]> git.p6c8.net - policy-templates.git/blob - docs/index.md
7e12d6a92817f668e32159df5c3bf8817bdc1430
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
21 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
22 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
23 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
24 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
25 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
26 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
27 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
28 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
29 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
30 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
31 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
32 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
33 | **[`Certificates`](#certificates)** |
34 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
35 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
36 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
37 | **[`Cookies`](#cookies)** | Configure cookie preferences.
38 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
39 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
40 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
41 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
42 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
43 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
44 | **[`DisableEncryptedClientHello`](#disableencryptedclienthello)** | Disable the TLS Feature Encrypted Client Hello (ECH).
45 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
46 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
47 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
48 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
49 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
50 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
51 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
52 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
53 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
54 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
55 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
56 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
57 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
58 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
59 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
60 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
61 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
62 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
63 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
64 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
65 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
66 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
67 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
68 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
69 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
70 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
71 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
72 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
73 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
74 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
75 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
76 | **[`FirefoxSuggest`](#firefoxsuggest)** | Customize Firefox Suggest.
77 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
78 | **[`Handlers`](#handlers)** | Configure default application handlers.
79 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
80 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
81 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
82 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
83 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
84 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
85 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
86 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
87 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
88 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
89 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
90 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
91 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
92 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
93 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
94 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
95 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
96 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
97 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
98 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
99 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
100 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
101 | **[`Preferences`](#preferences)** | Set and lock preferences.
102 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
103 | **[`PrintingEnabled`](#printingenabled)** | Enable or disable printing.
104 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
105 | **[`Proxy`](#proxy)** | Configure proxy settings.
106 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
107 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
108 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
109 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
110 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
111 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
112 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
113 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
114 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
115 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
116 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
117 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
118 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
119 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
120 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
121 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
122 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
123 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
124 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
125 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
126
127 ### 3rdparty
128
129 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
130
131 For GPO and Intune, the extension developer should provide an ADMX file.
132
133 **Compatibility:** Firefox 68\
134 **CCK2 Equivalent:** N/A\
135 **Preferences Affected:** N/A
136
137 #### macOS
138 ```
139 <dict>
140 <key>3rdparty</key>
141 <dict>
142 <key>Extensions</key>
143 <dict>
144 <key>uBlock0@raymondhill.net</key>
145 <dict>
146 <key>adminSettings</key>
147 <dict>
148 <key>selectedFilterLists</key>
149 <array>
150 <string>ublock-privacy</string>
151 <string>ublock-badware</string>
152 <string>ublock-filters</string>
153 <string>user-filters</string>
154 </array>
155 </dict>
156 </dict>
157 </dict>
158 </dict>
159 </dict>
160 ```
161 #### policies.json
162 ```
163 {
164 "policies": {
165 "3rdparty": {
166 "Extensions": {
167 "uBlock0@raymondhill.net": {
168 "adminSettings": {
169 "selectedFilterLists": [
170 "ublock-privacy",
171 "ublock-badware",
172 "ublock-filters",
173 "user-filters"
174 ]
175 }
176 }
177 }
178 }
179 }
180 }
181 ```
182
183 ### AllowedDomainsForApps
184
185 Define domains allowed to access Google Workspace.
186
187 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
188
189 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
190
191 **Compatibility:** Firefox 89, Firefox ESR 78.11\
192 **CCK2 Equivalent:** N/A\
193 **Preferences Affected:** N/A
194
195 #### Windows (GPO)
196 ```
197 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
198 ```
199 #### Windows (Intune)
200 OMA-URI:
201 ```
202 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
203 ```
204 Value (string):
205 ```
206 <enabled/>
207 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
208 ```
209 #### macOS
210 ```
211 <dict>
212 <key>AllowedDomainsForApps</key>
213 <string>managedfirefox.com,example.com</string>
214 </dict>
215 ```
216 #### policies.json
217 ```
218 {
219 "policies": {
220 "AllowedDomainsForApps": "managedfirefox.com,example.com"
221 }
222 }
223 ```
224 ### AllowFileSelectionDialogs
225
226 Enable or disable file selection dialogs.
227
228 **Compatibility:** Firefox 124\
229 **CCK2 Equivalent:** N/A\
230 **Preferences Affected:** `widget.disable_file_pickers`
231
232 #### Windows (GPO)
233 ```
234 Software\Policies\Mozilla\Firefox\AllowFileSelectionDialogs = 0x1 | 0x0
235 ```
236 #### Windows (Intune)
237 OMA-URI:
238 ```
239 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoAllowFileSelectionDialogsUpdate
240 ```
241 Value (string):
242 ```
243 <enabled/> or <disabled/>
244 ```
245 #### macOS
246 ```
247 <dict>
248 <key>AllowFileSelectionDialogs</key>
249 <true/> | <false/>
250 </dict>
251 ```
252 #### policies.json
253 ```
254 {
255 "policies": {
256 "AllowFileSelectionDialogs": true | false
257 }
258 }
259 ```
260 ### AppAutoUpdate
261
262 Enable or disable **automatic** application update.
263
264 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
265
266 If set to false, application updates are downloaded but the user can choose when to install the update.
267
268 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
269
270 **Compatibility:** Firefox 75, Firefox ESR 68.7\
271 **CCK2 Equivalent:** N/A\
272 **Preferences Affected:** `app.update.auto`
273
274 #### Windows (GPO)
275 ```
276 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
277 ```
278 #### Windows (Intune)
279 OMA-URI:
280 ```
281 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
282 ```
283 Value (string):
284 ```
285 <enabled/> or <disabled/>
286 ```
287 #### macOS
288 ```
289 <dict>
290 <key>AppAutoUpdate</key>
291 <true/> | <false/>
292 </dict>
293 ```
294 #### policies.json
295 ```
296 {
297 "policies": {
298 "AppAutoUpdate": true | false
299 }
300 }
301 ```
302 ### AppUpdatePin
303
304 Prevent Firefox from being updated beyond the specified version.
305
306 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
307
308 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
309
310 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
311
312 **Compatibility:** Firefox 102,\
313 **CCK2 Equivalent:** N/A\
314 **Preferences Affected:** N/A
315
316 #### Windows (GPO)
317 ```
318 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
319 ```
320 #### Windows (Intune)
321 OMA-URI:
322 ```
323 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
324 ```
325 Value (string):
326 ```
327 <enabled/>
328 <data id="AppUpdatePin" value="106."/>
329 ```
330 #### macOS
331 ```
332 <dict>
333 <key>AppUpdatePin</key>
334 <string>106.</string>
335 </dict>
336 ```
337 #### policies.json
338 ```
339 {
340 "policies": {
341 "AppUpdatePin": "106."
342 }
343 }
344 ```
345 ### AppUpdateURL
346
347 Change the URL for application update if you are providing Firefox updates from a custom update server.
348
349 **Compatibility:** Firefox 62, Firefox ESR 60.2\
350 **CCK2 Equivalent:** N/A\
351 **Preferences Affected:** `app.update.url`
352
353 #### Windows (GPO)
354 ```
355 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
356 ```
357 #### Windows (Intune)
358 OMA-URI:
359 ```
360 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
361 ```
362 Value (string):
363 ```
364 <enabled/>
365 <data id="AppUpdateURL" value="https://yoursite.com"/>
366 ```
367 #### macOS
368 ```
369 <dict>
370 <key>AppUpdateURL</key>
371 <string>https://yoursite.com</string>
372 </dict>
373 ```
374 #### policies.json
375 ```
376 {
377 "policies": {
378 "AppUpdateURL": "https://yoursite.com"
379 }
380 }
381 ```
382 ### Authentication
383
384 Configure sites that support integrated authentication.
385
386 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
387
388 `PrivateBrowsing` enables integrated authentication in private browsing.
389
390 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
391 **CCK2 Equivalent:** N/A\
392 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
393
394 #### Windows (GPO)
395 ```
396 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
397 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
398 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
399 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
400 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
401 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
402 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
403 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
404 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
405 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
406 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
407 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
408 ```
409 #### Windows (Intune)
410 OMA-URI:
411 ```
412 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
413 ```
414 Value (string):
415 ```
416 <enabled/>
417 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
418 ```
419 OMA-URI:
420 ```
421 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
422 ```
423 Value (string):
424 ```
425 <enabled/>
426 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
427 ```
428 OMA-URI:
429 ```
430 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
431 ```
432 Value (string):
433 ```
434 <enabled/>
435 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
436 ```
437 OMA-URI:
438 ```
439 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
440 ```
441 Value (string):
442 ```
443 <enabled/>
444 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
445 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
446 ```
447 OMA-URI:
448 ```
449 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
450 ```
451 Value (string):
452 ```
453 <enabled/> or <disabled/>
454 ```
455 OMA-URI:
456 ```
457 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
458 ```
459 Value (string):
460 ```
461 <enabled/> or <disabled/>
462 ```
463 #### macOS
464 ```
465 <dict>
466 <key>Authentication</key>
467 <dict>
468 <key>SPNEGO</key>
469 <array>
470 <string>mydomain.com</string>
471 <string>https://myotherdomain.com</string>
472 </array>
473 <key>Delegated</key>
474 <array>
475 <string>mydomain.com</string>
476 <string>https://myotherdomain.com</string>
477 </array>
478 <key>NTLM</key>
479 <array>
480 <string>mydomain.com</string>
481 <string>https://myotherdomain.com</string>
482 </array>
483 <key>AllowNonFQDN</key>
484 <dict>
485 <key>SPNEGO</key>
486 <true/> | <false/>
487 <key>NTLM</key>
488 <true/> | <false/>
489 </dict>
490 <key>AllowProxies</key>
491 <dict>
492 <key>SPNEGO</key>
493 <true/> | <false/>
494 <key>NTLM</key>
495 <true/> | <false/>
496 </dict>
497 <key>Locked</key>
498 <true/> | <false/>
499 <key>PrivateBrowsing</key>
500 <true/> | <false/>
501 </dict>
502 </dict>
503 ```
504 #### policies.json
505 ```
506 {
507 "policies": {
508 "Authentication": {
509 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
510 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
511 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
512 "AllowNonFQDN": {
513 "SPNEGO": true | false,
514 "NTLM": true | false
515 },
516 "AllowProxies": {
517 "SPNEGO": true | false,
518 "NTLM": true | false
519 },
520 "Locked": true | false,
521 "PrivateBrowsing": true | false
522 }
523 }
524 }
525 ```
526 ### AutoLaunchProtocolsFromOrigins
527 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
528
529 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
530
531 The schema is:
532 ```
533 {
534 "items": {
535 "properties": {
536 "allowed_origins": {
537 "items": {
538 "type": "string"
539 },
540 "type": "array"
541 },
542 "protocol": {
543 "type": "string"
544 }
545 },
546 "required": [
547 "protocol",
548 "allowed_origins"
549 ],
550 "type": "object"
551 },
552 "type": "array"
553 }
554 ```
555 **Compatibility:** Firefox 90, Firefox ESR 78.12\
556 **CCK2 Equivalent:** N/A\
557 **Preferences Affected:** N/A
558
559 #### Windows (GPO)
560 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
561 ```
562 [
563 {
564 "protocol": "zoommtg",
565 "allowed_origins": [
566 "https://somesite.zoom.us"
567 ]
568 }
569 ]
570 ```
571 #### Windows (Intune)
572 OMA-URI:
573 ```
574 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
575 ```
576 Value (string):
577 ```
578 <enabled/>
579 <data id="JSON" value='
580 [
581 {
582 "protocol": "zoommtg",
583 "allowed_origins": [
584 "https://somesite.zoom.us"
585 ]
586 }
587 ]'/>
588 ```
589 #### macOS
590 ```
591 <dict>
592 <key>AutoLaunchProtocolsFromOrigins</key>
593 <array>
594 <dict>
595 <key>protocol</key>
596 <string>zoommtg</string>
597 <key>allowed_origins</key>
598 <array>
599 <string>https://somesite.zoom.us</string>
600 </array>
601 </dict>
602 </array>
603 </dict>
604 ```
605 #### policies.json
606 ```
607 {
608 "policies": {
609 "AutoLaunchProtocolsFromOrigins": [{
610 "protocol": "zoommtg",
611 "allowed_origins": [
612 "https://somesite.zoom.us"
613 ]
614 }]
