:
1746 ```
1747 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1748 ```
1749 Value (string):
1750 ```
1751 <enabled/> or <disabled/>
1752 ```
1753 #### macOS
1754 ```
1755 <dict>
1756 <key>DisableFirefoxStudies</key>
1757 <true/> | <false/>
1758 </dict>
1759 ```
1760 #### policies.json
1761 ```
1762 {
1763 "policies": {
1764 "DisableFirefoxStudies": true | false
1765 }
1766 }
1767 ```
1768 ### DisableForgetButton
1769 Disable the "Forget" button.
1770
1771 **Compatibility:** Firefox 60, Firefox ESR 60\
1772 **CCK2 Equivalent:** `disableForget`\
1773 **Preferences Affected:** N/A
1774
1775 #### Windows (GPO)
1776 ```
1777 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1778 ```
1779 #### Windows (Intune)
1780 OMA-URI:
1781 ```
1782 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1783 ```
1784 Value (string):
1785 ```
1786 <enabled/> or <disabled/>
1787 ```
1788 #### macOS
1789 ```
1790 <dict>
1791 <key>DisableForgetButton</key>
1792 <true/> | <false/>
1793 </dict>
1794 ```
1795 #### policies.json
1796 ```
1797 {
1798 "policies": {
1799 "DisableForgetButton": true | false
1800 }
1801 }
1802 ```
1803 ### DisableFormHistory
1804 Turn off saving information on web forms and the search bar.
1805
1806 **Compatibility:** Firefox 60, Firefox ESR 60\
1807 **CCK2 Equivalent:** `disableFormFill`\
1808 **Preferences Affected:** `browser.formfill.enable`
1809
1810 #### Windows (GPO)
1811 ```
1812 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1813 ```
1814 #### Windows (Intune)
1815 OMA-URI:
1816 ```
1817 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1818 ```
1819 Value (string):
1820 ```
1821 <enabled/> or <disabled/>
1822 ```
1823 #### macOS
1824 ```
1825 <dict>
1826 <key>DisableFormHistory</key>
1827 <true/> | <false/>
1828 </dict>
1829 ```
1830 #### policies.json
1831 ```
1832 {
1833 "policies": {
1834 "DisableFormHistory": true | false
1835 }
1836 }
1837 ```
1838 ### DisableMasterPasswordCreation
1839 Remove the master password functionality.
1840
1841 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1842
1843 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1844
1845 **Compatibility:** Firefox 60, Firefox ESR 60\
1846 **CCK2 Equivalent:** `noMasterPassword`\
1847 **Preferences Affected:** N/A
1848
1849 #### Windows (GPO)
1850 ```
1851 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1852 ```
1853 #### Windows (Intune)
1854 OMA-URI:
1855 ```
1856 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1857 ```
1858 Value (string):
1859 ```
1860 <enabled/> or <disabled/>
1861 ```
1862 #### macOS
1863 ```
1864 <dict>
1865 <key>DisableMasterPasswordCreation</key>
1866 <true/> | <false/>
1867 </dict>
1868 ```
1869 #### policies.json
1870 ```
1871 {
1872 "policies": {
1873 "DisableMasterPasswordCreation": true | false
1874 }
1875 }
1876 ```
1877 ### DisablePasswordReveal
1878 Do not allow passwords to be shown in saved logins
1879
1880 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1881 **CCK2 Equivalent:** N/A
1882 **Preferences Affected:** N/A
1883
1884 #### Windows (GPO)
1885 ```
1886 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1887 ```
1888 #### Windows (Intune)
1889 OMA-URI:
1890 ```
1891 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1892 ```
1893 Value (string):
1894 ```
1895 <enabled/> or <disabled/>
1896 ```
1897 #### macOS
1898 ```
1899 <dict>
1900 <key>DisablePasswordReveal</key>
1901 <true/> | <false/>
1902 </dict>
1903 ```
1904 #### policies.json
1905 ```
1906 {
1907 "policies": {
1908 "DisablePasswordReveal": true | false
1909 }
1910 }
1911 ```
1912 ### DisablePocket
1913 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1914
1915 **Compatibility:** Firefox 60, Firefox ESR 60\
1916 **CCK2 Equivalent:** `disablePocket`\
1917 **Preferences Affected:** `extensions.pocket.enabled`
1918
1919 #### Windows (GPO)
1920 ```
1921 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1922 ```
1923 #### Windows (Intune)
1924 OMA-URI:
1925 ```
1926 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1927 ```
1928 Value (string):
1929 ```
1930 <enabled/> or <disabled/>
1931 ```
1932 #### macOS
1933 ```
1934 <dict>
1935 <key>DisablePocket</key>
1936 <true/> | <false/>
1937 </dict>
1938 ```
1939 #### policies.json
1940 ```
1941 {
1942 "policies": {
1943 "DisablePocket": true | false
1944 }
1945 }
1946 ```
1947 ### DisablePrivateBrowsing
1948 Remove access to private browsing.
1949
1950 **Compatibility:** Firefox 60, Firefox ESR 60\
1951 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1952 **Preferences Affected:** N/A
1953
1954 #### Windows (GPO)
1955 ```
1956 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1957 ```
1958 #### Windows (Intune)
1959 OMA-URI:
1960 ```
1961 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1962 ```
1963 Value (string):
1964 ```
1965 <enabled/> or <disabled/>
1966 ```
1967 #### macOS
1968 ```
1969 <dict>
1970 <key>DisablePrivateBrowsing</key>
1971 <true/> | <false/>
1972 </dict>
1973 ```
1974 #### policies.json
1975 ```
1976 {
1977 "policies": {
1978 "DisablePrivateBrowsing": true | false
1979 }
1980 }
1981 ```
1982 ### DisableProfileImport
1983 Disables the "Import data from another browser" option in the bookmarks window.
1984
1985 **Compatibility:** Firefox 60, Firefox ESR 60\
1986 **CCK2 Equivalent:** N/A\
1987 **Preferences Affected:** N/A
1988
1989 #### Windows (GPO)
1990 ```
1991 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1992 ```
1993 #### Windows (Intune)
1994 OMA-URI:
1995 ```
1996 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1997 ```
1998 Value (string):
1999 ```
2000 <enabled/> or <disabled/>
2001 ```
2002 #### macOS
2003 ```
2004 <dict>
2005 <key>DisableProfileImport</key>
2006 <true/> | <false/>
2007 </dict>
2008 ```
2009 #### policies.json
2010 ```
2011 {
2012 "policies": {
2013 "DisableProfileImport": true | false
2014 }
2015 }
2016 ```
2017 ### DisableProfileRefresh
2018 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
2019
2020 **Compatibility:** Firefox 60, Firefox ESR 60\
2021 **CCK2 Equivalent:** `disableResetFirefox`\
2022 **Preferences Affected:** `browser.disableResetPrompt`
2023
2024 #### Windows (GPO)
2025 ```
2026 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
2027 ```
2028 #### Windows (Intune)
2029 OMA-URI:
2030 ```
2031 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
2032 ```
2033 Value (string):
2034 ```
2035 <enabled/> or <disabled/>
2036 ```
2037 #### macOS
2038 ```
2039 <dict>
2040 <key>DisableProfileRefresh</key>
2041 <true/> | <false/>
2042 </dict>
2043 ```
2044 #### policies.json
2045 ```
2046 {
2047 "policies": {
2048 "DisableProfileRefresh": true | false
2049 }
2050 }
2051 ```
2052 ### DisableSafeMode
2053 Disable safe mode within the browser.
2054
2055 On Windows, this disables safe mode via the command line as well.
2056
2057 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
2058 **CCK2 Equivalent:** `disableSafeMode`\
2059 **Preferences Affected:** N/A
2060
2061 #### Windows (GPO)
2062 ```
2063 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
2064 ```
2065 #### Windows (Intune)
2066 OMA-URI:
2067 ```
2068 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
2069 ```
2070 Value (string):
2071 ```
2072 <enabled/> or <disabled/>
2073 ```
2074 #### macOS
2075 ```
2076 <dict>
2077 <key>DisableSafeMode</key>
2078 <true/> | <false/>
2079 </dict>
2080 ```
2081 #### policies.json
2082 ```
2083 {
2084 "policies": {
2085 "DisableSafeMode": true | false
2086 }
2087 }
2088 ```
2089 ### DisableSecurityBypass
2090 Prevent the user from bypassing security in certain cases.
2091
2092 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
2093
2094 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
2095
2096 These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
2097
2098 **Compatibility:** Firefox 60, Firefox ESR 60\
2099 **CCK2 Equivalent:** N/A\
2100 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
2101
2102 #### Windows (GPO)
2103 ```
2104 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2105 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2106 ```
2107 #### Windows (Intune)
2108 OMA-URI:
2109 ```
2110 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2111 ```
2112 Value (string):
2113 ```
2114 <enabled/> or <disabled/>
2115 ```
2116 OMA-URI:
2117 ```
2118 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2119 ```
2120 Value (string):
2121 ```
2122 <enabled/> or <disabled/>
2123 ```
2124
2125 #### macOS
2126 ```
2127 <dict>
2128 <key>DisableSecurityBypass</key>
2129 <dict>
2130 <key>InvalidCertificate</key>
2131 <true/> | <false/>
2132 <key>SafeBrowsing</key>
2133 <true/> | <false/>
2134 </dict>
2135 </dict>
2136 ```
2137 #### policies.json
2138 ```
2139 {
2140 "policies": {
2141 "DisableSecurityBypass": {
2142 "InvalidCertificate": true | false,
2143 "SafeBrowsing": true | false
2144 }
2145 }
2146 }
2147 ```
2148 ### DisableSetDesktopBackground
2149 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2150
2151 **Compatibility:** Firefox 60, Firefox ESR 60\
2152 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2153 **Preferences Affected:** N/A
2154
2155 #### Windows (GPO)
2156 ```
2157 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2158 ```
2159 #### Windows (Intune)
2160 OMA-URI:
2161 ```
2162 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2163 ```
2164 Value (string):
2165 ```
2166 <enabled/> or <disabled/>
2167 ```
2168 #### macOS
2169 ```
2170 <dict>
2171 <key>DisableSetDesktopBackground</key>
2172 <true/> | <false/>
2173 </dict>
2174 ```
2175 #### policies.json
2176 ```
2177 {
2178 "policies": {
2179 "DisableSetDesktopBackground": true | false
2180 }
2181 }
2182 ```
2183 ### DisableSystemAddonUpdate
2184 Prevent system add-ons from being installed or updated.
2185
2186 **Compatibility:** Firefox 60, Firefox ESR 60\
2187 **CCK2 Equivalent:** N/A\
2188 **Preferences Affected:** N/A
2189
2190 #### Windows (GPO)
2191 ```
2192 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2193 ```
2194 #### Windows (Intune)
2195 OMA-URI:
2196 ```
2197 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2198 ```
2199 Value (string):
2200 ```
2201 <enabled/> or <disabled/>
2202 ```
2203 #### macOS
2204 ```
2205 <dict>
2206 <key>DisableSystemAddonUpdate</key>
2207 <true/> | <false/>
2208 </dict>
2209 ```
2210 #### policies.json
2211 ```
2212 {
2213 "policies": {
2214 "DisableSystemAddonUpdate": true | false
2215 }
2216 }
2217 ```
2218 ### DisableTelemetry
2219 Prevent the upload of telemetry data.
2220
2221 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2222
2223 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2224
2225 **Compatibility:** Firefox 60, Firefox ESR 60\
2226 **CCK2 Equivalent:** `disableTelemetry`\
2227 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2228
2229 #### Windows (GPO)
2230 ```
2231 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2232 ```
2233 #### Windows (Intune)
2234 OMA-URI:
2235 ```
2236 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2237 ```
2238 Value (string):
2239 ```
2240 <enabled/> or <disabled/>
2241 ```
2242 #### macOS
2243 ```
2244 <dict>
2245 <key>DisableTelemetry</key>
2246 <true/> | <false/>
2247 </dict>
2248 ```
2249 #### policies.json
2250 ```
2251 {
2252 "policies": {
2253 "DisableTelemetry": true | false
2254 }
2255 }
2256 ```
2257 ### DisableThirdPartyModuleBlocking
2258 Do not allow blocking third-party modules from the `about:third-party` page.
2259
2260 This policy only works on Windows through GPO (not policies.json).
2261
2262 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2263 **CCK2 Equivalent:** N/A\
2264 **Preferences Affected:** N/A
2265
2266 #### Windows (GPO)
2267 ```
2268 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2269 ```
2270 #### Windows (Intune)
2271 OMA-URI:
2272 ```
2273 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2274 ```
2275 Value (string):
2276 ```
2277 <enabled/> or <disabled/>
2278 ```
2279 ### DisplayBookmarksToolbar
2280 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2281
2282 `always` means the bookmarks toolbar is always shown.
2283
2284 `never` means the bookmarks toolbar is not shown.
2285
2286 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2287
2288 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2289 **CCK2 Equivalent:** N/A\
2290 **Preferences Affected:** N/A
2291
2292 #### Windows (GPO)
2293 ```
2294 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2295 ```
2296 #### Windows (Intune)
2297 OMA-URI:
2298 ```
2299 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2300 ```
2301 Value (string):
2302 ```
2303 <enabled/>
2304 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2305 ```
2306 #### macOS
2307 ```
2308 <dict>
2309 <key>DisplayBookmarksToolbar</key>
2310 <string>always | never | newtab</string>
2311 </dict>
2312 ```
2313 #### policies.json
2314 ```
2315 {
2316 "policies": {
2317 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2318 }
2319 }
2320 ```
2321 ### DisplayMenuBar
2322 Set the state of the menubar.
2323
2324 `always` means the menubar is shown and cannot be hidden.
2325
2326 `never` means the menubar is hidden and cannot be shown.