615 }
616 }
617 ```
618 ### BackgroundAppUpdate
619
620 Enable or disable **automatic** application update **in the background**, when the application is not running.
621
622 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
623
624 If set to false, the application will not try to install updates when the application is not running.
625
626 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
627
628 If you are having trouble getting the background task to run, verify your configuration with the ["Requirements to run" section in this support document](https://support.mozilla.org/en-US/kb/enable-background-updates-firefox-windows).
629
630 **Compatibility:** Firefox 90 (Windows only)\
631 **CCK2 Equivalent:** N/A\
632 **Preferences Affected:** `app.update.background.enabled`
633
634 #### Windows (GPO)
635 ```
636 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
637 ```
638 #### Windows (Intune)
639 OMA-URI:
640 ```
641 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
642 ```
643 Value (string):
644 ```
645 <enabled/> or <disabled/>
646 ```
647 #### macOS
648 ```
649 <dict>
650 <key>BackgroundAppUpdate</key>
651 <true/> | <false/>
652 </dict>
653 ```
654 #### policies.json
655 ```
656 {
657 "policies": {
658 "BackgroundAppUpdate": true | false
659 }
660 }
661 ```
662 ### BlockAboutAddons
663
664 Block access to the Add-ons Manager (about:addons).
665
666 **Compatibility:** Firefox 60, Firefox ESR 60\
667 **CCK2 Equivalent:** `disableAddonsManager`\
668 **Preferences Affected:** N/A
669
670 #### Windows (GPO)
671 ```
672 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
673 ```
674 #### Windows (Intune)
675 OMA-URI:
676 ```
677 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
678 ```
679 Value (string):
680 ```
681 <enabled/> or <disabled/>
682 ```
683 #### macOS
684 ```
685 <dict>
686 <key>BlockAboutAddons</key>
687 <true/> | <false/>
688 </dict>
689 ```
690 #### policies.json
691 ```
692 {
693 "policies": {
694 "BlockAboutAddons": true | false
695 }
696 }
697 ```
698 ### BlockAboutConfig
699
700 Block access to about:config.
701
702 **Compatibility:** Firefox 60, Firefox ESR 60\
703 **CCK2 Equivalent:** `disableAboutConfig`\
704 **Preferences Affected:** N/A
705
706 #### Windows (GPO)
707 ```
708 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
709 ```
710 #### Windows (Intune)
711 OMA-URI:
712 ```
713 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
714 ```
715 Value (string):
716 ```
717 <enabled/> or <disabled/>
718 ```
719 #### macOS
720 ```
721 <dict>
722 <key>BlockAboutConfig</key>
723 <true/> | <false/>
724 </dict>
725 ```
726 #### policies.json
727 ```
728 {
729 "policies": {
730 "BlockAboutConfig": true | false
731 }
732 }
733 ```
734 ### BlockAboutProfiles
735
736 Block access to About Profiles (about:profiles).
737
738 **Compatibility:** Firefox 60, Firefox ESR 60\
739 **CCK2 Equivalent:** `disableAboutProfiles`\
740 **Preferences Affected:** N/A
741
742 #### Windows (GPO)
743 ```
744 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
745 ```
746 #### Windows (Intune)
747 OMA-URI:
748 ```
749 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
750 ```
751 Value (string):
752 ```
753 <enabled/> or <disabled/>
754 ```
755 #### macOS
756 ```
757 <dict>
758 <key>BlockAboutProfiles</key>
759 <true/> | <false/>
760 </dict>
761 ```
762 #### policies.json
763 ```
764 {
765 "policies": {
766 "BlockAboutProfiles": true | false
767 }
768 }
769 ```
770 ### BlockAboutSupport
771
772 Block access to Troubleshooting Information (about:support).
773
774 **Compatibility:** Firefox 60, Firefox ESR 60\
775 **CCK2 Equivalent:** `disableAboutSupport`\
776 **Preferences Affected:** N/A
777
778 #### Windows (GPO)
779 ```
780 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
781 ```
782 #### Windows (Intune)
783 OMA-URI:
784 ```
785 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
786 ```
787 Value (string):
788 ```
789 <enabled/> or <disabled/>
790 ```
791 #### macOS
792 ```
793 <dict>
794 <key>BlockAboutSupport</key>
795 <true/> | <false/>
796 </dict>
797 ```
798 #### policies.json
799 ```
800 {
801 "policies": {
802 "BlockAboutSupport": true | false
803 }
804 }
805 ```
806 ### Bookmarks
807
808 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
809
810 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
811
812 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
813
814 **Compatibility:** Firefox 60, Firefox ESR 60\
815 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
816 **Preferences Affected:** N/A
817
818 #### Windows (GPO)
819 ```
820 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
821 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
822 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
823 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
824 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
825
826 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
827 ```
828 []
829 ```
830
831 ```
832 #### Windows (Intune)
833 OMA-URI:
834 ```
835 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
836 ```
837 Value (string):
838 ```
839 <enabled/>
840 <data id="BookmarkTitle" value="Example"/>
841 <data id="BookmarkURL" value="https://example.com"/>
842 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
843 <data id="BookmarkPlacement" value="toolbar | menu"/>
844 <data id="BookmarkFolder" value="FolderName"/>
845 ```
846 OMA-URI:
847 ```
848 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
849 ```
850 Value (string):
851 ```
852 <enabled/>
853 <data id="JSON" value='[]'/>
854 ```
855 #### macOS
856 ```
857 <dict>
858 <key>Bookmarks</key>
859 <array>
860 <dict>
861 <key>Title</key>
862 <string>Example</string>
863 <key>URL</key>
864 <string>https://example.com</string>
865 <key>Favicon</key>
866 <string>https://example.com/favicon.ico</string>
867 <key>Placement</key>
868 <string>toolbar | menu</string>
869 <key>Folder</key>
870 <string>FolderName</string>
871 </dict>
872 </array>
873 </dict>
874 ```
875 #### policies.json
876 ```
877 {
878 "policies": {
879 "Bookmarks": [
880 {
881 "Title": "Example",
882 "URL": "https://example.com",
883 "Favicon": "https://example.com/favicon.ico",
884 "Placement": "toolbar" | "menu",
885 "Folder": "FolderName"
886 }
887 ]
888 }
889 }
890 ```
891 ### CaptivePortal
892 Enable or disable the detection of captive portals.
893
894 **Compatibility:** Firefox 67, Firefox ESR 60.7\
895 **CCK2 Equivalent:** N/A\
896 **Preferences Affected:** `network.captive-portal-service.enabled`
897
898 #### Windows (GPO)
899 ```
900 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
901 ```
902 #### Windows (Intune)
903 OMA-URI:
904 ```
905 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
906 ```
907 Value (string):
908 ```
909 <enabled/> or <disabled/>
910 ```
911 #### macOS
912 ```
913 <dict>
914 <key>CaptivePortal</key>
915 <true/> | <false/>
916 </dict>
917 ```
918 #### policies.json
919 ```
920 {
921 "policies": {
922 "CaptivePortal": true | false
923 }
924 }
925 ```
926 ### Certificates
927
928 ### Certificates | ImportEnterpriseRoots
929
930 Trust certificates that have been added to the operating system certificate store by a user or administrator.
931
932 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
933
934 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
935
936 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
937 **CCK2 Equivalent:** N/A\
938 **Preferences Affected:** `security.enterprise_roots.enabled`
939
940 #### Windows (GPO)
941 ```
942 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
943 ```
944 #### Windows (Intune)