2327
2328 `default-on` means the menubar is on by default but can be hidden.
2329
2330 `default-off` means the menubar is off by default but can be shown.
2331
2332 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2333 **CCK2 Equivalent:** `displayMenuBar`\
2334 **Preferences Affected:** N/A
2335
2336 #### Windows (GPO)
2337 ```
2338 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2339 ```
2340 #### Windows (Intune)
2341 OMA-URI:
2342 ```
2343 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2344 ```
2345 Value (string):
2346 ```
2347 <enabled/>
2348 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2349 ```
2350 #### macOS
2351 ```
2352 <dict>
2353 <key>DisplayMenuBar</key>
2354 <string>always | never | default-on | default-off</string>
2355 </dict>
2356 ```
2357 #### policies.json
2358 ```
2359 {
2360 "policies": {
2361 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2362 }
2363 }
2364 ```
2365 ### DNSOverHTTPS
2366 Configure DNS over HTTPS.
2367
2368 `Enabled` determines whether DNS over HTTPS is enabled
2369
2370 `ProviderURL` is a URL to another provider.
2371
2372 `Locked` prevents the user from changing DNS over HTTPS preferences.
2373
2374 `ExcludedDomains` excludes domains from DNS over HTTPS.
2375
2376 `Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider.
2377
2378 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\
2379 **CCK2 Equivalent:** N/A\
2380 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2381
2382 #### Windows (GPO)
2383 ```
2384 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2385 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2386 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2387 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2388 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0
2389 ```
2390 #### Windows (Intune)
2391 OMA-URI:
2392 ```
2393 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2394 ```
2395 Value (string):
2396 ```
2397 <enabled/> or <disabled/>
2398 ```
2399 OMA-URI:
2400 ```
2401 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2402 ```
2403 Value (string):
2404 ```
2405 <enabled/>
2406 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2407 ```
2408 OMA-URI:
2409 ```
2410 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2411 ```
2412 Value (string):
2413 ```
2414 <enabled/> or <disabled/>
2415 ```
2416 OMA-URI:
2417 ```
2418 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2419 ```
2420 Value (string):
2421 ```
2422 <enabled/>
2423 <data id="List" value="1&#xF000;example.com"/>
2424 ```
2425 OMA-URI:
2426 ```
2427 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback
2428 ```
2429 Value (string):
2430 ```
2431 <enabled/> or <disabled/>
2432 ```
2433 #### macOS
2434 ```
2435 <dict>
2436 <key>DNSOverHTTPS</key>
2437 <dict>
2438 <key>Enabled</key>
2439 <true/> | <false/>
2440 <key>ProviderURL</key>
2441 <string>URL_TO_ALTERNATE_PROVIDER</string>
2442 <key>Locked</key>
2443 <true/> | <false/>
2444 <key>ExcludedDomains</key>
2445 <array>
2446 <string>example.com</string>
2447 </array>
2448 <key>Fallback</key>
2449 <true/> | <false/>
2450 </dict>
2451 </dict>
2452 ```
2453 #### policies.json
2454 ```
2455 {
2456 "policies": {
2457 "DNSOverHTTPS": {
2458 "Enabled": true | false,
2459 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2460 "Locked": true | false,
2461 "ExcludedDomains": ["example.com"],
2462 "Fallback": true | false,
2463 }
2464 }
2465 }
2466 ```
2467 ### DontCheckDefaultBrowser
2468 Don't check if Firefox is the default browser at startup.
2469
2470 **Compatibility:** Firefox 60, Firefox ESR 60\
2471 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2472 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2473
2474 #### Windows (GPO)
2475 ```
2476 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2477 ```
2478 #### Windows (Intune)
2479 OMA-URI:
2480 ```
2481 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2482 ```
2483 Value (string):
2484 ```
2485 <enabled/> or <disabled/>
2486 ```
2487 #### macOS
2488 ```
2489 <dict>
2490 <key>DontCheckDefaultBrowser</key>
2491 <true/> | <false/>
2492 </dict>
2493 ```
2494 #### policies.json
2495 ```
2496 {
2497 "policies": {
2498 "DontCheckDefaultBrowser": true | false
2499 }
2500 }
2501 ```
2502 ### DownloadDirectory
2503 Set and lock the download directory.
2504
2505 You can use ${home} for the native home directory.
2506
2507 **Compatibility:** Firefox 68, Firefox ESR 68\
2508 **CCK2 Equivalent:** N/A\
2509 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2510
2511 #### Windows (GPO)
2512 ```
2513 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2514 ```
2515 #### Windows (Intune)
2516 OMA-URI:
2517 ```
2518 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2519 ```
2520 Value (string):
2521 ```
2522 <enabled/>
2523 <data id="Preferences_String" value="${home}\Downloads"/>
2524 ```
2525 #### macOS
2526 ```
2527 <dict>
2528 <key>DownloadDirectory</key>
2529 <string>${home}/Downloads</string>
2530 </dict>
2531 ```
2532 #### policies.json (macOS and Linux)
2533 ```
2534 {
2535 "policies": {
2536 "DownloadDirectory": "${home}/Downloads"
2537 }
2538 ```
2539 #### policies.json (Windows)
2540 ```
2541 {
2542 "policies": {
2543 "DownloadDirectory": "${home}\\Downloads"
2544 }
2545 ```
2546 ### EnableTrackingProtection
2547 Configure tracking protection.
2548
2549 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2550
2551 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2552
2553 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2554
2555 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2556
2557 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2558
2559 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2560
2561 `Exceptions` are origins for which tracking protection is not enabled.
2562
2563 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2564 **CCK2 Equivalent:** N/A\
2565 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2566
2567 #### Windows (GPO)
2568 ```
2569 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2570 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2571 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2572 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2573 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2574 ```
2575 #### Windows (Intune)
2576 OMA-URI:
2577 ```
2578 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2579 ```
2580 Value (string):
2581 ```
2582 <enabled/> or <disabled/>
2583 ```
2584 OMA-URI:
2585 ```
2586 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2587 ```
2588 Value (string):
2589 ```
2590 <enabled/> or <disabled/>
2591 ```
2592 OMA-URI:
2593 ```
2594 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2595 ```
2596 Value (string):
2597 ```
2598 <enabled/> or <disabled/>
2599 ```
2600 OMA-URI:
2601 ```
2602 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2603 ```
2604 Value (string):
2605 ```
2606 <enabled/>
2607 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2608 ```
2609 OMA-URI:
2610 ```
2611 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2612 ```
2613 Value (string):
2614 ```
2615 <enabled/> or <disabled/>
2616 ```
2617 #### macOS
2618 ```
2619 <dict>
2620 <key>EnableTrackingProtection</key>
2621 <dict>
2622 <key>Value</key>
2623 <true/> | <false/>
2624 <key>Locked</key>
2625 <true/> | <false/>
2626 <key>Cryptomining</key>
2627 <true/> | <false/>
2628 <key>Fingerprinting</key>
2629 <true/> | <false/>
2630 <key>Exceptions</key>
2631 <array>
2632 <string>https://example.com</string>
2633 </array>
2634 </dict>
2635 </dict>
2636 ```
2637 #### policies.json
2638 ```
2639 {
2640 "policies": {
2641 "EnableTrackingProtection": {
2642 "Value": true | false,
2643 "Locked": true | false,
2644 "Cryptomining": true | false,
2645 "Fingerprinting": true | false,
2646 "Exceptions": ["https://example.com"]
2647 }
2648 }
2649 }
2650 ```
2651 ### EncryptedMediaExtensions
2652 Enable or disable Encrypted Media Extensions and optionally lock it.
2653
2654 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2655
2656 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2657
2658 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2659 **CCK2 Equivalent:** N/A\
2660 **Preferences Affected:** `media.eme.enabled`
2661
2662 #### Windows (GPO)
2663 ```
2664 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2665 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2666 ```
2667 #### Windows (Intune)
2668 OMA-URI:
2669 ```
2670 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2671 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2672 ```
2673 Value (string):
2674 ```
2675 <enabled/>or <disabled/>
2676 ```
2677 #### macOS
2678 ```
2679 <dict>
2680 <key>EncryptedMediaExtensions</key>
2681 <dict>
2682 <key>Enabled</key>
2683 <true/> | <false/>
2684 <key>Locked</key>
2685 <true/> | <false/>
2686 </dict>
2687 </dict>
2688 ```
2689 #### policies.json
2690 ```
2691 {
2692 "policies": {
2693 "EncryptedMediaExtensions": {
2694 "Enabled": true | false,
2695 "Locked": true | false
2696 }
2697 }
2698 }
2699 ```
2700 ### EnterprisePoliciesEnabled
2701 Enable policy support on macOS.
2702
2703 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2704 **CCK2 Equivalent:** N/A\
2705 **Preferences Affected:** N/A
2706
2707 #### macOS
2708 ```
2709 <dict>
2710 <key>EnterprisePoliciesEnabled</key>
2711 <true/>
2712 </dict>
2713 ```
2714 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2715
2716 Disable warnings based on file extension for specific file types on domains.
2717
2718 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2719
2720 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2721
2722 **Compatibility:** Firefox 102\
2723 **CCK2 Equivalent:** N/A\
2724 **Preferences Affected:** N/A
2725
2726 #### Windows (GPO)
2727 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2728 ```
2729 [
2730 {
2731 "file_extension": "jnlp",
2732 "domains": ["example.com"]
2733 }
2734 ]
2735 ```
2736 #### Windows (Intune)
2737 OMA-URI:
2738 ```
2739 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2740 ```
2741 Value (string):
2742 ```
2743 <enabled/>
2744 <data id="JSON" value='
2745 [
2746 {
2747 "file_extension": "jnlp",
2748 "domains": ["example.com"]
2749 }
2750 ]
2751 '/>
2752 ```
2753 #### macOS
2754 ```
2755 <dict>
2756 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2757 <array>
2758 <dict>
2759 <key>file_extension</key>
2760 <string>jnlp</string>
2761 <key>domains</key>
2762 <array>
2763 <string>example.com</string>
2764 </array>
2765 </dict>
2766 </array>
2767 </dict>
2768 ```
2769 #### policies.json
2770 ```
2771 {
2772 "policies": {
2773 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2774 "file_extension": "jnlp",
2775 "domains": ["example.com"]
2776 }]
2777 }
2778 }
2779 ```
2780 ### Extensions
2781 Control the installation, uninstallation and locking of extensions.
2782
2783 We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2784
2785 This method will be deprecated in the near future.
2786
2787 `Install` is a list of URLs or native paths for extensions to be installed.
2788
2789 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2790
2791 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2792
2793 **Compatibility:** Firefox 60, Firefox ESR 60\
2794 **CCK2 Equivalent:** `addons`\
2795 **Preferences Affected:** N/A
2796
2797 #### Windows (GPO)
2798 ```
2799 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2800 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2801 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2802 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2803 ```
2804 #### Windows (Intune)
2805 OMA-URI:
2806 ```
2807 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2808 ```
2809 Value (string):
2810 ```
2811 <enabled/>
2812 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2813 ```
2814 OMA-URI:
2815 ```
2816 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2817 ```
2818 Value (string):
2819 ```
2820 <enabled/>
2821 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2822 ```
2823 OMA-URI:
2824 ```
2825 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2826 ```
2827 Value (string):
2828 ```
2829 <enabled/>
2830 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2831 ```
2832 #### macOS
2833 ```
2834 <dict>
2835 <key>Extensions</key>
2836 <dict>
2837 <key>Install</key>
2838 <array>
2839 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2840 <string>//path/to/xpi</string>
2841 </array>
2842 <key>Uninstall</key>
2843 <array>
2844 <string>bad_addon_id@mozilla.org</string>
2845 </array>
2846 <key>Locked</key>
2847 <array>
2848 <string>addon_id@mozilla.org</string>
2849 </array>
2850 </dict>
2851 </dict>
2852 ```
2853 #### policies.json
2854 ```
2855 {
2856 "policies": {
2857 "Extensions": {
2858 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2859 "Uninstall": ["bad_addon_id@mozilla.org"],
2860 "Locked": ["addon_id@mozilla.org"]
2861 }
2862 }
2863 }
2864 ```
2865 ### ExtensionSettings
2866 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2867
2868 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2869
2870 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2871
2872 The configuration for each extension is another dictionary that can contain the fields documented below.
2873
2874 | Name | Description |
2875 | --- | --- |
2876 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2877 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2878 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2879 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2880 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2881 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2882 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2883 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2884 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2885 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2886 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2887 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2888 | `temporarily_allow_weak_signatures`| (Firefox 127) A boolean that indicates whether to allow installing extensions signed using deprecated signature algorithms.
2889
2890 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2891 **CCK2 Equivalent:** N/A\
2892 **Preferences Affected:** N/A
2893
2894 #### Windows (GPO)
2895 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2896 ```
2897 {
2898 "*": {
2899 "blocked_install_message": "Custom error message.",
2900 "install_sources": ["https://yourwebsite.com/*"],
2901 "installation_mode": "blocked",
2902 "allowed_types": ["extension"]
2903 },
2904 "uBlock0@raymondhill.net": {
2905 "installation_mode": "force_installed",
2906 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2907 },
2908 "https-everywhere@eff.org": {
2909 "installation_mode": "allowed",
2910 "updates_disabled": false
2911 }
2912 }
2913 ```
2914 #### Windows (Intune)
2915 OMA-URI:
2916 ```
2917 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2918 ```
2919 Value (string):
2920 ```
2921 <enabled/>
2922 <data id="ExtensionSettings" value='
2923 {
2924 "*": {
2925 "blocked_install_message": "Custom error message.",
2926 "install_sources": ["https://yourwebsite.com/*"],
2927 "installation_mode": "blocked",
2928 "allowed_types": ["extension"]
2929 },
2930 "uBlock0@raymondhill.net": {
2931 "installation_mode": "force_installed",
2932 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2933 },
2934 "https-everywhere@eff.org": {
2935 "installation_mode": "allowed",
2936 "updates_disabled": false
2937 }
2938 }'/>
2939 ```
2940 #### macOS
2941 ```
2942 <dict>
2943 <key>ExtensionSettings</key>
2944 <dict>
2945 <key>*</key>
2946 <dict>
2947 <key>blocked_install_message</key>
2948 <string>Custom error message.</string>
2949 <key>install_sources</key>
2950 <array>
2951 <string>"https://yourwebsite.com/*"</string>
2952 </array>
2953 <key>installation_mode</key>
2954 <string>blocked</string>
2955 <key>allowed_types</key>
2956 <array>
2957 <string>extension</string>
2958 </array>
2959 </dict>
2960 <key>uBlock0@raymondhill.net</key>
2961 <dict>
2962 <key>installation_mode</key>
2963 <string>force_installed</string>
2964 <key>install_url</key>
2965 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2966 </dict>
2967 <key>https-everywhere@eff.org</key>
2968 <dict>
2969 <key>installation_mode</key>
2970 <string>allowed</string>
2971 <key>updates_disabled</key>
2972 <true/> | <false/>
2973 </dict>
2974 </dict>
2975 </dict>
2976 ```
2977 #### policies.json
2978 ```
2979 {
2980 "policies": {
2981 "ExtensionSettings": {
2982 "*": {
2983 "blocked_install_message": "Custom error message.",
2984 "install_sources": ["https://yourwebsite.com/*"],
2985 "installation_mode": "blocked",
2986 "allowed_types": ["extension"]
2987 },
2988 "uBlock0@raymondhill.net": {
2989 "installation_mode": "force_installed",
2990 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2991 },
2992 "https-everywhere@eff.org": {
2993 "installation_mode": "allowed",
2994 "updates_disabled": false
2995 }
2996 }
2997 }
2998 }
2999 ```
3000 ### ExtensionUpdate
3001 Control extension updates.
3002
3003 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3004 **CCK2 Equivalent:** N/A\
3005 **Preferences Affected:** `extensions.update.enabled`
3006
3007 #### Windows (GPO)
3008 ```
3009 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
3010 ```
3011 #### Windows (Intune)
3012 OMA-URI:
3013 ```
3014 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
3015 ```
3016 Value (string):
3017 ```
3018 <enabled/> or <disabled/>
3019 ```
3020 #### macOS
3021 ```
3022 <dict>
3023 <key>ExtensionUpdate</key>
3024 <true/> | <false/>
3025 </dict>
3026 ```
3027 #### policies.json
3028 ```
3029 {
3030 "policies": {
3031 "ExtensionUpdate": true | false
3032 }
3033 }
3034 ```
3035 ### FirefoxHome
3036 Customize the Firefox Home page.
3037
3038 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
3039 **CCK2 Equivalent:** N/A\
3040 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
3041
3042 #### Windows (GPO)
3043 ```
3044 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
3045 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
3046 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
3047 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
3048 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
3049 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
3050 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
3051 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
3052 ```
3053 #### Windows (Intune)
3054 OMA-URI:
3055 ```
3056 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
3057 ```
3058 Value (string):
3059 ```
3060 <enabled/>
3061 <data id="FirefoxHome_Search" value="true | false"/>
3062 <data id="FirefoxHome_TopSites" value="true | false"/>
3063 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3064 <data id="FirefoxHome_Highlights" value="true | false"/>
3065 <data id="FirefoxHome_Pocket" value="true | false"/>
3066 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3067 <data id="FirefoxHome_Snippets" value="true | false"/>
3068 <data id="FirefoxHome_Locked" value="true | false"/>
3069 ```
3070 #### macOS
3071 ```
3072 <dict>
3073 <key>FirefoxHome</key>
3074 <dict>
3075 <key>Search</key>
3076 <true/> | <false/>
3077 <key>TopSites</key>
3078 <true/> | <false/>
3079 <key>SponsoredTopSites</key>
3080 <true/> | <false/>
3081 <key>Highlights</key>
3082 <true/> | <false/>
3083 <key>Pocket</key>
3084 <true/> | <false/>
3085 <key>SponsoredPocket</key>
3086 <true/> | <false/>
3087 <key>Snippets</key>
3088 <true/> | <false/>
3089 <key>Locked</key>
3090 <true/> | <false/>
3091 </dict>
3092 </dict>
3093 ```
3094 #### policies.json
3095 ```
3096 {
3097 "policies": {
3098 "FirefoxHome": {
3099 "Search": true | false,
3100 "TopSites": true | false,
3101 "SponsoredTopSites": true | false,
3102 "Highlights": true | false,
3103 "Pocket": true | false,
3104 "SponsoredPocket": true | false,
3105 "Snippets": true | false,
3106 "Locked": true | false
3107 }
3108 }
3109 }
3110 ```
3111 ### FirefoxSuggest
3112 Customize Firefox Suggest (US only).
3113
3114 **Compatibility:** Firefox 118, Firefox ESR 115.3.
3115 **CCK2 Equivalent:** N/A\
3116 **Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
3117
3118 #### Windows (GPO)
3119 ```
3120 Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
3121 Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
3122 Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
3123 Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
3124 ```
3125 #### Windows (Intune)
3126 OMA-URI:
3127 ```
3128 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
3129 ```
3130 Value (string):
3131 ```
3132 <enabled/> or <disabled/>
3133 ```
3134 OMA-URI:
3135 ```
3136 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
3137 ```
3138 Value (string):
3139 ```
3140 <enabled/> or <disabled/>
3141 ```
3142 OMA-URI:
3143 ```
3144 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
3145 ```
3146 Value (string):
3147 ```
3148 <enabled/> or <disabled/>
3149 ```
3150 OMA-URI:
3151 ```
3152 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
3153 ```
3154 Value (string):
3155 ```
3156 <enabled/> or <disabled/>
3157 ```
3158 #### macOS
3159 ```
3160 <dict>
3161 <key>FirefoxSuggest</key>
3162 <dict>
3163 <key>WebSuggestions</key>
3164 <true/> | <false/>
3165 <key>SponsoredSuggestions</key>
3166 <true/> | <false/>
3167 <key>ImproveSuggest</key>
3168 <true/> | <false/>
3169 <key>Locked</key>
3170 <true/> | <false/>
3171 </dict>
3172 </dict>
3173 ```
3174 #### policies.json
3175 ```
3176 {
3177 "policies": {
3178 "FirefoxSuggest": {
3179 "WebSuggestions": true | false,
3180 "SponsoredSuggestions": true | false,
3181 "ImproveSuggest": true | false,
3182 "Locked": true | false
3183 }
3184 }
3185 }
3186 ```
3187 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3188 Whether to always go through the DNS server before sending a single word search string to a search engine.
3189
3190 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3191
3192 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3193
3194 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3195
3196 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3197
3198 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3199
3200 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3201 **CCK2 Equivalent:** `N/A`\
3202 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3203
3204 #### Windows (GPO)
3205 ```
3206 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3207 ```
3208 #### Windows (Intune)
3209 OMA-URI:
3210 ```
3211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3212 ```
3213 Value (string):
3214 ```
3215 <enabled/> or <disabled/>
3216 ```
3217 #### macOS
3218 ```
3219 <dict>
3220 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3221 <true/> | <false/>
3222 </dict>
3223 ```
3224 #### policies.json
3225 ```
3226 {
3227 "policies": {
3228 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3229 }
3230 }
3231 ```
3232 ### Handlers
3233 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3234
3235 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3236
3237 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3238
3239 | Name | Description |
3240 | --- | --- |
3241 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3242 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3243 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3244 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3245 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3246 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3247
3248 **Compatibility:** Firefox 78, Firefox ESR 78\
3249 **CCK2 Equivalent:** N/A\
3250 **Preferences Affected:** N/A
3251
3252 #### Windows (GPO)
3253 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3254 ```
3255 {
3256 "mimeTypes": {
3257 "application/msword": {
3258 "action": "useSystemDefault",
3259 "ask": true | false
3260 }
3261 },
3262 "schemes": {
3263 "mailto": {
3264 "action": "useHelperApp",
3265 "ask": true | false,
3266 "handlers": [{
3267 "name": "Gmail",
3268 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3269 }]
3270 }
3271 },
3272 "extensions": {
3273 "pdf": {
3274 "action": "useHelperApp",
3275 "ask": true | false,
3276 "handlers": [{
3277 "name": "Adobe Acrobat",
3278 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3279 }]
3280 }
3281 }
3282 }
3283 ```
3284 #### Windows (Intune)
3285 OMA-URI:
3286 ```
3287 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3288 ```
3289 Value (string):
3290 ```
3291 <enabled/>
3292 <data id="Handlers" value='
3293 {
3294 "mimeTypes": {
3295 "application/msword": {
3296 "action": "useSystemDefault",
3297 "ask": true | false
3298 }
3299 },
3300 "schemes": {
3301 "mailto": {
3302 "action": "useHelperApp",
3303 "ask": true | false,
3304 "handlers": [{
3305 "name": "Gmail",
3306 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3307 }]
3308 }
3309 },
3310 "extensions": {
3311 "pdf": {
3312 "action": "useHelperApp",
3313 "ask": true | false,
3314 "handlers": [{
3315 "name": "Adobe Acrobat",
3316 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3317 }]
3318 }
3319 }
3320 }
3321 '/>
3322 ```
3323 #### macOS
3324 ```
3325 <dict>
3326 <key>Handlers</key>
3327 <dict>
3328 <key>mimeTypes</key>
3329 <dict>
3330 <key>application/msword</key>
3331 <dict>
3332 <key>action</key>
3333 <string>useSystemDefault</string>
3334 <key>ask</key>
3335 <true/> | <false/>
3336 </dict>
3337 </dict>
3338 <key>schemes</key>
3339 <dict>
3340 <key>mailto</key>
3341 <dict>
3342 <key>action</key>
3343 <string>useHelperApp</string>
3344 <key>ask</key>
3345 <true/> | <false/>
3346 <key>handlers</key>
3347 <array>
3348 <dict>
3349 <key>name</key>
3350 <string>Gmail</string>
3351 <key>uriTemplate</key>
3352 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3353 </dict>
3354 </array>
3355 </dict>
3356 </dict>
3357 <key>extensions</key>
3358 <dict>
3359 <key>pdf</key>
3360 <dict>
3361 <key>action</key>
3362 <string>useHelperApp</string>
3363 <key>ask</key>
3364 <true/> | <false/>
3365 <key>handlers</key>
3366 <array>
3367 <dict>
3368 <key>name</key>
3369 <string>Adobe Acrobat</string>
3370 <key>path</key>
3371 <string>/System/Applications/Preview.app</string>
3372 </dict>
3373 </array>
3374 </dict>
3375 </dict>
3376 </dict>
3377 </dict>
3378 ```
3379 #### policies.json
3380 ```
3381 {
3382 "policies": {
3383 "Handlers": {
3384 "mimeTypes": {
3385 "application/msword": {
3386 "action": "useSystemDefault",
3387 "ask": false
3388 }
3389 },
3390 "schemes": {
3391 "mailto": {
3392 "action": "useHelperApp",
3393 "ask": true | false,
3394 "handlers": [{
3395 "name": "Gmail",
3396 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3397 }]
3398 }
3399 },
3400 "extensions": {
3401 "pdf": {
3402 "action": "useHelperApp",
3403 "ask": true | false,
3404 "handlers": [{
3405 "name": "Adobe Acrobat",
3406 "path": "/usr/bin/acroread"
3407 }]
3408 }
3409 }
3410 }
3411 }
3412 }
3413 ```
3414 ### HardwareAcceleration
3415 Control hardware acceleration.
3416
3417 **Compatibility:** Firefox 60, Firefox ESR 60\
3418 **CCK2 Equivalent:** N/A\
3419 **Preferences Affected:** `layers.acceleration.disabled`
3420
3421 #### Windows (GPO)
3422 ```
3423 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3424 ```
3425 #### Windows (Intune)
3426 OMA-URI:
3427 ```
3428 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3429 ```
3430 Value (string):
3431 ```
3432 <enabled/> or <disabled/>
3433 ```
3434 #### macOS
3435 ```
3436 <dict>
3437 <key>HardwareAcceleration</key>
3438 <true/> | <false/>
3439 </dict>
3440 ```
3441 #### policies.json
3442 ```
3443 {
3444 "policies": {
3445 "HardwareAcceleration": true | false
3446 }
3447 }
3448 ```
3449 ### Homepage
3450 Configure the default homepage and how Firefox starts.
3451
3452 `URL` is the default homepage.
3453
3454 `Locked` prevents the user from changing homepage preferences.
3455
3456 `Additional` allows for more than one homepage.
3457
3458 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3459
3460 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3461
3462 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3463 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3464 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3465
3466 #### Windows (GPO)
3467 ```
3468 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3469 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3470 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3471 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3472 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3473 ```
3474 #### Windows (Intune)
3475 OMA-URI:
3476 ```
3477 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3478 ```
3479 Value (string):
3480 ```
3481 <enabled/>
3482
3483 <data id="HomepageURL" value="https://example.com"/>
3484 <data id="HomepageLocked" value="true | false"/>
3485 ```
3486 OMA-URI:
3487 ```
3488 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3489 ```
3490 Value (string):
3491 ```
3492 <enabled/>
3493
3494 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3495 ```
3496 OMA-URI:
3497 ```
3498 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3499 ```
3500 Value (string):
3501 ```
3502 <enabled/>
3503
3504 <data id="StartPage" value="none | homepage | previous-session"/>
3505 ```
3506 #### macOS
3507 ```
3508 <dict>
3509 <key>Homepage</key>
3510 <dict>
3511 <key>URL</key>
3512 <string>http://example.com</string>
3513 <key>Locked</key>
3514 <true/> | <false/>
3515 <key>Additional</key>
3516 <array>
3517 <string>http://example.org</string>
3518 <string>http://example.edu</string>
3519 </array>
3520 <key>StartPage</key>
3521 <string>none | homepage | previous-session | homepage-locked</string>
3522 </dict>
3523 </dict>
3524 ```
3525 #### policies.json
3526 ```
3527 {
3528 "policies": {
3529 "Homepage": {
3530 "URL": "http://example.com/",
3531 "Locked": true | false,
3532 "Additional": ["http://example.org/",
3533 "http://example.edu/"],
3534 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3535 }
3536 }
3537 }
3538 ```
3539 ### InstallAddonsPermission
3540 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3541
3542 `Allow` is a list of origins where extension installs are allowed.