945 OMA-URI:
946 ```
947 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
948 ```
949 Value (string):
950 ```
951 <enabled/> or <disabled/>
952 ```
953 #### macOS
954 ```
955 <dict>
956 <key>Certificates</key>
957 <dict>
958 <key>ImportEnterpriseRoots</key>
959 <true/> | <false/>
960 </dict>
961 </dict>
962 ```
963 #### policies.json
964 ```
965 {
966 "policies": {
967 "Certificates": {
968 "ImportEnterpriseRoots": true | false
969 }
970 }
971 }
972 ```
973 ### Certificates | Install
974
975 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
976
977 - Windows
978 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
979 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
980 - macOS
981 - /Library/Application Support/Mozilla/Certificates
982 - ~/Library/Application Support/Mozilla/Certificates
983 - Linux
984 - /usr/lib/mozilla/certificates
985 - /usr/lib64/mozilla/certificates
986 - ~/.mozilla/certificates
987
988 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
989
990 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
991
992 Certificates are installed using the trust string `CT,CT,`.
993
994 Binary (DER) and ASCII (PEM) certificates are both supported.
995
996 **Compatibility:** Firefox 64, Firefox ESR 64\
997 **CCK2 Equivalent:** `certs.ca`\
998 **Preferences Affected:** N/A
999
1000 #### Windows (GPO)
1001 ```
1002 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
1003 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
1004 ```
1005 #### Windows (Intune)
1006 OMA-URI:
1007 ```
1008 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
1009 ```
1010 Value (string):
1011 ```
1012 <enabled/>
1013 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
1014 ```
1015 #### macOS
1016 ```
1017 <dict>
1018 <key>Certificates</key>
1019 <dict>
1020 <key>Install</key>
1021 <array>
1022 <string>cert1.der</string>
1023 <string>/Users/username/cert2.pem</string>
1024 </array>
1025 </dict>
1026 </dict>
1027 ```
1028 #### policies.json
1029 ```
1030 {
1031 "policies": {
1032 "Certificates": {
1033 "Install": ["cert1.der", "/home/username/cert2.pem"]
1034 }
1035 }
1036 }
1037 ```
1038 ### Containers
1039 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1040
1041 Currently you can set the initial set of containers.
1042
1043 For each container, you can specify the name, icon, and color.
1044
1045 | Name | Description |
1046 | --- | --- |
1047 | `name`| Name of container
1048 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1049 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1050
1051 **Compatibility:** Firefox 113\
1052 **CCK2 Equivalent:** N/A\
1053 **Preferences Affected:** N/A
1054
1055 #### Windows (GPO)
1056 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1057 ```
1058 {
1059 "Default": [
1060 {
1061 "name": "My container",
1062 "icon": "pet",
1063 "color": "turquoise"
1064 }
1065 ]
1066 }
1067 ```
1068 #### Windows (Intune)
1069 OMA-URI:
1070 ```
1071 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1072 ```
1073 Value (string):
1074 ```
1075 <enabled/>
1076 <data id="JSON" value='
1077 {
1078 "Default": [
1079 {
1080 "name": "My container",
1081 "icon": "pet",
1082 "color": "turquoise"
1083 }
1084 ]
1085 }
1086 '/>
1087 ```
1088 #### macOS
1089 ```
1090 <dict>
1091 <key>Default</key>
1092 <dict>
1093 <key>Containers</key>
1094 <array>
1095 <dict>
1096 <key>name</key>
1097 <string>My container</string>
1098 <key>icon</key>
1099 <string>pet</string>
1100 <key>color</key>
1101 <string>turquoise</string>
1102 </dict>
1103 </array>
1104 </dict>
1105 </dict>
1106 ```
1107 #### policies.json
1108 ```
1109 {
1110 "policies": {
1111 "Containers": {
1112 "Default": [
1113 {
1114 "name": "My container",
1115 "icon": "pet",
1116 "color": "turquoise"
1117 }
1118 ]
1119 }
1120 }
1121 }
1122 ```
1123 ### Cookies
1124 Configure cookie preferences.
1125
1126 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1127
1128 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1129
1130 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1131
1132 `Behavior` sets the default behavior for cookies based on the values below.
1133
1134 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1135
1136 | Value | Description
1137 | --- | --- |
1138 | accept | Accept all cookies
1139 | reject-foreign | Reject third party cookies
1140 | reject | Reject all cookies
1141 | limit-foreign | Reject third party cookies for sites you haven't visited
1142 | reject-tracker | Reject cookies for known trackers (default)
1143 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1144
1145 `Locked` prevents the user from changing cookie preferences.
1146
1147 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1148 **CCK2 Equivalent:** N/A\
1149 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1150
1151 #### Windows (GPO)
1152 ```
1153 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1154 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1155 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1156 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1157 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1158 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1159 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1160 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1161 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1162 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1163 ```
1164 #### Windows (Intune)
1165 OMA-URI:
1166 ```
1167 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1168 ```
1169 Value (string):
1170 ```
1171 <enabled/>
1172 <data id="Permissions" value="1&#xF000;https://example.com"/>
1173 ```
1174 OMA-URI:
1175 ```
1176 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1177 ```
1178 Value (string):
1179 ```
1180 <enabled/>
1181 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1182 ```
1183 OMA-URI:
1184 ```
1185 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1186 ```
1187 Value (string):
1188 ```
1189 <enabled/>
1190 <data id="Permissions" value="1&#xF000;https://example.org"/>
1191 ```
1192 OMA-URI:
1193 ```
1194 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1195 ```
1196 Value (string):
1197 ```
1198 <enabled/> or <disabled/>
1199 ```
1200 OMA-URI:
1201 ```
1202 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1203 ```
1204 Value (string):
1205 ```
1206 <enabled/>
1207 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1208 ```
1209 OMA-URI:
1210 ```
1211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1212 ```
1213 Value (string):
1214 ```
1215 <enabled/> or <disabled/>
1216 ```
1217 OMA-URI:
1218 ```
1219 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1220 ```
1221 Value (string):
1222 ```
1223 <enabled/> or <disabled/>
1224 ```
1225 OMA-URI:
1226 ```
1227 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1228 ```
1229 Value (string):
1230 ```
1231 <enabled/> or <disabled/>
1232 ```
1233 OMA-URI:
1234 ```
1235 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1236 ```
1237 Value (string):
1238 ```
1239 <enabled/>
1240 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1241 ```
1242 OMA-URI:
1243 ```
1244 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1245 ```
1246 Value (string):
1247 ```
1248 <enabled/>
1249 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1250 ```
1251 #### macOS
1252 ```
1253 <dict>
1254 <key>Cookies</key>
1255 <dict>
1256 <key>Allow</key>
1257 <array>
1258 <string>http://example.com</string>
1259 </array>
1260 <key>AllowSession</key>
1261 <array>
1262 <string>http://example.edu</string>
1263 </array>
1264 <key>Block</key>
1265 <array>
1266 <string>http://example.org</string>
1267 </array>
1268 <key>Default</key>
1269 <true/> | <false/>
1270 <key>AcceptThirdParty</key>
1271 <string>always | never | from-visited</string>
1272 <key>ExpireAtSessionEnd</key>
1273 <true/> | <false/>
1274 <key>RejectTracker</key>
1275 <true/> | <false/>
1276 <key>Locked</key>
1277 <true/> | <false/>
1278 <key>Behavior</key>
1279 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1280 <key>BehaviorPrivateBrowsing</key>
1281 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1282 </dict>
1283 </dict>
1284 ```
1285 #### policies.json
1286 ```
1287 {
1288 "policies": {
1289 "Cookies": {
1290 "Allow": ["http://example.org/"],
1291 "AllowSession": ["http://example.edu/"],
1292 "Block": ["http://example.edu/"],
1293 "Default": true | false,
1294 "AcceptThirdParty": "always" | "never" | "from-visited",
1295 "ExpireAtSessionEnd": true | false,
1296 "RejectTracker": true | false,
1297 "Locked": true | false,
1298 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1299 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1300 }
1301 }
1302 }
1303 ```
1304 ### DefaultDownloadDirectory
1305 Set the default download directory.
1306
1307 You can use ${home} for the native home directory.
1308
1309 **Compatibility:** Firefox 68, Firefox ESR 68\
1310 **CCK2 Equivalent:** N/A\
1311 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1312
1313 #### Windows (GPO)
1314 ```
1315 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1316 ```
1317 #### Windows (Intune)
1318 OMA-URI:
1319 ```
1320 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1321 ```
1322 Value (string):
1323 ```
1324 <enabled/>
1325 <data id="Preferences_String" value="${home}\Downloads"/>
1326 ```
1327 #### macOS
1328 ```
1329 <dict>
1330 <key>DefaultDownloadDirectory</key>
1331 <string>${home}/Downloads</string>
1332 </dict>
1333 ```
1334 #### policies.json (macOS and Linux)
1335 ```
1336 {
1337 "policies": {
1338 "DefaultDownloadDirectory": "${home}/Downloads"
1339 }
1340 }
1341 ```
1342 #### policies.json (Windows)
1343 ```
1344 {
1345 "policies": {
1346 "DefaultDownloadDirectory": "${home}\\Downloads"
1347 }
1348 }
1349 ```
1350 ### DisableAppUpdate
1351 Turn off application updates within Firefox.
1352
1353 **Compatibility:** Firefox 60, Firefox ESR 60\
1354 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1355 **Preferences Affected:** N/A
1356
1357 #### Windows (GPO)
1358 ```
1359 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1360 ```
1361 #### Windows (Intune)
1362 OMA-URI:
1363 ```
1364 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1365 ```
1366 Value (string):
1367 ```
1368 <enabled/> or <disabled/>
1369 ```
1370 #### macOS
1371 ```
1372 <dict>
1373 <key>DisableAppUpdate</key>
1374 <true/> | <false/>
1375 </dict>
1376 ```
1377 #### policies.json
1378 ```
1379 {
1380 "policies": {
1381 "DisableAppUpdate": true | false
1382 }
1383 }
1384 ```
1385 ### DisableBuiltinPDFViewer
1386 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1387
1388 **Compatibility:** Firefox 60, Firefox ESR 60\
1389 **CCK2 Equivalent:** `disablePDFjs`\
1390 **Preferences Affected:** `pdfjs.disabled`
1391
1392 #### Windows (GPO)
1393 ```
1394 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1395 ```
1396 #### Windows (Intune)