3543
3544 `Default` determines whether or not extension installs are allowed by default.
3545
3546 **Compatibility:** Firefox 60, Firefox ESR 60\
3547 **CCK2 Equivalent:** `permissions.install`\
3548 **Preferences Affected:** `xpinstall.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
3549
3550 #### Windows (GPO)
3551 ```
3552 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3553 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3554 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3555 ```
3556 #### Windows (Intune)
3557 OMA-URI:
3558 ```
3559 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3560 ```
3561 Value (string):
3562 ```
3563 <enabled/>
3564 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3565 ```
3566 OMA-URI:
3567 ```
3568 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3569 ```
3570 Value (string):
3571 ```
3572 <enabled/>
3573 ```
3574 #### macOS
3575 ```
3576 <dict>
3577 <key>InstallAddonsPermission</key>
3578 <dict>
3579 <key>Allow</key>
3580 <array>
3581 <string>http://example.org</string>
3582 <string>http://example.edu</string>
3583 </array>
3584 <key>Default</key>
3585 <true/> | <false/>
3586 </dict>
3587 </dict>
3588 ```
3589 #### policies.json
3590 ```
3591 {
3592 "policies": {
3593 "InstallAddonsPermission": {
3594 "Allow": ["http://example.org/",
3595 "http://example.edu/"],
3596 "Default": true | false
3597 }
3598 }
3599 }
3600 ```
3601 ### LegacyProfiles
3602 Disable the feature enforcing a separate profile for each installation.
3603
3604 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3605
3606 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3607
3608 This policy only work on Windows via GPO (not policies.json).
3609
3610 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3611 **CCK2 Equivalent:** N/A\
3612 **Preferences Affected:** N/A
3613
3614 #### Windows (GPO)
3615 ```
3616 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3617 ```
3618 #### Windows (Intune)
3619 OMA-URI:
3620 ```
3621 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3622 ```
3623 Value (string):
3624 ```
3625 <enabled/> or <disabled/>
3626 ```
3627 ### LegacySameSiteCookieBehaviorEnabled
3628 Enable default legacy SameSite cookie behavior setting.
3629
3630 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3631
3632 **Compatibility:** Firefox 96\
3633 **CCK2 Equivalent:** N/A\
3634 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3635
3636 #### Windows (GPO)
3637 ```
3638 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3639 ```
3640 #### Windows (Intune)
3641 OMA-URI:
3642 ```
3643 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3644 ```
3645 Value (string):
3646 ```
3647 <enabled/> or <disabled/>
3648 ```
3649 #### macOS
3650 ```
3651 <dict>
3652 <key>LegacySameSiteCookieBehaviorEnabled</key>
3653 <true/> | <false/>
3654 </dict>
3655 ```
3656 #### policies.json
3657 ```
3658 {
3659 "policies": {
3660 "LegacySameSiteCookieBehaviorEnabled": true | false
3661 }
3662 ```
3663 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3664 Revert to legacy SameSite behavior for cookies on specified sites.
3665
3666 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3667
3668 **Compatibility:** Firefox 96\
3669 **CCK2 Equivalent:** N/A\
3670 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3671
3672 #### Windows (GPO)
3673 ```
3674 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3675 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3676 ```
3677 #### Windows (Intune)
3678 OMA-URI:
3679 ```
3680 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3681 ```
3682 Value (string):
3683 ```
3684 <enabled/>
3685 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3686 ```
3687 #### macOS
3688 ```
3689 <dict>
3690 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3691 <array>
3692 <string>example.org</string>
3693 <string>example.edu</string>
3694 </array>
3695 </dict>
3696 ```
3697 #### policies.json
3698 ```
3699 {
3700 "policies": {
3701 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3702 "example.edu"]
3703 }
3704 }
3705 ```
3706 ### LocalFileLinks
3707 Enable linking to local files by origin.
3708
3709 **Compatibility:** Firefox 68, Firefox ESR 68\
3710 **CCK2 Equivalent:** N/A\
3711 **Preferences Affected:** `capability.policy.localfilelinks.*`
3712
3713 #### Windows (GPO)
3714 ```
3715 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3716 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3717 ```
3718 #### Windows (Intune)
3719 OMA-URI:
3720 ```
3721 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3722 ```
3723 Value (string):
3724 ```
3725 <enabled/>
3726 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3727 ```
3728 #### macOS
3729 ```
3730 <dict>
3731 <key>LocalFileLinks</key>
3732 <array>
3733 <string>http://example.org</string>
3734 <string>http://example.edu</string>
3735 </array>
3736 </dict>
3737 ```
3738 #### policies.json
3739 ```
3740 {
3741 "policies": {
3742 "LocalFileLinks": ["http://example.org/",
3743 "http://example.edu/"]
3744 }
3745 }
3746 ```
3747 ### ManagedBookmarks
3748 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3749
3750 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3751
3752 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3753 ```
3754 {
3755 "items": {
3756 "id": "BookmarkType",
3757 "properties": {
3758 "children": {
3759 "items": {
3760 "$ref": "BookmarkType"
3761 },
3762 "type": "array"
3763 },
3764 "name": {
3765 "type": "string"
3766 },
3767 "toplevel_name": {
3768 "type": "string"
3769 },
3770 "url": {
3771 "type": "string"
3772 }
3773 },
3774 "type": "object"
3775 },
3776 "type": "array"
3777 }
3778 ```
3779 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3780 **CCK2 Equivalent:** N/A\
3781 **Preferences Affected:** N/A
3782
3783 #### Windows (GPO)
3784 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3785 ```
3786 [
3787 {
3788 "toplevel_name": "My managed bookmarks folder"
3789 },
3790 {
3791 "url": "example.com",
3792 "name": "Example"
3793 },
3794 {
3795 "name": "Mozilla links",
3796 "children": [
3797 {
3798 "url": "https://mozilla.org",
3799 "name": "Mozilla.org"
3800 },
3801 {
3802 "url": "https://support.mozilla.org/",
3803 "name": "SUMO"
3804 }
3805 ]
3806 }
3807 ]
3808 ```
3809 #### Windows (Intune)
3810 OMA-URI:
3811 ```
3812 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3813 ```
3814 Value (string):
3815 ```
3816 <enabled/>
3817 <data id="JSON" value='
3818 [
3819 {
3820 "toplevel_name": "My managed bookmarks folder"
3821 },
3822 {
3823 "url": "example.com",
3824 "name": "Example"
3825 },
3826 {
3827 "name": "Mozilla links",
3828 "children": [
3829 {
3830 "url": "https://mozilla.org",
3831 "name": "Mozilla.org"
3832 },
3833 {
3834 "url": "https://support.mozilla.org/",
3835 "name": "SUMO"
3836 }
3837 ]
3838 }
3839 ]'/>
3840 ```
3841 #### macOS
3842 ```
3843 <dict>
3844 <key>ManagedBookmarks</key>
3845 <array>
3846 <dict>
3847 <key>toplevel_name</key>
3848 <string>My managed bookmarks folder</string>
3849 <dict>
3850 <key>url</key>
3851 <string>example.com</string>
3852 <key>name</key>
3853 <string>Example</string>
3854 </dict>
3855 <dict>
3856 <key>name</key>
3857 <string>Mozilla links</string>
3858 <key>children</key>
3859 <array>
3860 <dict>
3861 <key>url</key>
3862 <string>https://mozilla.org</string>
3863 <key>name</key>
3864 <string>Mozilla</string>
3865 </dict>
3866 <dict>
3867 <key>url</key>
3868 <string>https://support.mozilla.org/</string>
3869 <key>name</key>
3870 <string>SUMO</string>
3871 </dict>
3872 </array>
3873 </dict>
3874 </array>
3875 </dict>
3876 ```
3877 #### policies.json
3878 ```
3879 {
3880 "policies": {
3881 "ManagedBookmarks": [
3882 {
3883 "toplevel_name": "My managed bookmarks folder"
3884 },
3885 {
3886 "url": "example.com",
3887 "name": "Example"
3888 },
3889 {
3890 "name": "Mozilla links",
3891 "children": [
3892 {
3893 "url": "https://mozilla.org",
3894 "name": "Mozilla.org"
3895 },
3896 {
3897 "url": "https://support.mozilla.org/",
3898 "name": "SUMO"
3899 }
3900 ]
3901 }
3902 ]
3903 }
3904 }
3905 ```
3906 ### ManualAppUpdateOnly
3907
3908 Switch to manual updates only.
3909
3910 If this policy is enabled:
3911 1. The user will never be prompted to install updates
3912 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3913 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3914
3915 This policy is primarily intended for advanced end users, not for enterprises, but it is available via GPO.
3916
3917 **Compatibility:** Firefox 87\
3918 **CCK2 Equivalent:** N/A\
3919 **Preferences Affected:** N/A
3920
3921 #### Windows (GPO)
3922 ```
3923 Software\Policies\Mozilla\Firefox\ManualAppUpdateOnly = 0x1 | 0x0
3924 ```
3925 #### Windows (Intune)
3926 OMA-URI:
3927 ```
3928 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManualAppUpdateOnly
3929 ```
3930 Value (string):
3931 ```
3932 <enabled/> or <disabled/>
3933 ```
3934 #### macOS
3935 ```
3936 <dict>
3937 <key>ManualAppUpdateOnly</key>
3938 <true/> | <false/>
3939 </dict>
3940 ```
3941 #### policies.json
3942 ```
3943 {
3944 "policies": {
3945 "ManualAppUpdateOnly": true | false
3946 }
3947 }
3948 ```
3949 ### NetworkPrediction
3950 Enable or disable network prediction (DNS prefetching).
3951
3952 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3953 **CCK2 Equivalent:** N/A\
3954 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3955
3956 #### Windows (GPO)
3957 ```
3958 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3959 ```
3960 #### Windows (Intune)
3961 OMA-URI:
3962 ```
3963 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3964 ```
3965 Value (string):
3966 ```
3967 <enabled/> or <disabled/>
3968 ```
3969 #### macOS
3970 ```
3971 <dict>
3972 <key>NetworkPrediction</key>
3973 <true/> | <false/>
3974 </dict>
3975 ```
3976 #### policies.json
3977 ```
3978 {
3979 "policies": {
3980 "NetworkPrediction": true | false
3981 }
3982 ```
3983 ### NewTabPage
3984 Enable or disable the New Tab page.
3985
3986 **Compatibility:** Firefox 68, Firefox ESR 68\
3987 **CCK2 Equivalent:** N/A\
3988 **Preferences Affected:** `browser.newtabpage.enabled`
3989
3990 #### Windows (GPO)
3991 ```
3992 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3993 ```
3994 #### Windows (Intune)
3995 OMA-URI:
3996 ```
3997 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3998 ```
3999 Value (string):
4000 ```
4001 <enabled/> or <disabled/>
4002 ```
4003 #### macOS
4004 ```
4005 <dict>
4006 <key>NewTabPage</key>
4007 <true/> | <false/>
4008 </dict>
4009 ```
4010 #### policies.json
4011 ```
4012 {
4013 "policies": {
4014 "NewTabPage": true | false
4015 }
4016 ```
4017 ### NoDefaultBookmarks
4018 Disable the creation of default bookmarks.
4019
4020 This policy is only effective if the user profile has not been created yet.
4021
4022 **Compatibility:** Firefox 60, Firefox ESR 60\
4023 **CCK2 Equivalent:** `removeDefaultBookmarks`\
4024 **Preferences Affected:** N/A
4025
4026 #### Windows (GPO)
4027 ```
4028 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
4029 ```
4030 #### Windows (Intune)
4031 OMA-URI:
4032 ```
4033 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
4034 ```
4035 Value (string):
4036 ```
4037 <enabled/> or <disabled/>
4038 ```
4039 #### macOS
4040 ```
4041 <dict>
4042 <key>NoDefaultBookmarks</key>
4043 <true/> | <false/>
4044 </dict>
4045 ```
4046 #### policies.json
4047 ```
4048 {
4049 "policies": {
4050 "NoDefaultBookmarks": true | false
4051 }
4052 }
4053 ```
4054 ### OfferToSaveLogins
4055 Control whether or not Firefox offers to save passwords.
4056
4057 **Compatibility:** Firefox 60, Firefox ESR 60\
4058 **CCK2 Equivalent:** `dontRememberPasswords`\
4059 **Preferences Affected:** `signon.rememberSignons`
4060
4061 #### Windows (GPO)
4062 ```
4063 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
4064 ```
4065 #### Windows (Intune)
4066 OMA-URI:
4067 ```
4068 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
4069 ```
4070 Value (string):
4071 ```
4072 <enabled/> or <disabled/>
4073 ```
4074 #### macOS
4075 ```
4076 <dict>
4077 <key>OfferToSaveLogins</key>
4078 <true/> | <false/>
4079 </dict>
4080 ```
4081 #### policies.json
4082 ```
4083 {
4084 "policies": {
4085 "OfferToSaveLogins": true | false
4086 }
4087 }
4088 ```
4089 ### OfferToSaveLoginsDefault
4090 Sets the default value of signon.rememberSignons without locking it.
4091
4092 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4093 **CCK2 Equivalent:** `dontRememberPasswords`\
4094 **Preferences Affected:** `signon.rememberSignons`
4095
4096 #### Windows (GPO)
4097 ```
4098 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4099 ```
4100 #### Windows (Intune)
4101 OMA-URI:
4102 ```
4103 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4104 ```
4105 Value (string):
4106 ```
4107 <enabled/> or <disabled/>
4108 ```
4109 #### macOS
4110 ```
4111 <dict>
4112 <key>OfferToSaveLoginsDefault</key>
4113 <true/> | <false/>
4114 </dict>
4115 ```
4116 #### policies.json
4117 ```
4118 {
4119 "policies": {
4120 "OfferToSaveLoginsDefault": true | false
4121 }
4122 }
4123 ```
4124 ### OverrideFirstRunPage
4125 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4126
4127 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4128
4129 **Compatibility:** Firefox 60, Firefox ESR 60\
4130 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4131 **Preferences Affected:** `startup.homepage_welcome_url`
4132
4133 #### Windows (GPO)
4134 ```
4135 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4136 ```
4137 #### Windows (Intune)
4138 OMA-URI:
4139 ```
4140 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4141 ```
4142 Value (string):
4143 ```
4144 <enabled/>
4145 <data id="OverridePage" value="https://example.com"/>
4146 ```
4147 #### macOS
4148 ```
4149 <dict>
4150 <key>OverrideFirstRunPage</key>
4151 <string>http://example.org</string>
4152 </dict>
4153 ```
4154 #### policies.json
4155 ```
4156 {
4157 "policies": {
4158 "OverrideFirstRunPage": "http://example.org"
4159 }
4160 }
4161 ```
4162 ### OverridePostUpdatePage
4163 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4164
4165 **Compatibility:** Firefox 60, Firefox ESR 60\
4166 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4167 **Preferences Affected:** `startup.homepage_override_url`
4168
4169 #### Windows (GPO)
4170 ```
4171 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4172 ```
4173 #### Windows (Intune)
4174 OMA-URI:
4175 ```
4176 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4177 ```
4178 Value (string):
4179 ```
4180 <enabled/>
4181 <data id="OverridePage" value="https://example.com"/>
4182 ```
4183 #### macOS
4184 ```
4185 <dict>
4186 <key>OverridePostUpdatePage</key>
4187 <string>http://example.org</string>
4188 </dict>
4189 ```
4190 #### policies.json
4191 ```
4192 {
4193 "policies": {
4194 "OverridePostUpdatePage": "http://example.org"
4195 }
4196 }
4197 ```
4198 ### PasswordManagerEnabled
4199 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4200
4201 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4202 **CCK2 Equivalent:** N/A\
4203 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4204
4205 #### Windows (GPO)
4206 ```
4207 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4208 ```
4209 #### Windows (Intune)
4210 OMA-URI:
4211 ```
4212 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4213 ```
4214 Value (string):
4215 ```
4216 <enabled/> or <disabled/>
4217 ```
4218 #### macOS
4219 ```
4220 <dict>
4221 <key>PasswordManagerEnabled</key>
4222 <true/> | <false/>
4223 </dict>
4224 ```
4225 #### policies.json
4226 ```
4227 {
4228 "policies": {
4229 "PasswordManagerEnabled": true | false
4230 }
4231 }
4232 ```
4233 ### PasswordManagerExceptions
4234 Prevent Firefox from saving passwords for specific sites.
4235
4236 The sites are specified as a list of origins.
4237
4238 **Compatibility:** Firefox 101\
4239 **CCK2 Equivalent:** N/A\
4240 **Preferences Affected:** N/A
4241
4242 #### Windows (GPO)
4243 ```
4244 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4245 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4246 ```
4247 #### Windows (Intune)
4248 OMA-URI:
4249 ```
4250 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4251 ```
4252 Value (string):
4253 ```
4254 <enabled/>
4255 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4256 ```
4257 #### macOS
4258 ```
4259 <dict>
4260 <key>PasswordManagerExceptions</key>
4261 <array>
4262 <string>https://example.org</string>
4263 <string>https://example.edu</string>
4264 </array>
4265 </dict>
4266 ```
4267 #### policies.json
4268 ```
4269 {
4270 "policies": {
4271 "PasswordManagerExceptions": ["https://example.org",
4272 "https://example.edu"]
4273 }
4274 }
4275 ```
4276
4277 ### PDFjs
4278 Disable or configure PDF.js, the built-in PDF viewer.
4279
4280 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4281
4282 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4283
4284 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4285
4286 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4287 **CCK2 Equivalent:** N/A\
4288 **Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
4289
4290 #### Windows (GPO)
4291 ```
4292 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4293 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4294 ```
4295 #### Windows (Intune)
4296 OMA-URI:
4297 ```
4298 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4299 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4300 ```
4301 Value (string):
4302 ```
4303 <enabled/>or <disabled/>
4304 ```
4305 #### macOS
4306 ```
4307 <dict>
4308 <key>PDFjs</key>
4309 <dict>
4310 <key>Enabled</key>
4311 <true/> | <false/>
4312 <key>EnablePermissions</key>
4313 <true/> | <false/>
4314 </dict>
4315 </dict>
4316 ```
4317 #### policies.json
4318 ```
4319 {
4320 "policies": {
4321 "PDFjs": {
4322 "Enabled": true | false,
4323 "EnablePermissions": true | false
4324 }
4325 }
4326 }
4327 ```
4328 ### Permissions
4329 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4330
4331 `Allow` is a list of origins where the feature is allowed.
4332
4333 `Block` is a list of origins where the feature is not allowed.
4334
4335 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4336
4337 `Locked` prevents the user from changing preferences for the feature.
4338
4339 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4340
4341 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4342 **CCK2 Equivalent:** N/A\
4343 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4344
4345 #### Windows (GPO)
4346 ```
4347 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4348 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4349 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4350 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4351 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4352 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4353 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4354 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4355 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4356 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4357 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4358 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4359 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4360 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4361 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4362 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4363 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4364 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4365 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4366 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4367 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4368 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4369 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4370 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4371 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4372 ```
4373 #### Windows (Intune)
4374 OMA-URI:
4375 ```
4376 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4377 ```
4378 Value (string):
4379 ```
4380 <enabled/> or <disabled/>
4381 ```
4382 OMA-URI:
4383 ```
4384 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4385 ```
4386 Value (string):
4387 ```
4388 <enabled/> or <disabled/>
4389 ```
4390 OMA-URI:
4391 ```
4392 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4393 ```
4394 Value (string):
4395 ```
4396 <enabled/>
4397 <data id="Permissions" value="1&#xF000;https://example.org"/>
4398 ```
4399 OMA-URI:
4400 ```
4401 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4402 ```
4403 Value (string):
4404 ```
4405 <enabled/> or <disabled/>
4406 ```
4407 OMA-URI:
4408 ```
4409 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4410 ```
4411 Value (string):
4412 ```
4413 <enabled/> or <disabled/>
4414 ```
4415 OMA-URI:
4416 ```
4417 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4418 ```
4419 Value (string):
4420 ```
4421 <enabled/>
4422 <data id="Permissions" value="1&#xF000;https://example.org"/>
4423 ```
4424 OMA-URI:
4425 ```
4426 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4427 ```
4428 Value (string):
4429 ```
4430 <enabled/>
4431 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4432 ```
4433 OMA-URI:
4434 ```
4435 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4436 ```
4437 Value (string):
4438 ```
4439 <enabled/>
4440 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4441 ```
4442 OMA-URI:
4443 ```
4444 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4445 ```
4446 Value (string):
4447 ```
4448 <enabled/> or <disabled/>
4449 ```
4450 OMA-URI:
4451 ```
4452 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4453 ```
4454 Value (string):
4455 ```
4456 <enabled/>
4457 <data id="Permissions" value="1&#xF000;https://example.org"/>
4458 ```
4459 OMA-URI:
4460 ```
4461 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4462 ```
4463 Value (string):
4464 ```
4465 <enabled/>
4466 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4467 ```
4468 OMA-URI:
4469 ```
4470 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4471 ```
4472 Value (string):
4473 ```
4474 <enabled/> or <disabled/>
4475 ```
4476 OMA-URI:
4477 ```
4478 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4479 ```
4480 Value (string):
4481 ```
4482 <enabled/> or <disabled/>
4483 ```
4484 #### macOS
4485 ```
4486 <dict>
4487 <key>Permissions</key>
4488 <dict>
4489 <key>Camera</key>
4490 <dict>
4491 <key>Allow</key>
4492 <array>
4493 <string>https://example.org</string>
4494 <string>https://example.org:1234</string>
4495 </array>
4496 <key>Block</key>
4497 <array>
4498 <string>https://example.edu</string>
4499 </array>
4500 <key>BlockNewRequests</key>
4501 <true/> | <false/>
4502 <key>Locked</key>
4503 <true/> | <false/>
4504 </dict>
4505 <key>Microphone</key>
4506 <dict>
4507 <key>Allow</key>
4508 <array>
4509 <string>https://example.org</string>
4510 </array>
4511 <key>Block</key>
4512 <array>
4513 <string>https://example.edu</string>
4514 </array>
4515 <key>BlockNewRequests</key>
4516 <true/> | <false/>
4517 <key>Locked</key>
4518 <true/> | <false/>
4519 </dict>
4520 <key>Location</key>
4521 <dict>
4522 <key>Allow</key>
4523 <array>
4524 <string>https://example.org</string>
4525 </array>
4526 <key>Block</key>
4527 <array>
4528 <string>https://example.edu</string>
4529 </array>
4530 <key>BlockNewRequests</key>
4531 <true/> | <false/>
4532 <key>Locked</key>
4533 <true/> | <false/>
4534 </dict>
4535 <key>Notifications</key>
4536 <dict>
4537 <key>Allow</key>
4538 <array>
4539 <string>https://example.org</string>
4540 </array>
4541 <key>Block</key>
4542 <array>
4543 <string>https://example.edu</string>
4544 </array>
4545 <key>BlockNewRequests</key>
4546 <true/>
4547 <key>Locked</key>
4548 <true/>
4549 </dict>
4550 <key>Autoplay</key>
4551 <dict>
4552 <key>Allow</key>
4553 <array>
4554 <string>https://example.org</string>
4555 </array>
4556 <key>Block</key>
4557 <array>
4558 <string>https://example.edu</string>
4559 </array>
4560 <key>Default</key>
4561 <string>allow-audio-video | block-audio | block-audio-video</string>
4562 <key>Locked</key>
4563 <true/> | <false/>
4564 </dict>
4565 </dict>
4566 </dict>
4567 ```
4568 #### policies.json
4569 ```
4570 {
4571 "policies": {
4572 "Permissions": {
4573 "Camera": {
4574 "Allow": ["https://example.org","https://example.org:1234"],
4575 "Block": ["https://example.edu"],
4576 "BlockNewRequests": true | false,
4577 "Locked": true | false
4578 },
4579 "Microphone": {
4580 "Allow": ["https://example.org"],
4581 "Block": ["https://example.edu"],
4582 "BlockNewRequests": true | false,
4583 "Locked": true | false
4584 },
4585 "Location": {
4586 "Allow": ["https://example.org"],
4587 "Block": ["https://example.edu"],
4588 "BlockNewRequests": true | false,
4589 "Locked": true | false
4590 },
4591 "Notifications": {
4592 "Allow": ["https://example.org"],
4593 "Block": ["https://example.edu"],
4594 "BlockNewRequests": true | false,
4595 "Locked": true | false
4596 },
4597 "Autoplay": {
4598 "Allow": ["https://example.org"],
4599 "Block": ["https://example.edu"],
4600 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4601 "Locked": true | false
4602 }
4603 }
4604 }
4605 }
4606 ```
4607 ### PictureInPicture
4608
4609 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4610
4611 **Compatibility:** Firefox 78, Firefox ESR 78\
4612 **CCK2 Equivalent:** N/A\
4613 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4614
4615 #### Windows (GPO)
4616 ```
4617 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4618 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4619
4620 ```
4621 #### Windows (Intune)
4622 OMA-URI:
4623 ```
4624 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4625 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4626 ```
4627 Value (string):
4628 ```
4629 <enabled/> or <disabled/>
4630 ```
4631 #### macOS
4632 ```
4633 <dict>
4634 <key>PictureInPicture</key>
4635 <dict>
4636 <key>Enabled</key>
4637 <true/> | <false/>
4638 <key>Locked</key>
4639 <true/> | <false/>
4640 </dict>
4641 </dict>
4642 ```
4643 #### policies.json
4644 ```
4645 {
4646 "policies": {
4647 "PictureInPicture": {
4648 "Enabled": true | false,
4649 "Locked": true | false
4650 }
4651 }
4652 }
4653 ```
4654 ### PopupBlocking
4655 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4656
4657 `Allow` is a list of origins where popup-windows are allowed.
4658
4659 `Default` determines whether or not pop-up windows are allowed by default.
4660
4661 `Locked` prevents the user from changing pop-up preferences.