1397 OMA-URI:
1398 ```
1399 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1400 ```
1401 Value (string):
1402 ```
1403 <enabled/> or <disabled/>
1404 ```
1405 #### macOS
1406 ```
1407 <dict>
1408 <key>DisableBuiltinPDFViewer</key>
1409 <true/> | <false/>
1410 </dict>
1411 ```
1412 #### policies.json
1413 ```
1414 {
1415 "policies": {
1416 "DisableBuiltinPDFViewer": true | false
1417 }
1418 }
1419 ```
1420 ### DisabledCiphers
1421 Disable specific cryptographic ciphers, listed below.
1422
1423 ```
1424 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1425 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1426 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1427 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1428 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1429 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1430 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1431 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1432 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1433 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1434 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1435 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1436 TLS_RSA_WITH_AES_128_GCM_SHA256
1437 TLS_RSA_WITH_AES_256_GCM_SHA384
1438 TLS_RSA_WITH_AES_128_CBC_SHA
1439 TLS_RSA_WITH_AES_256_CBC_SHA
1440 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1441 ```
1442
1443 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1444
1445 ---
1446 **Note:**
1447
1448 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1449
1450 ---
1451 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1452 **CCK2 Equivalent:** N/A\
1453 **Preferences Affected:** N/A
1454
1455 #### Windows (GPO)
1456 ```
1457 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1458 ```
1459 #### Windows (Intune)
1460 OMA-URI:
1461 ```
1462 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1463
1464 ```
1465 Value (string):
1466 ```
1467 <enabled/> or <disabled/>
1468 ```
1469 #### macOS
1470 ```
1471 <dict>
1472 <key>DisabledCiphers</key>
1473 <dict>
1474 <key>CIPHER_NAME</key>
1475 <true/> | <false/>
1476 </dict>
1477 </dict>
1478 ```
1479 #### policies.json
1480 ```
1481 {
1482 "policies": {
1483 "DisabledCiphers": {
1484 "CIPHER_NAME": true | false,
1485 }
1486 }
1487 }
1488 ```
1489 ### DisableDefaultBrowserAgent
1490 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1491
1492 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1493
1494 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1495 **CCK2 Equivalent:** N/A\
1496 **Preferences Affected:** N/A
1497
1498 #### Windows (GPO)
1499 ```
1500 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1501 ```
1502 #### Windows (Intune)
1503 OMA-URI:
1504 ```
1505 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1506 ```
1507 Value (string):
1508 ```
1509 <enabled/> or <disabled/>
1510 ```
1511 #### policies.json
1512 ```
1513 {
1514 "policies": {
1515 "DisableDefaultBrowserAgent": true | false
1516 }
1517 }
1518 ```
1519 ### DisableDeveloperTools
1520 Remove access to all developer tools.
1521
1522 **Compatibility:** Firefox 60, Firefox ESR 60\
1523 **CCK2 Equivalent:** `removeDeveloperTools`\
1524 **Preferences Affected:** `devtools.policy.disabled`
1525
1526 #### Windows (GPO)
1527 ```
1528 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1529 ```
1530 #### Windows (Intune)
1531 OMA-URI:
1532 ```
1533 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1534 ```
1535 Value (string):
1536 ```
1537 <enabled/> or <disabled/>
1538 ```
1539 #### macOS
1540 ```
1541 <dict>
1542 <key>DisableDeveloperTools</key>
1543 <true/> | <false/>
1544 </dict>
1545 ```
1546 #### policies.json
1547 ```
1548 {
1549 "policies": {
1550 "DisableDeveloperTools": true | false
1551 }
1552 }
1553 ```
1554 ### DisableFeedbackCommands
1555 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1556
1557 **Compatibility:** Firefox 60, Firefox ESR 60\
1558 **CCK2 Equivalent:** N/A\
1559 **Preferences Affected:** N/A
1560
1561 #### Windows (GPO)
1562 ```
1563 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1564 ```
1565 #### Windows (Intune)
1566 OMA-URI:
1567 ```
1568 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1569 ```
1570 Value (string):
1571 ```
1572 <enabled/> or <disabled/>
1573 ```
1574 #### macOS
1575 ```
1576 <dict>
1577 <key>DisableFeedbackCommands</key>
1578 <true/> | <false/>
1579 </dict>
1580 ```
1581 #### policies.json
1582 ```
1583 {
1584 "policies": {
1585 "DisableFeedbackCommands": true | false
1586 }
1587 }
1588 ```
1589 ### DisableDeveloperTools
1590 Remove access to all developer tools.
1591
1592 **Compatibility:** Firefox 60, Firefox ESR 60\
1593 **CCK2 Equivalent:** `removeDeveloperTools`\
1594 **Preferences Affected:** `devtools.policy.disabled`
1595
1596 #### Windows (GPO)
1597 ```
1598 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1599 ```
1600 #### Windows (Intune)
1601 OMA-URI:
1602 ```
1603 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1604 ```
1605 Value (string):
1606 ```
1607 <enabled/> or <disabled/>
1608 ```
1609 #### macOS
1610 ```
1611 <dict>
1612 <key>DisableDeveloperTools</key>
1613 <true/> | <false/>
1614 </dict>
1615 ```
1616 #### policies.json
1617 ```
1618 {
1619 "policies": {
1620 "DisableDeveloperTools": true | false
1621 }
1622 }
1623 ```
1624 ### DisableEncryptedClientHello
1625 Disable the TLS Feature for Encrypted Client Hello. Note that TLS Client Hellos will still contain an ECH extension, but this extension will not be used by Firefox during the TLS handshake.
1626
1627 **Compatibility:** Firefox 127, Firefox ESR 128\
1628 **CCK2 Equivalent:** N/A\
1629 **Preferences Affected:** `network.dns.echconfig.enabled`, `network.dns.http3_echconfig.enabled`
1630
1631 #### Windows (GPO)
1632 ```
1633 Software\Policies\Mozilla\Firefox\DisableEncryptedClientHello = 0x1 | 0x0
1634 ```
1635 #### Windows (Intune)
1636 OMA-URI:
1637 ```
1638 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableEncryptedClientHello
1639 ```
1640 Value (string):
1641 ```
1642 <enabled/> or <disabled/>
1643 ```
1644 #### macOS
1645 ```
1646 <dict>
1647 <key>DisableEncryptedClientHello</key>
1648 <true/> | <false/>
1649 </dict>
1650 ```
1651 #### policies.json
1652 ```
1653 {
1654 "policies": {
1655 "DisableEncryptedClientHello": true | false
1656 }
1657 }
1658 ```
1659 ### DisableFirefoxAccounts
1660 Disable Firefox Accounts integration (Sync).
1661
1662 **Compatibility:** Firefox 60, Firefox ESR 60\
1663 **CCK2 Equivalent:** `disableSync`\
1664 **Preferences Affected:** `identity.fxaccounts.enabled`
1665
1666 #### Windows (GPO)
1667 ```
1668 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1669 ```
1670 #### Windows (Intune)
1671 OMA-URI:
1672 ```
1673 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1674 ```
1675 Value (string):
1676 ```
1677 <enabled/> or <disabled/>
1678 ```
1679 #### macOS
1680 ```
1681 <dict>
1682 <key>DisableFirefoxAccounts</key>
1683 <true/> | <false/>
1684 </dict>
1685 ```
1686 #### policies.json
1687 ```
1688 {
1689 "policies": {
1690 "DisableFirefoxAccounts": true | false
1691 }
1692 }
1693 ```
1694 ### DisableFirefoxScreenshots
1695 Remove access to Firefox Screenshots.
1696
1697 **Compatibility:** Firefox 60, Firefox ESR 60\
1698 **CCK2 Equivalent:** N/A\
1699 **Preferences Affected:** `extensions.screenshots.disabled`
1700
1701 #### Windows (GPO)
1702 ```
1703 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1704 ```
1705 #### Windows (Intune)
1706 OMA-URI:
1707 ```
1708 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1709 ```
1710 Value (string):
1711 ```
1712 <enabled/> or <disabled/>
1713 ```
1714 #### macOS
1715 ```
1716 <dict>
1717 <key>DisableFirefoxScreenshots</key>
1718 <true/> | <false/>
1719 </dict>
1720 ```
1721 #### policies.json
1722 ```
1723 {
1724 "policies": {
1725 "DisableFirefoxScreenshots": true | false
1726 }
1727 }
1728 ```
1729 ### DisableFirefoxStudies
1730 Disable Firefox studies (Shield).
1731
1732 **Compatibility:** Firefox 60, Firefox ESR 60\
1733 **CCK2 Equivalent:** N/A\
1734 **Preferences Affected:** N/A
1735
1736 #### Windows (GPO)
1737 ```
1738 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1739 ```
1740 #### Windows (Intune)
1741 OMA-URI:
1742 ```
1743 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1744 ```
1745 Value (string):
1746 ```
1747 <enabled/> or <disabled/>
1748 ```
1749 #### macOS
1750 ```
1751 <dict>
1752 <key>DisableFirefoxStudies</key>
1753 <true/> | <false/>
1754 </dict>
1755 ```
1756 #### policies.json
1757 ```
1758 {
1759 "policies": {
1760 "DisableFirefoxStudies": true | false
1761 }
1762 }
1763 ```
1764 ### DisableForgetButton
1765 Disable the "Forget" button.
1766
1767 **Compatibility:** Firefox 60, Firefox ESR 60\
1768 **CCK2 Equivalent:** `disableForget`\
1769 **Preferences Affected:** N/A
1770
1771 #### Windows (GPO)
1772 ```
1773 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1774 ```
1775 #### Windows (Intune)