4662
4663 **Compatibility:** Firefox 60, Firefox ESR 60\
4664 **CCK2 Equivalent:** `permissions.popup`\
4665 **Preferences Affected:** `dom.disable_open_during_load`
4666
4667 #### Windows (GPO)
4668 ```
4669 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4670 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4671 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4672 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4673 ```
4674 #### Windows (Intune)
4675 OMA-URI:
4676 ```
4677 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4678 ```
4679 Value (string):
4680 ```
4681 <enabled/>
4682 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4683 ```
4684 OMA-URI:
4685 ```
4686 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4687 ```
4688 Value (string):
4689 ```
4690 <enabled/> or <disabled/>
4691 ```
4692 OMA-URI:
4693 ```
4694 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4695 ```
4696 Value (string):
4697 ```
4698 <enabled/> or <disabled/>
4699 ```
4700 #### macOS
4701 ```
4702 <dict>
4703 <key>PopupBlocking</key>
4704 <dict>
4705 <key>Allow</key>
4706 <array>
4707 <string>http://example.org</string>
4708 <string>http://example.edu</string>
4709 </array>
4710 <key>Default</key>
4711 <true/> | <false/>
4712 <key>Locked</key>
4713 <true/> | <false/>
4714 </dict>
4715 </dict>
4716 ```
4717 #### policies.json
4718 ```
4719 {
4720 "policies": {
4721 "PopupBlocking": {
4722 "Allow": ["http://example.org/",
4723 "http://example.edu/"],
4724 "Default": true | false,
4725 "Locked": true | false
4726 }
4727 }
4728 }
4729 ```
4730 ### PostQuantumKeyAgreementEnabled
4731 Enable post-quantum key agreement for TLS.
4732
4733 **Compatibility:** Firefox 127\
4734 **CCK2 Equivalent:** N/A\
4735 **Preferences Affected:** `security.tls.enable_kyber`, `network.http.http3.enable_kyber` (Firefox 128)
4736
4737 #### Windows (GPO)
4738 ```
4739 Software\Policies\Mozilla\Firefox\PostQuantumKeyAgreementEnabled = 0x1 | 0x0
4740 ```
4741 #### Windows (Intune)
4742 OMA-URI:
4743 ```
4744 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PostQuantumKeyAgreementEnabled
4745 ```
4746 Value (string):
4747 ```
4748 <enabled/> or <disabled/>
4749 ```
4750 #### macOS
4751 ```
4752 <dict>
4753 <key>PostQuantumKeyAgreementEnabled</key>
4754 <true/> | <false/>
4755 </dict>
4756 ```
4757 #### policies.json
4758 ```
4759 {
4760 "policies": {
4761 "PostQuantumKeyAgreementEnabled": true | false
4762 }
4763 }
4764 ```
4765 ### Preferences
4766 Set and lock preferences.
4767
4768 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4769
4770 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4771
4772 Preferences that start with the following prefixes are supported:
4773 ```
4774 accessibility.
4775 alerts.* (Firefox 122, Firefox ESR 115.7)
4776 app.update.* (Firefox 86, Firefox ESR 78.8)
4777 browser.
4778 datareporting.policy.
4779 dom.
4780 extensions.
4781 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4782 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4783 geo.
4784 gfx.
4785 intl.
4786 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4787 layers.
4788 layout.
4789 media.
4790 network.
4791 pdfjs. (Firefox 84, Firefox ESR 78.6)
4792 places.
4793 pref.
4794 print.
4795 privacy.globalprivacycontrol.enabled (Firefox 127, Firefox ESR 128.0)
4796 privacy.userContext.enabled (Firefox 126, Firefox ESR 115.11)
4797 privacy.userContext.ui.enabled (Firefox 126, Firefox ESR 115.11)
4798 signon. (Firefox 83, Firefox ESR 78.5)
4799 spellchecker. (Firefox 84, Firefox ESR 78.6)
4800 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4801 ui.
4802 widget.
4803 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4804 xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
4805 ```
4806 as well as the following security preferences:
4807
4808 | Preference | Type | Default
4809 | --- | --- | --- |
4810 | security.default_personal_cert | string | Ask Every Time
4811 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4812 | security.disable_button.openCertManager | string | N/A
4813 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4814 | security.disable_button.openDeviceManager | string | N/A
4815 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4816 | security.insecure_connection_text.enabled | bool | false
4817 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4818 | security.insecure_connection_text.pbmode.enabled | bool | false
4819 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4820 | security.mixed_content.block_active_content | boolean | true
4821 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed active content (HTTP subresources such as scripts, fetch requests, etc. on a HTTPS page) will be blocked.
4822 | security.mixed_content.block_display_content | boolean | false
4823 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked. (Firefox 127, Firefox ESR 128.0)
4824 | security.mixed_content.upgrade_display_content | boolean | true
4825 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0)
4826 | security.osclientcerts.autoload | boolean | false
4827 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4828 | security.OCSP.enabled | integer | 1
4829 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4830 | security.OCSP.require | boolean | false
4831 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4832 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4833 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4834 | security.ssl.enable_ocsp_stapling | boolean | true
4835 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4836 | security.ssl.errorReporting.enabled | boolean | true
4837 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4838 | security.ssl.require_safe_negotiation | boolean | false
4839 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4840 | security.tls.enable_0rtt_data | boolean | true
4841 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4842 | security.tls.hello_downgrade_check | boolean | true
4843 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4844 | security.tls.version.enable-deprecated | boolean | false
4845 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4846 | security.warn_submit_secure_to_insecure | boolean | true
4847 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4848
4849 Using the preference as the key, set the `Value` to the corresponding preference value.
4850
4851 `Status` can be "default", "locked", "user" or "clear"
4852
4853 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4854 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4855 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4856 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4857
4858 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4859
4860 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4861
4862 You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.
4863
4864 See the examples below for more detail.
4865
4866 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4867
4868 Status
4869 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4870 **CCK2 Equivalent:** `preferences`\
4871 **Preferences Affected:** Many
4872
4873 #### Windows (GPO)
4874 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4875 ```
4876 {
4877 "accessibility.force_disabled": {
4878 "Value": 1,
4879 "Status": "default",
4880 "Type": "number"
4881
4882 },
4883 "browser.cache.disk.parent_directory": {
4884 "Value": "SOME_NATIVE_PATH",
4885 "Status": "user"
4886 },
4887 "browser.tabs.warnOnClose": {
4888 "Value": false,
4889 "Status": "locked"
4890 }
4891 }
4892 ```
4893 #### Windows (Intune)
4894 OMA-URI:
4895 ```
4896 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4897 ```
4898 Value (string):
4899 ```
4900 <enabled/>
4901 <data id="JSON" value='
4902 {
4903 "accessibility.force_disabled": {
4904 "Value": 1,
4905 "Status": "default",
4906 "Type": "number"
4907 },
4908 "browser.cache.disk.parent_directory": {
4909 "Value": "SOME_NATIVE_PATH",
4910 "Status": "user"
4911 },
4912 "browser.tabs.warnOnClose": {
4913 "Value": false,
4914 "Status": "locked"
4915 }
4916 }'/>
4917 ```
4918 #### macOS
4919 ```
4920 <dict>
4921 <key>Preferences</key>
4922 <dict>
4923 <key>accessibility.force_disabled</key>
4924 <dict>
4925 <key>Value</key>
4926 <integer>1</integer>
4927 <key>Status</key>
4928 <string>default</string>
4929 <key>Type</key>
4930 <string>number</string>
4931 </dict>
4932 <key>browser.cache.disk.parent_directory</key>
4933 <dict>
4934 <key>Value</key>
4935 <string>SOME_NATIVE_PATH</string>
4936 <key>Status</key>
4937 <string>user</string>
4938 </dict>
4939 <key>browser.tabs.warnOnClose</key>
4940 <dict>
4941 <key>Value</key>
4942 <false/>
4943 <key>Status</key>
4944 <string>locked</string>
4945 </dict>
4946 </dict>
4947 </dict>
4948 ```
4949 #### policies.json
4950 ```
4951 {
4952 "policies": {
4953 "Preferences": {
4954 "accessibility.force_disabled": {
4955 "Value": 1,
4956 "Status": "default"
4957 "Type": "number"
4958 },
4959 "browser.cache.disk.parent_directory": {
4960 "Value": "SOME_NATIVE_PATH",
4961 "Status": "user"
4962 },
4963 "browser.tabs.warnOnClose": {
4964 "Value": false,
4965 "Status": "locked"
4966 }
4967 }
4968 }
4969 }
4970 ```
4971 ### PrimaryPassword
4972 Require or prevent using a primary (formerly master) password.
4973
4974 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4975
4976 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4977
4978 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4979 **CCK2 Equivalent:** `noMasterPassword`\
4980 **Preferences Affected:** N/A
4981
4982 #### Windows (GPO)
4983 ```
4984 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4985 ```
4986 #### Windows (Intune)
4987 OMA-URI:
4988 ```
4989 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4990 ```
4991 Value (string):
4992 ```
4993 <enabled/> or <disabled/>
4994 ```
4995 #### macOS
4996 ```
4997 <dict>
4998 <key>PrimaryPassword</key>
4999 <true/> | <false/>
5000 </dict>
5001 ```
5002 #### policies.json
5003 ```
5004 {
5005 "policies": {
5006 "PrimaryPassword": true | false
5007 }
5008 }
5009 ```
5010 ### PrintingEnabled
5011 Enable or disable printing.
5012
5013 **Compatibility:** Firefox 120, Firefox ESR 115.5\
5014 **CCK2 Equivalent:** N/A\
5015 **Preferences Affected:** `print.enabled`
5016
5017 #### Windows (GPO)
5018 ```
5019 Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
5020 ```
5021 #### Windows (Intune)
5022 OMA-URI:
5023 ```
5024 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
5025 ```
5026 Value (string):
5027 ```
5028 <enabled/> or <disabled/>
5029 ```
5030 #### macOS
5031 ```
5032 <dict>
5033 <key>PrintingEnabled</key>
5034 <true/> | <false/>
5035 </dict>
5036 ```
5037 #### policies.json
5038 ```
5039 {
5040 "policies": {
5041 "PrintingEnabled": true | false
5042 }
5043 }
5044 ```
5045 ### PromptForDownloadLocation
5046 Ask where to save each file before downloading.
5047
5048 **Compatibility:** Firefox 68, Firefox ESR 68\
5049 **CCK2 Equivalent:** N/A\
5050 **Preferences Affected:** `browser.download.useDownloadDir`
5051
5052 #### Windows (GPO)
5053 ```
5054 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
5055 ```
5056 #### Windows (Intune)
5057 OMA-URI:
5058 ```
5059 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
5060 ```
5061 Value (string):
5062 ```
5063 <enabled/> or <disabled/>
5064 ```
5065 #### macOS
5066 ```
5067 <dict>
5068 <key>PromptForDownloadLocation</key>
5069 <true/> | <false/>
5070 </dict>
5071 ```
5072 #### policies.json
5073 ```
5074 {
5075 "policies": {
5076 "PromptForDownloadLocation": true | false
5077 }
5078 }
5079 ```
5080 ### Proxy
5081 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5082 To specify ports, append them to the hostnames with a colon (:).
5083
5084 Unless you lock this policy, changes the user already has in place will take effect.
5085
5086 `Mode` is the proxy method being used.
5087
5088 `Locked` is whether or not proxy settings can be changed.
5089
5090 `HTTPProxy` is the HTTP proxy server.
5091
5092 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5093
5094 `SSLProxy` is the SSL proxy server.
5095
5096 `FTPProxy` is the FTP proxy server.
5097
5098 `SOCKSProxy` is the SOCKS proxy server
5099
5100 `SOCKSVersion` is the SOCKS version (4 or 5)
5101
5102 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5103
5104 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5105
5106 `AutoLogin` means do not prompt for authentication if password is saved.
5107
5108 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5109
5110 **Compatibility:** Firefox 60, Firefox ESR 60\
5111 **CCK2 Equivalent:** `networkProxy*`\
5112 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5113
5114 #### Windows (GPO)
5115 ```
5116 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5117 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5118 Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
5119 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5120 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5121 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5122 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5123 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5124 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5125 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5126 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5127 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5128 ```
5129 #### Windows (Intune)