1776 OMA-URI:
1777 ```
1778 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1779 ```
1780 Value (string):
1781 ```
1782 <enabled/> or <disabled/>
1783 ```
1784 #### macOS
1785 ```
1786 <dict>
1787 <key>DisableForgetButton</key>
1788 <true/> | <false/>
1789 </dict>
1790 ```
1791 #### policies.json
1792 ```
1793 {
1794 "policies": {
1795 "DisableForgetButton": true | false
1796 }
1797 }
1798 ```
1799 ### DisableFormHistory
1800 Turn off saving information on web forms and the search bar.
1801
1802 **Compatibility:** Firefox 60, Firefox ESR 60\
1803 **CCK2 Equivalent:** `disableFormFill`\
1804 **Preferences Affected:** `browser.formfill.enable`
1805
1806 #### Windows (GPO)
1807 ```
1808 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1809 ```
1810 #### Windows (Intune)
1811 OMA-URI:
1812 ```
1813 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1814 ```
1815 Value (string):
1816 ```
1817 <enabled/> or <disabled/>
1818 ```
1819 #### macOS
1820 ```
1821 <dict>
1822 <key>DisableFormHistory</key>
1823 <true/> | <false/>
1824 </dict>
1825 ```
1826 #### policies.json
1827 ```
1828 {
1829 "policies": {
1830 "DisableFormHistory": true | false
1831 }
1832 }
1833 ```
1834 ### DisableMasterPasswordCreation
1835 Remove the master password functionality.
1836
1837 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1838
1839 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1840
1841 **Compatibility:** Firefox 60, Firefox ESR 60\
1842 **CCK2 Equivalent:** `noMasterPassword`\
1843 **Preferences Affected:** N/A
1844
1845 #### Windows (GPO)
1846 ```
1847 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1848 ```
1849 #### Windows (Intune)
1850 OMA-URI:
1851 ```
1852 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1853 ```
1854 Value (string):
1855 ```
1856 <enabled/> or <disabled/>
1857 ```
1858 #### macOS
1859 ```
1860 <dict>
1861 <key>DisableMasterPasswordCreation</key>
1862 <true/> | <false/>
1863 </dict>
1864 ```
1865 #### policies.json
1866 ```
1867 {
1868 "policies": {
1869 "DisableMasterPasswordCreation": true | false
1870 }
1871 }
1872 ```
1873 ### DisablePasswordReveal
1874 Do not allow passwords to be shown in saved logins
1875
1876 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1877 **CCK2 Equivalent:** N/A
1878 **Preferences Affected:** N/A
1879
1880 #### Windows (GPO)
1881 ```
1882 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1883 ```
1884 #### Windows (Intune)
1885 OMA-URI:
1886 ```
1887 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1888 ```
1889 Value (string):
1890 ```
1891 <enabled/> or <disabled/>
1892 ```
1893 #### macOS
1894 ```
1895 <dict>
1896 <key>DisablePasswordReveal</key>
1897 <true/> | <false/>
1898 </dict>
1899 ```
1900 #### policies.json
1901 ```
1902 {
1903 "policies": {
1904 "DisablePasswordReveal": true | false
1905 }
1906 }
1907 ```
1908 ### DisablePocket
1909 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1910
1911 **Compatibility:** Firefox 60, Firefox ESR 60\
1912 **CCK2 Equivalent:** `disablePocket`\
1913 **Preferences Affected:** `extensions.pocket.enabled`
1914
1915 #### Windows (GPO)
1916 ```
1917 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1918 ```
1919 #### Windows (Intune)
1920 OMA-URI:
1921 ```
1922 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1923 ```
1924 Value (string):
1925 ```
1926 <enabled/> or <disabled/>
1927 ```
1928 #### macOS
1929 ```
1930 <dict>
1931 <key>DisablePocket</key>
1932 <true/> | <false/>
1933 </dict>
1934 ```
1935 #### policies.json
1936 ```
1937 {
1938 "policies": {
1939 "DisablePocket": true | false
1940 }
1941 }
1942 ```
1943 ### DisablePrivateBrowsing
1944 Remove access to private browsing.
1945
1946 **Compatibility:** Firefox 60, Firefox ESR 60\
1947 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1948 **Preferences Affected:** N/A
1949
1950 #### Windows (GPO)
1951 ```
1952 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1953 ```
1954 #### Windows (Intune)
1955 OMA-URI:
1956 ```
1957 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1958 ```
1959 Value (string):
1960 ```
1961 <enabled/> or <disabled/>
1962 ```
1963 #### macOS
1964 ```
1965 <dict>
1966 <key>DisablePrivateBrowsing</key>
1967 <true/> | <false/>
1968 </dict>
1969 ```
1970 #### policies.json
1971 ```
1972 {
1973 "policies": {
1974 "DisablePrivateBrowsing": true | false
1975 }
1976 }
1977 ```
1978 ### DisableProfileImport
1979 Disables the "Import data from another browser" option in the bookmarks window.
1980
1981 **Compatibility:** Firefox 60, Firefox ESR 60\
1982 **CCK2 Equivalent:** N/A\
1983 **Preferences Affected:** N/A
1984
1985 #### Windows (GPO)
1986 ```
1987 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1988 ```
1989 #### Windows (Intune)
1990 OMA-URI:
1991 ```
1992 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1993 ```
1994 Value (string):
1995 ```
1996 <enabled/> or <disabled/>
1997 ```
1998 #### macOS
1999 ```
2000 <dict>
2001 <key>DisableProfileImport</key>
2002 <true/> | <false/>
2003 </dict>
2004 ```
2005 #### policies.json
2006 ```
2007 {
2008 "policies": {
2009 "DisableProfileImport": true | false
2010 }
2011 }
2012 ```
2013 ### DisableProfileRefresh
2014 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
2015
2016 **Compatibility:** Firefox 60, Firefox ESR 60\
2017 **CCK2 Equivalent:** `disableResetFirefox`\
2018 **Preferences Affected:** `browser.disableResetPrompt`
2019
2020 #### Windows (GPO)
2021 ```
2022 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
2023 ```
2024 #### Windows (Intune)
2025 OMA-URI:
2026 ```
2027 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
2028 ```
2029 Value (string):
2030 ```
2031 <enabled/> or <disabled/>
2032 ```
2033 #### macOS
2034 ```
2035 <dict>
2036 <key>DisableProfileRefresh</key>
2037 <true/> | <false/>
2038 </dict>
2039 ```
2040 #### policies.json
2041 ```
2042 {
2043 "policies": {
2044 "DisableProfileRefresh": true | false
2045 }
2046 }
2047 ```
2048 ### DisableSafeMode
2049 Disable safe mode within the browser.
2050
2051 On Windows, this disables safe mode via the command line as well.
2052
2053 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
2054 **CCK2 Equivalent:** `disableSafeMode`\
2055 **Preferences Affected:** N/A
2056
2057 #### Windows (GPO)
2058 ```
2059 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
2060 ```
2061 #### Windows (Intune)
2062 OMA-URI:
2063 ```
2064 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
2065 ```
2066 Value (string):
2067 ```
2068 <enabled/> or <disabled/>
2069 ```
2070 #### macOS
2071 ```
2072 <dict>
2073 <key>DisableSafeMode</key>
2074 <true/> | <false/>
2075 </dict>
2076 ```
2077 #### policies.json
2078 ```
2079 {
2080 "policies": {
2081 "DisableSafeMode": true | false
2082 }
2083 }
2084 ```
2085 ### DisableSecurityBypass
2086 Prevent the user from bypassing security in certain cases.
2087
2088 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
2089
2090 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
2091
2092 These policies only affect what happens when an error is shown, they do not affect any settings in preferences.
2093
2094 **Compatibility:** Firefox 60, Firefox ESR 60\
2095 **CCK2 Equivalent:** N/A\
2096 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
2097
2098 #### Windows (GPO)
2099 ```
2100 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2101 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2102 ```
2103 #### Windows (Intune)
2104 OMA-URI:
2105 ```
2106 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2107 ```
2108 Value (string):
2109 ```
2110 <enabled/> or <disabled/>
2111 ```
2112 OMA-URI:
2113 ```
2114 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2115 ```
2116 Value (string):
2117 ```
2118 <enabled/> or <disabled/>
2119 ```
2120
2121 #### macOS
2122 ```
2123 <dict>
2124 <key>DisableSecurityBypass</key>
2125 <dict>
2126 <key>InvalidCertificate</key>
2127 <true/> | <false/>
2128 <key>SafeBrowsing</key>
2129 <true/> | <false/>
2130 </dict>
2131 </dict>
2132 ```
2133 #### policies.json
2134 ```
2135 {
2136 "policies": {
2137 "DisableSecurityBypass": {
2138 "InvalidCertificate": true | false,
2139 "SafeBrowsing": true | false
2140 }
2141 }
2142 }
2143 ```
2144 ### DisableSetDesktopBackground
2145 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2146
2147 **Compatibility:** Firefox 60, Firefox ESR 60\
2148 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2149 **Preferences Affected:** N/A
2150
2151 #### Windows (GPO)
2152 ```
2153 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2154 ```
2155 #### Windows (Intune)
2156 OMA-URI:
2157 ```
2158 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2159 ```
2160 Value (string):
2161 ```
2162 <enabled/> or <disabled/>
2163 ```
2164 #### macOS
2165 ```
2166 <dict>
2167 <key>DisableSetDesktopBackground</key>
2168 <true/> | <false/>
2169 </dict>
2170 ```
2171 #### policies.json
2172 ```
2173 {
2174 "policies": {
2175 "DisableSetDesktopBackground": true | false
2176 }
2177 }
2178 ```
2179 ### DisableSystemAddonUpdate
2180 Prevent system add-ons from being installed or updated.
2181
2182 **Compatibility:** Firefox 60, Firefox ESR 60\
2183 **CCK2 Equivalent:** N/A\
2184 **Preferences Affected:** N/A
2185
2186 #### Windows (GPO)
2187 ```
2188 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2189 ```
2190 #### Windows (Intune)
2191 OMA-URI:
2192 ```
2193 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2194 ```
2195 Value (string):
2196 ```
2197 <enabled/> or <disabled/>
2198 ```
2199 #### macOS
2200 ```
2201 <dict>
2202 <key>DisableSystemAddonUpdate</key>
2203 <true/> | <false/>
2204 </dict>
2205 ```
2206 #### policies.json
2207 ```
2208 {
2209 "policies": {
2210 "DisableSystemAddonUpdate": true | false
2211 }
2212 }
2213 ```
2214 ### DisableTelemetry
2215 Prevent the upload of telemetry data.
2216
2217 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2218
2219 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2220
2221 **Compatibility:** Firefox 60, Firefox ESR 60\
2222 **CCK2 Equivalent:** `disableTelemetry`\
2223 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2224
2225 #### Windows (GPO)
2226 ```
2227 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2228 ```
2229 #### Windows (Intune)
2230 OMA-URI:
2231 ```
2232 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2233 ```
2234 Value (string):
2235 ```
2236 <enabled/> or <disabled/>
2237 ```
2238 #### macOS
2239 ```
2240 <dict>
2241 <key>DisableTelemetry</key>
2242 <true/> | <false/>
2243 </dict>
2244 ```
2245 #### policies.json
2246 ```
2247 {
2248 "policies": {
2249 "DisableTelemetry": true | false
2250 }
2251 }
2252 ```
2253 ### DisableThirdPartyModuleBlocking
2254 Do not allow blocking third-party modules from the `about:third-party` page.
2255
2256 This policy only works on Windows through GPO (not policies.json).
2257
2258 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2259 **CCK2 Equivalent:** N/A\
2260 **Preferences Affected:** N/A
2261
2262 #### Windows (GPO)
2263 ```
2264 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2265 ```
2266 #### Windows (Intune)
2267 OMA-URI:
2268 ```
2269 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2270 ```
2271 Value (string):
2272 ```
2273 <enabled/> or <disabled/>
2274 ```
2275 ### DisplayBookmarksToolbar
2276 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2277
2278 `always` means the bookmarks toolbar is always shown.
2279
2280 `never` means the bookmarks toolbar is not shown.
2281
2282 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2283
2284 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2285 **CCK2 Equivalent:** N/A\
2286 **Preferences Affected:** N/A
2287
2288 #### Windows (GPO)
2289 ```
2290 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2291 ```
2292 #### Windows (Intune)
2293 OMA-URI:
2294 ```
2295 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2296 ```
2297 Value (string):
2298 ```
2299 <enabled/>
2300 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2301 ```
2302 #### macOS
2303 ```
2304 <dict>
2305 <key>DisplayBookmarksToolbar</key>
2306 <string>always | never | newtab</string>
2307 </dict>
2308 ```
2309 #### policies.json
2310 ```
2311 {
2312 "policies": {
2313 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2314 }
2315 }
2316 ```
2317 ### DisplayMenuBar
2318 Set the state of the menubar.
2319
2320 `always` means the menubar is shown and cannot be hidden.
2321
2322 `never` means the menubar is hidden and cannot be shown.
2323
2324 `default-on` means the menubar is on by default but can be hidden.
2325
2326 `default-off` means the menubar is off by default but can be shown.
2327
2328 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2329 **CCK2 Equivalent:** `displayMenuBar`\
2330 **Preferences Affected:** N/A
2331
2332 #### Windows (GPO)
2333 ```
2334 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2335 ```
2336 #### Windows (Intune)
2337 OMA-URI:
2338 ```
2339 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2340 ```
2341 Value (string):
2342 ```
2343 <enabled/>
2344 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2345 ```
2346 #### macOS
2347 ```
2348 <dict>
2349 <key>DisplayMenuBar</key>
2350 <string>always | never | default-on | default-off</string>
2351 </dict>
2352 ```
2353 #### policies.json
2354 ```
2355 {
2356 "policies": {
2357 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2358 }
2359 }
2360 ```
2361 ### DNSOverHTTPS
2362 Configure DNS over HTTPS.
2363
2364 `Enabled` determines whether DNS over HTTPS is enabled
2365
2366 `ProviderURL` is a URL to another provider.
2367
2368 `Locked` prevents the user from changing DNS over HTTPS preferences.
2369
2370 `ExcludedDomains` excludes domains from DNS over HTTPS.
2371
2372 `Fallback` determines whether or not Firefox will use your default DNS resolver if there is a problem with the secure DNS provider.
2373
2374 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7) (Fallback added in 124)\
2375 **CCK2 Equivalent:** N/A\
2376 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2377
2378 #### Windows (GPO)
2379 ```
2380 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2381 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2382 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2383 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2384 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Fallback = 0x1 | 0x0
2385 ```
2386 #### Windows (Intune)
2387 OMA-URI:
2388 ```
2389 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2390 ```
2391 Value (string):
2392 ```
2393 <enabled/> or <disabled/>
2394 ```
2395 OMA-URI:
2396 ```
2397 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2398 ```
2399 Value (string):
2400 ```
2401 <enabled/>
2402 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2403 ```
2404 OMA-URI:
2405 ```
2406 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2407 ```
2408 Value (string):
2409 ```
2410 <enabled/> or <disabled/>
2411 ```
2412 OMA-URI:
2413 ```
2414 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2415 ```
2416 Value (string):
2417 ```
2418 <enabled/>
2419 <data id="List" value="1&#xF000;example.com"/>
2420 ```
2421 OMA-URI:
2422 ```
2423 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Fallback
2424 ```
2425 Value (string):
2426 ```
2427 <enabled/> or <disabled/>
2428 ```
2429 #### macOS
2430 ```
2431 <dict>
2432 <key>DNSOverHTTPS</key>
2433 <dict>
2434 <key>Enabled</key>
2435 <true/> | <false/>
2436 <key>ProviderURL</key>
2437 <string>URL_TO_ALTERNATE_PROVIDER</string>
2438 <key>Locked</key>
2439 <true/> | <false/>
2440 <key>ExcludedDomains</key>
2441 <array>
2442 <string>example.com</string>
2443 </array>
2444 <key>Fallback</key>
2445 <true/> | <false/>
2446 </dict>
2447 </dict>
2448 ```
2449 #### policies.json
2450 ```
2451 {
2452 "policies": {
2453 "DNSOverHTTPS": {
2454 "Enabled": true | false,
2455 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2456 "Locked": true | false,
2457 "ExcludedDomains": ["example.com"],
2458 "Fallback": true | false,
2459 }
2460 }
2461 }
2462 ```
2463 ### DontCheckDefaultBrowser
2464 Don't check if Firefox is the default browser at startup.
2465
2466 **Compatibility:** Firefox 60, Firefox ESR 60\
2467 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2468 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2469
2470 #### Windows (GPO)
2471 ```
2472 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2473 ```
2474 #### Windows (Intune)
2475 OMA-URI:
2476 ```
2477 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2478 ```
2479 Value (string):
2480 ```
2481 <enabled/> or <disabled/>
2482 ```
2483 #### macOS
2484 ```
2485 <dict>
2486 <key>DontCheckDefaultBrowser</key>
2487 <true/> | <false/>
2488 </dict>
2489 ```
2490 #### policies.json
2491 ```
2492 {
2493 "policies": {
2494 "DontCheckDefaultBrowser": true | false
2495 }
2496 }
2497 ```
2498 ### DownloadDirectory
2499 Set and lock the download directory.
2500
2501 You can use ${home} for the native home directory.
2502
2503 **Compatibility:** Firefox 68, Firefox ESR 68\
2504 **CCK2 Equivalent:** N/A\
2505 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2506
2507 #### Windows (GPO)
2508 ```
2509 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2510 ```
2511 #### Windows (Intune)
2512 OMA-URI:
2513 ```
2514 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2515 ```
2516 Value (string):
2517 ```
2518 <enabled/>
2519 <data id="Preferences_String" value="${home}\Downloads"/>
2520 ```
2521 #### macOS
2522 ```
2523 <dict>
2524 <key>DownloadDirectory</key>
2525 <string>${home}/Downloads</string>
2526 </dict>
2527 ```
2528 #### policies.json (macOS and Linux)
2529 ```
2530 {
2531 "policies": {
2532 "DownloadDirectory": "${home}/Downloads"
2533 }
2534 ```
2535 #### policies.json (Windows)
2536 ```
2537 {
2538 "policies": {
2539 "DownloadDirectory": "${home}\\Downloads"
2540 }
2541 ```
2542 ### EnableTrackingProtection
2543 Configure tracking protection.
2544
2545 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2546
2547 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2548
2549 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2550
2551 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2552
2553 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2554
2555 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2556
2557 `Exceptions` are origins for which tracking protection is not enabled.
2558
2559 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2560 **CCK2 Equivalent:** N/A\
2561 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2562
2563 #### Windows (GPO)
2564 ```
2565 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2566 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2567 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2568 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2569 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2570 ```
2571 #### Windows (Intune)
2572 OMA-URI:
2573 ```
2574 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2575 ```
2576 Value (string):
2577 ```
2578 <enabled/> or <disabled/>
2579 ```
2580 OMA-URI:
2581 ```
2582 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2583 ```
2584 Value (string):
2585 ```
2586 <enabled/> or <disabled/>
2587 ```
2588 OMA-URI:
2589 ```
2590 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2591 ```
2592 Value (string):
2593 ```
2594 <enabled/> or <disabled/>
2595 ```
2596 OMA-URI:
2597 ```
2598 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2599 ```
2600 Value (string):
2601 ```
2602 <enabled/>
2603 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2604 ```
2605 OMA-URI:
2606 ```
2607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2608 ```
2609 Value (string):
2610 ```
2611 <enabled/> or <disabled/>
2612 ```
2613 #### macOS
2614 ```
2615 <dict>
2616 <key>EnableTrackingProtection</key>
2617 <dict>
2618 <key>Value</key>
2619 <true/> | <false/>
2620 <key>Locked</key>
2621 <true/> | <false/>
2622 <key>Cryptomining</key>
2623 <true/> | <false/>
2624 <key>Fingerprinting</key>
2625 <true/> | <false/>
2626 <key>Exceptions</key>
2627 <array>
2628 <string>https://example.com</string>
2629 </array>
2630 </dict>
2631 </dict>
2632 ```
2633 #### policies.json
2634 ```
2635 {
2636 "policies": {
2637 "EnableTrackingProtection": {
2638 "Value": true | false,
2639 "Locked": true | false,
2640 "Cryptomining": true | false,
2641 "Fingerprinting": true | false,
2642 "Exceptions": ["https://example.com"]