5130 **Note**
5131 These setttings were moved to a category to make them easier to configure via Intune.
5132
5133 OMA-URI:
5134 ```
5135 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5136 ```
5137 Value (string):
5138 ```
5139 <enabled/> or <disabled/>
5140 ```
5141 OMA-URI:
5142 ```
5143 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5144 ```
5145 Value (string):
5146 ```
5147 <enabled/>
5148 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5149 ```
5150 OMA-URI:
5151 ```
5152 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5153 ```
5154 Value (string):
5155 ```
5156 <enabled/>
5157 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5158 ```
5159 OMA-URI:
5160 ```
5161 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5162 ```
5163 Value (string):
5164 ```
5165 <enabled/> or <disabled/>
5166 ```
5167 OMA-URI:
5168 ```
5169 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5170 ```
5171 Value (string):
5172 ```
5173 <enabled/>
5174 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5175 ```
5176 OMA-URI:
5177 ```
5178 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5179 ```
5180 Value (string):
5181 ```
5182 <enabled/>
5183 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5184 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5185 ```
5186 OMA-URI:
5187 ```
5188 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5189 ```
5190 Value (string):
5191 ```
5192 <enabled/>
5193 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5194 ```
5195 OMA-URI:
5196 ```
5197 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5198 ```
5199 Value (string):
5200 ```
5201 <enabled/>
5202 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5203 ```
5204 OMA-URI:
5205 ```
5206 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5207 ```
5208 Value (string):
5209 ```
5210 <enabled/> or <disabled/>
5211 ```
5212 OMA-URI:
5213 ```
5214 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5215 ```
5216 Value (string):
5217 ```
5218 <enabled/> or <disabled/>
5219 ```
5220 OMA-URI (Old way):
5221 ```
5222 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5223 ```
5224 Value (string):
5225 ```
5226 <enabled/>
5227 <data id="ProxyLocked" value="true | false"/>
5228 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5229 <data id="HTTPProxy" value="httpproxy.example.com"/>
5230 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5231 <data id="SSLProxy" value="sslproxy.example.com"/>
5232 <data id="FTPProxy" value="ftpproxy.example.com"/>
5233 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5234 <data id="SOCKSVersion" value="4 | 5"/>
5235 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5236 <data id="Passthrough" value="<local>"/>
5237 <data id="AutoLogin" value="true | false"/>
5238 <data id="UseProxyForDNS" value="true | false"/>
5239 ```
5240 #### macOS
5241 ```
5242 <dict>
5243 <key>Proxy</key>
5244 <dict>
5245 <key>Mode</key>
5246 <string>none | system | manual | autoDetect | autoConfig</string>
5247 <key>Locked</key>
5248 <true> | </false>
5249 <key>HTTPProxy</key>
5250 <string>https://httpproxy.example.com</string>
5251 <key>UseHTTPProxyForAllProtocols</key>
5252 <true> | </false>
5253 <key>SSLProxy</key>
5254 <string>https://sslproxy.example.com</string>
5255 <key>FTPProxy</key>
5256 <string>https://ftpproxy.example.com</string>
5257 <key>SOCKSProxy</key>
5258 <string>https://socksproxy.example.com</string>
5259 <key>SOCKSVersion</key>
5260 <string>4 | 5</string>
5261 <key>Passthrough</key>
5262 <string>&lt;local>&gt;</string>
5263 <key>AutoConfigURL</key>
5264 <string>URL_TO_AUTOCONFIG</string>
5265 <key>AutoLogin</key>
5266 <true> | </false>
5267 <key>UseProxyForDNS</key>
5268 <true> | </false>
5269 </dict>
5270 </dict>
5271 ```
5272 #### policies.json
5273 ```
5274 {
5275 "policies": {
5276 "Proxy": {
5277 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5278 "Locked": true | false,
5279 "HTTPProxy": "hostname",
5280 "UseHTTPProxyForAllProtocols": true | false,
5281 "SSLProxy": "hostname",
5282 "FTPProxy": "hostname",
5283 "SOCKSProxy": "hostname",
5284 "SOCKSVersion": 4 | 5,
5285 "Passthrough": "<local>",
5286 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5287 "AutoLogin": true | false,
5288 "UseProxyForDNS": true | false
5289 }
5290 }
5291 }
5292 ```
5293 ### RequestedLocales
5294 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5295
5296 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5297
5298 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5299 **CCK2 Equivalent:** N/A\
5300 **Preferences Affected:** N/A
5301 #### Windows (GPO)
5302 ```
5303 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5304 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5305
5306 or
5307
5308 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5309 ```
5310 #### Windows (Intune)
5311 OMA-URI:
5312 ```
5313 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5314 ```
5315 Value (string):
5316 ```
5317 <enabled/>
5318 <data id="Preferences_String" value="de,en-US"/>
5319 ```
5320 #### macOS
5321 ```
5322 <dict>
5323 <key>RequestedLocales</key>
5324 <array>
5325 <string>de</string>
5326 <string>en-US</string>
5327 </array>
5328 </dict>
5329
5330 or
5331
5332 <dict>
5333 <key>RequestedLocales</key>
5334 <string>de,en-US</string>
5335 </dict>
5336
5337 ```
5338 #### policies.json
5339 ```
5340 {
5341 "policies": {
5342 "RequestedLocales": ["de", "en-US"]
5343 }
5344 }
5345
5346 or
5347
5348 {
5349 "policies": {
5350 "RequestedLocales": "de,en-US"
5351 }
5352 }
5353 ```
5354 <a name="SanitizeOnShutdown"></a>
5355
5356 ### SanitizeOnShutdown (Selective)
5357 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5358
5359 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5360
5361 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5362 **CCK2 Equivalent:** N/A\
5363 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5364 #### Windows (GPO)
5365 ```
5366 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5367 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5368 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5369 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5370 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5371 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5372 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5373 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5374 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5375 ```
5376 #### Windows (Intune)
5377 OMA-URI:
5378 ```
5379 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5380 ```
5381 Value (string):
5382 ```
5383 <enabled/> or <disabled/>
5384 ```
5385 OMA-URI:
5386 ```
5387 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5388 ```
5389 Value (string):
5390 ```
5391 <enabled/> or <disabled/>
5392 ```
5393 OMA-URI:
5394 ```
5395 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5396 ```
5397 Value (string):
5398 ```
5399 <enabled/> or <disabled/>
5400 ```
5401 OMA-URI:
5402 ```
5403 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5404 ```
5405 Value (string):
5406 ```
5407 <enabled/> or <disabled/>
5408 ```
5409 OMA-URI:
5410 ```
5411 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5412 ```
5413 Value (string):
5414 ```
5415 <enabled/> or <disabled/>
5416 ```
5417 OMA-URI:
5418 ```
5419 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5420 ```
5421 Value (string):
5422 ```
5423 <enabled/> or <disabled/>
5424 ```
5425 OMA-URI:
5426 ```
5427 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5428 ```
5429 Value (string):
5430 ```
5431 <enabled/> or <disabled/>
5432 ```
5433 OMA-URI:
5434 ```
5435 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5436 ```
5437 Value (string):
5438 ```
5439 <enabled/> or <disabled/>
5440 ```
5441 OMA-URI:
5442 ```
5443 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5444 ```
5445 Value (string):
5446 ```
5447 <enabled/> or <disabled/>
5448 ```
5449 #### macOS
5450 ```
5451 <dict>
5452 <key>SanitizeOnShutdown</key>
5453 <dict>
5454 <key>Cache</key>
5455 <true/> | <false/>
5456 <key>Cookies</key>
5457 <true/> | <false/>
5458 <key>Downloads</key>
5459 <true/> | <false/>
5460 <key>FormData</key>
5461 <true/> | <false/>
5462 <key>History</key>
5463 <true/> | <false/>
5464 <key>Sessions</key>
5465 <true/> | <false/>
5466 <key>SiteSettings</key>
5467 <true/> | <false/>
5468 <key>OfflineApps</key>
5469 <true/> | <false/>
5470 <key>Locked</key>
5471 <true/> | <false/>
5472 </dict>
5473 </dict>
5474 ```
5475 #### policies.json
5476 ```
5477 {
5478 "policies": {
5479 "SanitizeOnShutdown": {
5480 "Cache": true | false,
5481 "Cookies": true | false,
5482 "Downloads": true | false,
5483 "FormData": true | false,
5484 "History": true | false,
5485 "Sessions": true | false,
5486 "SiteSettings": true | false,
5487 "OfflineApps": true | false,
5488 "Locked": true | false
5489 }
5490 }
5491 }
5492 ```
5493 ### SanitizeOnShutdown (All)
5494 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5495
5496 **Compatibility:** Firefox 60, Firefox ESR 60\
5497 **CCK2 Equivalent:** N/A\
5498 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5499 #### Windows (GPO)
5500 ```
5501 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5502 ```
5503 #### Windows (Intune)
5504 OMA-URI:
5505 ```
5506 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5507 ```
5508 Value (string):
5509 ```
5510 <enabled/> or <disabled/>
5511 ```
5512 #### macOS
5513 ```
5514 <dict>
5515 <key>SanitizeOnShutdown</key>
5516 <true/> | <false/>
5517 </dict>
5518 ```
5519 #### policies.json
5520 ```
5521 {
5522 "policies": {
5523 "SanitizeOnShutdown": true | false
5524 }
5525 }
5526 ```
5527 ### SearchBar
5528 Set whether or not search bar is displayed.
5529
5530 **Compatibility:** Firefox 60, Firefox ESR 60\
5531 **CCK2 Equivalent:** `showSearchBar`\
5532 **Preferences Affected:** N/A
5533
5534 #### Windows (GPO)
5535 ```
5536 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5537 ```
5538
5539 #### Windows (Intune)
5540 OMA-URI:
5541 ```
5542 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5543 ```
5544 Value (string):
5545 ```
5546 <enabled/>
5547 <data id="SearchBar" value="unified | separate"/>
5548 ```
5549 #### macOS
5550 ```
5551 <dict>
5552 <key>SearchBar</key>
5553 <string>unified | separate</string>
5554 </dict>
5555 ```
5556 #### policies.json
5557 ```
5558 {
5559 "policies": {
5560 "SearchBar": "unified" | "separate"
5561 }
5562 }
5563 ```
5564 <a name="SearchEngines"></a>
5565
5566 ### SearchEngines (This policy is only available on the ESR.)
5567
5568 ### SearchEngines | Add
5569
5570 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5571
5572 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5573
5574 `Name` is the name of the search engine.
5575
5576 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5577
5578 `Method` is either GET or POST
5579
5580 `IconURL` is a URL for the icon to use.
5581
5582 `Alias` is a keyword to use for the engine.
5583
5584 `Description` is a description of the search engine.
5585
5586 `PostData` is the POST data as name value pairs separated by &.
5587
5588 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5589
5590 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5591
5592 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5593 **CCK2 Equivalent:** `searchplugins`\
5594 **Preferences Affected:** N/A
5595
5596 #### Windows (GPO)
5597 ```
5598 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5599 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5600 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5601 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5602 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5603 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5604 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5605 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5606 ```
5607 #### Windows (Intune)
5608 OMA-URI:
5609 ```
5610 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5611 ```
5612 Value (string):
5613 ```
5614 <enabled/>
5615 <data id="SearchEngine_Name" value="Example1"/>
5616 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5617 <data id="SearchEngine_Method" value="GET | POST"/>
5618 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5619 <data id="SearchEngine_Alias" value="example"/>
5620 <data id="SearchEngine_Description" value="Example Description"/>
5621 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5622 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5623 ```
5624 #### macOS
5625 ```
5626 <dict>
5627 <key>SearchEngines</key>
5628 <dict>
5629 <key>Add</key>
5630 <array>
5631 <dict>
5632 <key>Name</key>
5633 <string>Example1</string>
5634 <key>URLTemplate</key>
5635 <string>https://www.example.org/q={searchTerms}</string>
5636 <key>Method</key>
5637 <string>GET | POST </string>
5638 <key>IconURL</key>
5639 <string>https://www.example.org/favicon.ico</string>
5640 <key>Alias</key>
5641 <string>example</string>
5642 <key>Description</key>
5643 <string>Example Description</string>
5644 <key>SuggestURLTemplate</key>
5645 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5646 <key>PostData</key>
5647 <string>name=value&q={searchTerms}</string>
5648 </dict>
5649 <array>
5650 </dict>
5651 </dict>
5652 ```
5653 #### policies.json
5654 ```
5655 {
5656 "policies": {
5657 "SearchEngines": {
5658 "Add": [
5659 {
5660 "Name": "Example1",
5661 "URLTemplate": "https://www.example.org/q={searchTerms}",
5662 "Method": "GET" | "POST",
5663 "IconURL": "https://www.example.org/favicon.ico",
5664 "Alias": "example",
5665 "Description": "Description",
5666 "PostData": "name=value&q={searchTerms}",
5667 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5668 }
5669 ]
5670 }
5671 }
5672 }
5673 ```
5674 ### SearchEngines | Default
5675
5676 Set the default search engine. This policy is only available on the ESR.
5677
5678 **Compatibility:** Firefox ESR 60\
5679 **CCK2 Equivalent:** `defaultSearchEngine`\
5680 **Preferences Affected:** N/A
5681
5682 #### Windows (GPO)
5683 ```
5684 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5685 ```
5686 #### Windows (Intune)
5687 OMA-URI:
5688 ```
5689 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5690 ```
5691 Value (string):
5692 ```
5693 <enabled/>
5694 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5695 ```
5696 #### macOS
5697 ```
5698 <dict>
5699 <key>SearchEngines</key>
5700 <dict>
5701 <key>Default</key>
5702 <string>NAME_OF_SEARCH_ENGINE</string>
5703 </dict>
5704 </dict>
5705 ```
5706 #### policies.json
5707 ```
5708 {
5709 "policies": {
5710 "SearchEngines": {
5711 "Default": "NAME_OF_SEARCH_ENGINE"
5712 }
5713 }
5714 }
5715 ```
5716 ### SearchEngines | PreventInstalls
5717
5718 Prevent installing search engines from webpages.
5719
5720 **Compatibility:** Firefox ESR 60\
5721 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5722 **Preferences Affected:** N/A
5723
5724 #### Windows (GPO)
5725 ```
5726 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5727 ```
5728 #### Windows (Intune)
5729 OMA-URI:
5730 ```
5731 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5732 ```
5733 Value (string):
5734 ```
5735 <enabled/> or <disabled/>
5736 ```
5737 #### macOS
5738 ```
5739 <dict>
5740 <key>SearchEngines</key>
5741 <dict>
5742 <key>PreventInstalls</key>
5743 <true/> | <false/>
5744 </dict>
5745 </dict>
5746 ```
5747 #### policies.json
5748 ```
5749 {
5750 "policies": {
5751 "SearchEngines": {
5752 "PreventInstalls": true | false
5753 }
5754 }
5755 }
5756 ```
5757 ### SearchEngines | Remove
5758
5759 Hide built-in search engines. This policy is only available on the ESR.
5760
5761 **Compatibility:** Firefox ESR 60.2\
5762 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5763 **Preferences Affected:** N/A
5764
5765 #### Windows (GPO)
5766 ```
5767 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5768 ```
5769 #### Windows (Intune)