2643 }
2644 }
2645 }
2646 ```
2647 ### EncryptedMediaExtensions
2648 Enable or disable Encrypted Media Extensions and optionally lock it.
2649
2650 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2651
2652 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2653
2654 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2655 **CCK2 Equivalent:** N/A\
2656 **Preferences Affected:** `media.eme.enabled`
2657
2658 #### Windows (GPO)
2659 ```
2660 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2661 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2662 ```
2663 #### Windows (Intune)
2664 OMA-URI:
2665 ```
2666 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2667 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2668 ```
2669 Value (string):
2670 ```
2671 <enabled/>or <disabled/>
2672 ```
2673 #### macOS
2674 ```
2675 <dict>
2676 <key>EncryptedMediaExtensions</key>
2677 <dict>
2678 <key>Enabled</key>
2679 <true/> | <false/>
2680 <key>Locked</key>
2681 <true/> | <false/>
2682 </dict>
2683 </dict>
2684 ```
2685 #### policies.json
2686 ```
2687 {
2688 "policies": {
2689 "EncryptedMediaExtensions": {
2690 "Enabled": true | false,
2691 "Locked": true | false
2692 }
2693 }
2694 }
2695 ```
2696 ### EnterprisePoliciesEnabled
2697 Enable policy support on macOS.
2698
2699 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2700 **CCK2 Equivalent:** N/A\
2701 **Preferences Affected:** N/A
2702
2703 #### macOS
2704 ```
2705 <dict>
2706 <key>EnterprisePoliciesEnabled</key>
2707 <true/>
2708 </dict>
2709 ```
2710 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2711
2712 Disable warnings based on file extension for specific file types on domains.
2713
2714 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2715
2716 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2717
2718 **Compatibility:** Firefox 102\
2719 **CCK2 Equivalent:** N/A\
2720 **Preferences Affected:** N/A
2721
2722 #### Windows (GPO)
2723 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2724 ```
2725 [
2726 {
2727 "file_extension": "jnlp",
2728 "domains": ["example.com"]
2729 }
2730 ]
2731 ```
2732 #### Windows (Intune)
2733 OMA-URI:
2734 ```
2735 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2736 ```
2737 Value (string):
2738 ```
2739 <enabled/>
2740 <data id="JSON" value='
2741 [
2742 {
2743 "file_extension": "jnlp",
2744 "domains": ["example.com"]
2745 }
2746 ]
2747 '/>
2748 ```
2749 #### macOS
2750 ```
2751 <dict>
2752 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2753 <array>
2754 <dict>
2755 <key>file_extension</key>
2756 <string>jnlp</string>
2757 <key>domains</key>
2758 <array>
2759 <string>example.com</string>
2760 </array>
2761 </dict>
2762 </array>
2763 </dict>
2764 ```
2765 #### policies.json
2766 ```
2767 {
2768 "policies": {
2769 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2770 "file_extension": "jnlp",
2771 "domains": ["example.com"]
2772 }]
2773 }
2774 }
2775 ```
2776 ### Extensions
2777 Control the installation, uninstallation and locking of extensions.
2778
2779 We strongly recommend that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2780
2781 This method will be deprecated in the near future.
2782
2783 `Install` is a list of URLs or native paths for extensions to be installed.
2784
2785 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2786
2787 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2788
2789 **Compatibility:** Firefox 60, Firefox ESR 60\
2790 **CCK2 Equivalent:** `addons`\
2791 **Preferences Affected:** N/A
2792
2793 #### Windows (GPO)
2794 ```
2795 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2796 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2797 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2798 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2799 ```
2800 #### Windows (Intune)
2801 OMA-URI:
2802 ```
2803 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2804 ```
2805 Value (string):
2806 ```
2807 <enabled/>
2808 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2809 ```
2810 OMA-URI:
2811 ```
2812 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2813 ```
2814 Value (string):
2815 ```
2816 <enabled/>
2817 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2818 ```
2819 OMA-URI:
2820 ```
2821 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2822 ```
2823 Value (string):
2824 ```
2825 <enabled/>
2826 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2827 ```
2828 #### macOS
2829 ```
2830 <dict>
2831 <key>Extensions</key>
2832 <dict>
2833 <key>Install</key>
2834 <array>
2835 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2836 <string>//path/to/xpi</string>
2837 </array>
2838 <key>Uninstall</key>
2839 <array>
2840 <string>bad_addon_id@mozilla.org</string>
2841 </array>
2842 <key>Locked</key>
2843 <array>
2844 <string>addon_id@mozilla.org</string>
2845 </array>
2846 </dict>
2847 </dict>
2848 ```
2849 #### policies.json
2850 ```
2851 {
2852 "policies": {
2853 "Extensions": {
2854 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2855 "Uninstall": ["bad_addon_id@mozilla.org"],
2856 "Locked": ["addon_id@mozilla.org"]
2857 }
2858 }
2859 }
2860 ```
2861 ### ExtensionSettings
2862 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2863
2864 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2865
2866 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2867
2868 The configuration for each extension is another dictionary that can contain the fields documented below.
2869
2870 | Name | Description |
2871 | --- | --- |
2872 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2873 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2874 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2875 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2876 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2877 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2878 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2879 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2880 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2881 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2882 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2883 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2884
2885 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2886 **CCK2 Equivalent:** N/A\
2887 **Preferences Affected:** N/A
2888
2889 #### Windows (GPO)
2890 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2891 ```
2892 {
2893 "*": {
2894 "blocked_install_message": "Custom error message.",
2895 "install_sources": ["https://yourwebsite.com/*"],
2896 "installation_mode": "blocked",
2897 "allowed_types": ["extension"]
2898 },
2899 "uBlock0@raymondhill.net": {
2900 "installation_mode": "force_installed",
2901 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2902 },
2903 "https-everywhere@eff.org": {
2904 "installation_mode": "allowed",
2905 "updates_disabled": false
2906 }
2907 }
2908 ```
2909 #### Windows (Intune)
2910 OMA-URI:
2911 ```
2912 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2913 ```
2914 Value (string):
2915 ```
2916 <enabled/>
2917 <data id="ExtensionSettings" value='
2918 {
2919 "*": {
2920 "blocked_install_message": "Custom error message.",
2921 "install_sources": ["https://yourwebsite.com/*"],
2922 "installation_mode": "blocked",
2923 "allowed_types": ["extension"]
2924 },
2925 "uBlock0@raymondhill.net": {
2926 "installation_mode": "force_installed",
2927 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2928 },
2929 "https-everywhere@eff.org": {
2930 "installation_mode": "allowed",
2931 "updates_disabled": false
2932 }
2933 }'/>
2934 ```
2935 #### macOS
2936 ```
2937 <dict>
2938 <key>ExtensionSettings</key>
2939 <dict>
2940 <key>*</key>
2941 <dict>
2942 <key>blocked_install_message</key>
2943 <string>Custom error message.</string>
2944 <key>install_sources</key>
2945 <array>
2946 <string>"https://yourwebsite.com/*"</string>
2947 </array>
2948 <key>installation_mode</key>
2949 <string>blocked</string>
2950 <key>allowed_types</key>
2951 <array>
2952 <string>extension</string>
2953 </array>
2954 </dict>
2955 <key>uBlock0@raymondhill.net</key>
2956 <dict>
2957 <key>installation_mode</key>
2958 <string>force_installed</string>
2959 <key>install_url</key>
2960 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2961 </dict>
2962 <key>https-everywhere@eff.org</key>
2963 <dict>
2964 <key>installation_mode</key>
2965 <string>allowed</string>
2966 <key>updates_disabled</key>
2967 <true/> | <false/>
2968 </dict>
2969 </dict>
2970 </dict>
2971 ```
2972 #### policies.json
2973 ```
2974 {
2975 "policies": {
2976 "ExtensionSettings": {
2977 "*": {
2978 "blocked_install_message": "Custom error message.",
2979 "install_sources": ["https://yourwebsite.com/*"],
2980 "installation_mode": "blocked",
2981 "allowed_types": ["extension"]
2982 },
2983 "uBlock0@raymondhill.net": {
2984 "installation_mode": "force_installed",
2985 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2986 },
2987 "https-everywhere@eff.org": {
2988 "installation_mode": "allowed",
2989 "updates_disabled": false
2990 }
2991 }
2992 }
2993 }
2994 ```
2995 ### ExtensionUpdate
2996 Control extension updates.
2997
2998 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2999 **CCK2 Equivalent:** N/A\
3000 **Preferences Affected:** `extensions.update.enabled`
3001
3002 #### Windows (GPO)
3003 ```
3004 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
3005 ```
3006 #### Windows (Intune)
3007 OMA-URI:
3008 ```
3009 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
3010 ```
3011 Value (string):
3012 ```
3013 <enabled/> or <disabled/>
3014 ```
3015 #### macOS
3016 ```
3017 <dict>
3018 <key>ExtensionUpdate</key>
3019 <true/> | <false/>
3020 </dict>
3021 ```
3022 #### policies.json
3023 ```
3024 {
3025 "policies": {
3026 "ExtensionUpdate": true | false
3027 }
3028 }
3029 ```
3030 ### FirefoxHome
3031 Customize the Firefox Home page.
3032
3033 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4, Snippets was deprecated in Firefox 122)
3034 **CCK2 Equivalent:** N/A\
3035 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
3036
3037 #### Windows (GPO)
3038 ```
3039 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
3040 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
3041 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
3042 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
3043 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
3044 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
3045 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
3046 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
3047 ```
3048 #### Windows (Intune)
3049 OMA-URI:
3050 ```
3051 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
3052 ```
3053 Value (string):
3054 ```
3055 <enabled/>
3056 <data id="FirefoxHome_Search" value="true | false"/>
3057 <data id="FirefoxHome_TopSites" value="true | false"/>
3058 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3059 <data id="FirefoxHome_Highlights" value="true | false"/>
3060 <data id="FirefoxHome_Pocket" value="true | false"/>
3061 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3062 <data id="FirefoxHome_Snippets" value="true | false"/>
3063 <data id="FirefoxHome_Locked" value="true | false"/>
3064 ```
3065 #### macOS
3066 ```
3067 <dict>
3068 <key>FirefoxHome</key>
3069 <dict>
3070 <key>Search</key>
3071 <true/> | <false/>
3072 <key>TopSites</key>
3073 <true/> | <false/>
3074 <key>SponsoredTopSites</key>
3075 <true/> | <false/>
3076 <key>Highlights</key>
3077 <true/> | <false/>
3078 <key>Pocket</key>
3079 <true/> | <false/>
3080 <key>SponsoredPocket</key>
3081 <true/> | <false/>
3082 <key>Snippets</key>
3083 <true/> | <false/>
3084 <key>Locked</key>
3085 <true/> | <false/>
3086 </dict>
3087 </dict>
3088 ```
3089 #### policies.json
3090 ```
3091 {
3092 "policies": {
3093 "FirefoxHome": {
3094 "Search": true | false,
3095 "TopSites": true | false,
3096 "SponsoredTopSites": true | false,
3097 "Highlights": true | false,
3098 "Pocket": true | false,
3099 "SponsoredPocket": true | false,
3100 "Snippets": true | false,
3101 "Locked": true | false
3102 }
3103 }
3104 }
3105 ```
3106 ### FirefoxSuggest
3107 Customize Firefox Suggest (US only).
3108
3109 **Compatibility:** Firefox 118, Firefox ESR 115.3.