5770 OMA-URI:
5771 ```
5772 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5773 ```
5774 Value (string):
5775 ```
5776 <enabled/>
5777 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5778 ```
5779 #### macOS
5780 ```
5781 <dict>
5782 <key>SearchEngines</key>
5783 <dict>
5784 <key>Remove</key>
5785 <array>
5786 <string>NAME_OF_SEARCH_ENGINE</string>
5787 </array>
5788 </dict>
5789 </dict>
5790 ```
5791 #### policies.json
5792 ```
5793 {
5794 "policies": {
5795 "SearchEngines": {
5796 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5797 }
5798 }
5799 }
5800 ```
5801 ### SearchSuggestEnabled
5802
5803 Enable search suggestions.
5804
5805 **Compatibility:** Firefox 68, Firefox ESR 68\
5806 **CCK2 Equivalent:** N/A\
5807 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5808
5809 #### Windows (GPO)
5810 ```
5811 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5812 ```
5813 #### Windows (Intune)
5814 OMA-URI:
5815 ```
5816 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5817 ```
5818 Value (string):
5819 ```
5820 <enabled/> or <disabled/>
5821 ```
5822 #### macOS
5823 ```
5824 <dict>
5825 <key>SearchSuggestEnabled</key>
5826 <true/> | <false/>
5827 </dict>
5828 ```
5829 #### policies.json
5830 ```
5831 {
5832 "policies": {
5833 "SearchSuggestEnabled": true | false
5834 }
5835 }
5836 ```
5837 ### SecurityDevices
5838
5839 Add or delete PKCS #11 modules.
5840
5841 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5842 **CCK2 Equivalent:** N/A\
5843 **Preferences Affected:** N/A
5844
5845 #### Windows (GPO)
5846 ```
5847 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5848 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5849 ```
5850 #### Windows (Intune)
5851 OMA-URI:
5852 ```
5853 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5854 ```
5855 Value (string):
5856 ```
5857 <enabled/>
5858 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5859 ```
5860 OMA-URI:
5861 ```
5862 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5863 ```
5864 Value (string):
5865 ```
5866 <enabled/>
5867 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5868 ```
5869 #### macOS
5870 ```
5871 <dict>
5872 <key>SecurityDevices</key>
5873 <dict>
5874 <key>Add<key>
5875 <dict>
5876 <key>NAME_OF_DEVICE_TO_ADD</key>
5877 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5878 </dict>
5879 <key>Delete</add>
5880 <array>
5881 <string>NAME_OF_DEVICE_TO_DELETE</string>
5882 </array>
5883 </dict>
5884 </dict>
5885 ```
5886 #### policies.json
5887 ```
5888 {
5889 "policies": {
5890 "SecurityDevices": {
5891 "Add": {
5892 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5893 },
5894 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5895 }
5896 }
5897 }
5898 ```
5899 ### SecurityDevices (Deprecated)
5900
5901 Install PKCS #11 modules.
5902
5903 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5904 **CCK2 Equivalent:** `certs.devices`\
5905 **Preferences Affected:** N/A
5906
5907 #### Windows (GPO)
5908 ```
5909 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5910 ```
5911 #### Windows (Intune)
5912 OMA-URI:
5913 ```
5914 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5915 ```
5916 Value (string):
5917 ```
5918 <enabled/>
5919 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5920 ```
5921 #### macOS
5922 ```
5923 <dict>
5924 <key>SecurityDevices</key>
5925 <dict>
5926 <key>NAME_OF_DEVICE</key>
5927 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5928 </dict>
5929 </dict>
5930 ```
5931 #### policies.json
5932 ```
5933 {
5934 "policies": {
5935 "SecurityDevices": {
5936 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5937 }
5938 }
5939 }
5940 ```
5941 ### ShowHomeButton
5942 Show the home button on the toolbar.
5943
5944 Future versions of Firefox will not show the home button by default.
5945
5946 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5947 **CCK2 Equivalent:** N/A\
5948 **Preferences Affected:** N/A
5949
5950 #### Windows (GPO)
5951 ```
5952 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5953 ```
5954 #### Windows (Intune)
5955 OMA-URI:
5956 ```
5957 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5958 ```
5959 Value (string):
5960 ```
5961 <enabled/> or <disabled/>
5962 ```
5963 #### macOS
5964 ```
5965 <dict>
5966 <key>ShowHomeButton</key>
5967 <true/> | <false/>
5968 </dict>
5969 ```
5970 #### policies.json
5971 ```
5972 {
5973 "policies": {
5974 "ShowHomeButton": true | false
5975 }
5976 }
5977 ```
5978 ### SSLVersionMax
5979
5980 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5981
5982 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5983 **CCK2 Equivalent:** N/A\
5984 **Preferences Affected:** `security.tls.version.max`
5985
5986 #### Windows (GPO)
5987 ```
5988 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5989 ```
5990 #### Windows (Intune)
5991 OMA-URI:
5992 ```
5993 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5994 ```
5995 Value (string):
5996 ```
5997 <enabled/>
5998 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5999 ```
6000 #### macOS
6001 ```
6002 <dict>
6003 <key>SSLVersionMax</key>
6004 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
6005 </dict>
6006 ```
6007
6008 #### policies.json
6009 ```
6010 {
6011 "policies": {
6012 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6013 }
6014 }
6015 ```
6016 ### SSLVersionMin
6017
6018 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
6019
6020 **Compatibility:** Firefox 66, Firefox ESR 60.6\
6021 **CCK2 Equivalent:** N/A\
6022 **Preferences Affected:** `security.tls.version.min`
6023
6024 #### Windows (GPO)
6025 ```
6026 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6027 ```
6028 #### Windows (Intune)
6029 OMA-URI:
6030 ```
6031 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
6032 ```
6033 Value (string):
6034 ```
6035 <enabled/>
6036 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
6037 ```
6038 #### macOS
6039 ```
6040 <dict>
6041 <key>SSLVersionMin</key>
6042 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
6043 </dict>
6044 ```
6045
6046 #### policies.json
6047 ```
6048 {
6049 "policies": {
6050 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6051 }
6052 }
6053 ```
6054 ### StartDownloadsInTempDirectory
6055 Force downloads to start off in a local, temporary location rather than the default download directory.
6056
6057 **Compatibility:** Firefox 102\
6058 **CCK2 Equivalent:** N/A\
6059 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
6060
6061 #### Windows (GPO)
6062 ```
6063 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
6064 ```
6065 #### Windows (Intune)
6066 OMA-URI:
6067 ```
6068 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
6069 ```
6070 Value (string):
6071 ```
6072 <enabled/> or <disabled/>
6073 ```
6074 #### macOS
6075 ```
6076 <dict>
6077 <key>StartDownloadsInTempDirectory</key>
6078 <true/> | <false/>
6079 </dict>
6080 ```
6081 #### policies.json
6082 ```
6083 {
6084 "policies": {
6085 "StartDownloadsInTempDirectory": true | false
6086 }
6087 ```
6088 ### SupportMenu
6089 Add a menuitem to the help menu for specifying support information.
6090
6091 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
6092 **CCK2 Equivalent:** helpMenu\
6093 **Preferences Affected:** N/A
6094
6095 #### Windows (GPO)
6096 ```
6097 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
6098 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
6099 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
6100 ```
6101 #### Windows (Intune)
6102 OMA-URI:
6103 ```
6104 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
6105 ```
6106 Value (string):
6107 ```
6108 <enabled/>
6109 <data id="SupportMenuTitle" value="Support Menu"/>
6110 <data id="SupportMenuURL" value="http://example.com/support"/>
6111 <data id="SupportMenuAccessKey" value="S"/>
6112 ```
6113 #### macOS
6114 ```
6115 <dict>
6116 <key>SupportMenu</key>
6117 <dict>
6118 <key>Title</key>
6119 <string>SupportMenu</string>
6120 <key>URL</key>
6121 <string>http://example.com/support</string>
6122 <key>AccessKey</key>
6123 <string>S</string>
6124 </dict>
6125 </dict>
6126 ```
6127 #### policies.json
6128 ```
6129 {
6130 "policies": {
6131 "SupportMenu": {
6132 "Title": "Support Menu",
6133 "URL": "http://example.com/support",
6134 "AccessKey": "S"
6135 }
6136 }
6137 }
6138 ```
6139 ### TranslateEnabled
6140 Enable or disable webpage translation.
6141
6142 Note: Web page translation is done completely on the client, so there is no data or privacy risk.
6143
6144 If you only want to disable the popup, you can set the pref `browser.translations.automaticallyPopup` to false using the [Preferences](#preferences) policy.
6145
6146 **Compatibility:** Firefox 126\
6147 **CCK2 Equivalent:** N/A\
6148 **Preferences Affected:** `browser.translations.enable`
6149
6150 #### Windows (GPO)
6151 ```
6152 Software\Policies\Mozilla\Firefox\TranslateEnabled = 0x1 | 0x0
6153 ```
6154 #### Windows (Intune)
6155 OMA-URI:
6156 ```
6157 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TranslateEnabled
6158 ```
6159 Value (string):
6160 ```
6161 <enabled/> or <disabled/>
6162 ```
6163 #### macOS
6164 ```
6165 <dict>
6166 <key>TranslateEnabled</key>
6167 <true/> | <false/>
6168 </dict>
6169 ```
6170 #### policies.json
6171 ```
6172 {
6173 "policies": {
6174 "TranslateEnabled": true | false
6175 }
6176 }
6177 ```
6178 ### UserMessaging
6179
6180 Prevent Firefox from messaging the user in certain situations.
6181
6182 `WhatsNew` Remove the "What's New" icon and menuitem. (*Deprecated*)
6183
6184 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6185
6186 `FeatureRecommendations` If false, don't recommend browser features.
6187
6188 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6189
6190 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6191
6192 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6193
6194 `Locked` prevents the user from changing user messaging preferences.
6195
6196 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6197 **CCK2 Equivalent:** N/A\
6198 **Preferences Affected:** `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6199
6200 #### Windows (GPO)
6201 ```
6202 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6203 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6204 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6205 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6206 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6207 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
6208 ```
6209 #### Windows (Intune)
6210 OMA-URI:
6211 ```
6212 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6213 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6214 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6215 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6216 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6217 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
6218 ```
6219 Value (string):
6220 ```
6221 <enabled/> or <disabled/>
6222 ```
6223 #### macOS
6224 ```
6225 <dict>
6226 <key>UserMessaging</key>
6227 <dict>
6228 <key>ExtensionRecommendations</key>
6229 <true/> | <false/>
6230 <key>FeatureRecommendations</key>
6231 <true/> | <false/>
6232 <key>UrlbarInterventions</key>
6233 <true/> | <false/>
6234 <key>SkipOnboarding</key>
6235 <true/> | <false/>
6236 <key>MoreFromMozilla</key>
6237 <true/> | <false/>
6238 <key>Locked</key>
6239 <true/> | <false/>
6240 </dict>
6241 </dict>
6242 ```
6243 #### policies.json
6244 ```
6245 {
6246 "policies": {
6247 "UserMessaging": {
6248 "ExtensionRecommendations": true | false,
6249 "FeatureRecommendations": true | false,
6250 "UrlbarInterventions": true | false,
6251 "SkipOnboarding": true | false,
6252 "MoreFromMozilla": true | false,
6253 "Locked": true | false
6254 }
6255 }
6256 }
6257 ```
6258 ### UseSystemPrintDialog
6259 Use the system print dialog instead of the print preview window.
6260
6261 **Compatibility:** Firefox 102\
6262 **CCK2 Equivalent:** N/A\
6263 **Preferences Affected:** `print.prefer_system_dialog`
6264
6265 #### Windows (GPO)
6266 ```
6267 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6268 ```
6269 #### Windows (Intune)
6270 OMA-URI:
6271 ```
6272 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6273 ```
6274 Value (string):
6275 ```
6276 <enabled/> or <disabled/>
6277 ```
6278 #### macOS
6279 ```
6280 <dict>
6281 <key>UseSystemPrintDialog</key>
6282 <true/> | <false/>
6283 </dict>
6284 ```
6285 #### policies.json
6286 ```
6287 {
6288 "policies": {
6289 "UseSystemPrintDialog": true | false
6290 }
6291 }
6292 ```
6293 ### WebsiteFilter
6294 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6295 The arrays are limited to 1000 entries each.
6296
6297 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6298
6299 For specific protocols, use `https://*/*` or `http://*/*`.
6300
6301 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6302
6303 **Compatibility:** Firefox 60, Firefox ESR 60\
6304 **CCK2 Equivalent:** N/A\
6305 **Preferences Affected:** N/A
6306
6307 #### Windows (GPO)
6308 ```
6309 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6310 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6311 ```
6312 #### Windows (Intune)
6313 OMA-URI:
6314 ```
6315 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6316 ```
6317 Value (string):
6318 ```
6319 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6320 ```
6321 OMA-URI:
6322 ```
6323 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6324 ```
6325 Value (string):
6326 ```
6327 <enabled/>
6328 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6329 ```
6330 #### macOS
6331 ```
6332 <dict>
6333 <key>WebsiteFilter</key>
6334 <dict>
6335 <key>Block</key>
6336 <array>
6337 <string><all_urls></string>
6338 </array>
6339 <key>Exceptions</key>
6340 <array>
6341 <string>http://example.org/*</string>
6342 </array>
6343 </dict>
6344
6345 </dict>
6346 ```
6347 #### policies.json
6348 ```
6349 {
6350 "policies": {
6351 "WebsiteFilter": {
6352 "Block": ["<all_urls>"],
6353 "Exceptions": ["http://example.org/*"]
6354 }
6355 }
6356 }
6357 ```
6358 ### WindowsSSO
6359 Allow Windows single sign-on for Microsoft, work, and school accounts.
6360
6361 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6362
6363 **Compatibility:** Firefox 91\
6364 **CCK2 Equivalent:** N/A\
6365 **Preferences Affected:** `network.http.windows-sso.enabled`
6366
6367 #### Windows (GPO)
6368 ```
6369 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6370 ```
6371 #### Windows (Intune)
6372 OMA-URI:
6373 ```
6374 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6375 ```
6376 Value (string):
6377 ```
6378 <enabled/> or <disabled/>
6379 ```
6380 #### policies.json
6381 ```
6382 {
6383 "policies": {
6384 "WindowsSSO": true | false
6385 }
6386 }
6387 ```

patrick-canterino.de