3110 **CCK2 Equivalent:** N/A\
3111 **Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled`
3112
3113 #### Windows (GPO)
3114 ```
3115 Software\Policies\Mozilla\Firefox\FirefoxSuggest\WebSuggestions = 0x1 | 0x0
3116 Software\Policies\Mozilla\Firefox\FirefoxSuggest\SponsoredSuggestions = 0x1 | 0x0
3117 Software\Policies\Mozilla\Firefox\FirefoxSuggest\ImproveSuggest = 0x1 | 0x0
3118 Software\Policies\Mozilla\Firefox\FirefoxSuggest\Locked = 0x1 | 0x0
3119 ```
3120 #### Windows (Intune)
3121 OMA-URI:
3122 ```
3123 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/WebSuggestions
3124 ```
3125 Value (string):
3126 ```
3127 <enabled/> or <disabled/>
3128 ```
3129 OMA-URI:
3130 ```
3131 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/SponsoredSuggestions
3132 ```
3133 Value (string):
3134 ```
3135 <enabled/> or <disabled/>
3136 ```
3137 OMA-URI:
3138 ```
3139 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/ImproveSuggest
3140 ```
3141 Value (string):
3142 ```
3143 <enabled/> or <disabled/>
3144 ```
3145 OMA-URI:
3146 ```
3147 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~FirefoxSuggest/Locked
3148 ```
3149 Value (string):
3150 ```
3151 <enabled/> or <disabled/>
3152 ```
3153 #### macOS
3154 ```
3155 <dict>
3156 <key>FirefoxSuggest</key>
3157 <dict>
3158 <key>WebSuggestions</key>
3159 <true/> | <false/>
3160 <key>SponsoredSuggestions</key>
3161 <true/> | <false/>
3162 <key>ImproveSuggest</key>
3163 <true/> | <false/>
3164 <key>Locked</key>
3165 <true/> | <false/>
3166 </dict>
3167 </dict>
3168 ```
3169 #### policies.json
3170 ```
3171 {
3172 "policies": {
3173 "FirefoxSuggest": {
3174 "WebSuggestions": true | false,
3175 "SponsoredSuggestions": true | false,
3176 "ImproveSuggest": true | false,
3177 "Locked": true | false
3178 }
3179 }
3180 }
3181 ```
3182 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3183 Whether to always go through the DNS server before sending a single word search string to a search engine.
3184
3185 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3186
3187 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3188
3189 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3190
3191 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3192
3193 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3194
3195 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3196 **CCK2 Equivalent:** `N/A`\
3197 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3198
3199 #### Windows (GPO)
3200 ```
3201 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3202 ```
3203 #### Windows (Intune)
3204 OMA-URI:
3205 ```
3206 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3207 ```
3208 Value (string):
3209 ```
3210 <enabled/> or <disabled/>
3211 ```
3212 #### macOS
3213 ```
3214 <dict>
3215 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3216 <true/> | <false/>
3217 </dict>
3218 ```
3219 #### policies.json
3220 ```
3221 {
3222 "policies": {
3223 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3224 }
3225 }
3226 ```
3227 ### Handlers
3228 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3229
3230 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3231
3232 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3233
3234 | Name | Description |
3235 | --- | --- |
3236 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3237 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3238 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3239 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3240 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3241 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3242
3243 **Compatibility:** Firefox 78, Firefox ESR 78\
3244 **CCK2 Equivalent:** N/A\
3245 **Preferences Affected:** N/A
3246
3247 #### Windows (GPO)
3248 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3249 ```
3250 {
3251 "mimeTypes": {
3252 "application/msword": {
3253 "action": "useSystemDefault",
3254 "ask": true | false
3255 }
3256 },
3257 "schemes": {
3258 "mailto": {
3259 "action": "useHelperApp",
3260 "ask": true | false,
3261 "handlers": [{
3262 "name": "Gmail",
3263 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3264 }]
3265 }
3266 },
3267 "extensions": {
3268 "pdf": {
3269 "action": "useHelperApp",
3270 "ask": true | false,
3271 "handlers": [{
3272 "name": "Adobe Acrobat",
3273 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3274 }]
3275 }
3276 }
3277 }
3278 ```
3279 #### Windows (Intune)
3280 OMA-URI:
3281 ```
3282 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3283 ```
3284 Value (string):
3285 ```
3286 <enabled/>
3287 <data id="Handlers" value='
3288 {
3289 "mimeTypes": {
3290 "application/msword": {
3291 "action": "useSystemDefault",
3292 "ask": true | false
3293 }
3294 },
3295 "schemes": {
3296 "mailto": {
3297 "action": "useHelperApp",
3298 "ask": true | false,
3299 "handlers": [{
3300 "name": "Gmail",
3301 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3302 }]
3303 }
3304 },
3305 "extensions": {
3306 "pdf": {
3307 "action": "useHelperApp",
3308 "ask": true | false,
3309 "handlers": [{
3310 "name": "Adobe Acrobat",
3311 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3312 }]
3313 }
3314 }
3315 }
3316 '/>
3317 ```
3318 #### macOS
3319 ```
3320 <dict>
3321 <key>Handlers</key>
3322 <dict>
3323 <key>mimeTypes</key>
3324 <dict>
3325 <key>application/msword</key>
3326 <dict>
3327 <key>action</key>
3328 <string>useSystemDefault</string>
3329 <key>ask</key>
3330 <true/> | <false/>
3331 </dict>
3332 </dict>
3333 <key>schemes</key>
3334 <dict>
3335 <key>mailto</key>
3336 <dict>
3337 <key>action</key>
3338 <string>useHelperApp</string>
3339 <key>ask</key>
3340 <true/> | <false/>
3341 <key>handlers</key>
3342 <array>
3343 <dict>
3344 <key>name</key>
3345 <string>Gmail</string>
3346 <key>uriTemplate</key>
3347 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3348 </dict>
3349 </array>
3350 </dict>
3351 </dict>
3352 <key>extensions</key>
3353 <dict>
3354 <key>pdf</key>
3355 <dict>
3356 <key>action</key>
3357 <string>useHelperApp</string>
3358 <key>ask</key>
3359 <true/> | <false/>
3360 <key>handlers</key>
3361 <array>
3362 <dict>
3363 <key>name</key>
3364 <string>Adobe Acrobat</string>
3365 <key>path</key>
3366 <string>/System/Applications/Preview.app</string>
3367 </dict>
3368 </array>
3369 </dict>
3370 </dict>
3371 </dict>
3372 </dict>
3373 ```
3374 #### policies.json
3375 ```
3376 {
3377 "policies": {
3378 "Handlers": {
3379 "mimeTypes": {
3380 "application/msword": {
3381 "action": "useSystemDefault",
3382 "ask": false
3383 }
3384 },
3385 "schemes": {
3386 "mailto": {
3387 "action": "useHelperApp",
3388 "ask": true | false,
3389 "handlers": [{
3390 "name": "Gmail",
3391 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3392 }]
3393 }
3394 },
3395 "extensions": {
3396 "pdf": {
3397 "action": "useHelperApp",
3398 "ask": true | false,
3399 "handlers": [{
3400 "name": "Adobe Acrobat",
3401 "path": "/usr/bin/acroread"
3402 }]
3403 }
3404 }
3405 }
3406 }
3407 }
3408 ```
3409 ### HardwareAcceleration
3410 Control hardware acceleration.
3411
3412 **Compatibility:** Firefox 60, Firefox ESR 60\
3413 **CCK2 Equivalent:** N/A\
3414 **Preferences Affected:** `layers.acceleration.disabled`
3415
3416 #### Windows (GPO)
3417 ```
3418 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3419 ```
3420 #### Windows (Intune)
3421 OMA-URI:
3422 ```
3423 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3424 ```
3425 Value (string):
3426 ```
3427 <enabled/> or <disabled/>
3428 ```
3429 #### macOS
3430 ```
3431 <dict>
3432 <key>HardwareAcceleration</key>
3433 <true/> | <false/>
3434 </dict>
3435 ```
3436 #### policies.json
3437 ```
3438 {
3439 "policies": {
3440 "HardwareAcceleration": true | false
3441 }
3442 }
3443 ```
3444 ### Homepage
3445 Configure the default homepage and how Firefox starts.
3446
3447 `URL` is the default homepage.
3448
3449 `Locked` prevents the user from changing homepage preferences.
3450
3451 `Additional` allows for more than one homepage.
3452
3453 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3454
3455 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3456
3457 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3458 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3459 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3460
3461 #### Windows (GPO)
3462 ```
3463 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3464 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3465 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3466 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3467 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3468 ```
3469 #### Windows (Intune)
3470 OMA-URI:
3471 ```
3472 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3473 ```
3474 Value (string):
3475 ```
3476 <enabled/>
3477
3478 <data id="HomepageURL" value="https://example.com"/>
3479 <data id="HomepageLocked" value="true | false"/>
3480 ```
3481 OMA-URI:
3482 ```
3483 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3484 ```
3485 Value (string):
3486 ```
3487 <enabled/>
3488
3489 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3490 ```
3491 OMA-URI:
3492 ```
3493 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3494 ```
3495 Value (string):
3496 ```
3497 <enabled/>
3498
3499 <data id="StartPage" value="none | homepage | previous-session"/>
3500 ```
3501 #### macOS
3502 ```
3503 <dict>
3504 <key>Homepage</key>
3505 <dict>
3506 <key>URL</key>
3507 <string>http://example.com</string>
3508 <key>Locked</key>
3509 <true/> | <false/>
3510 <key>Additional</key>
3511 <array>
3512 <string>http://example.org</string>
3513 <string>http://example.edu</string>
3514 </array>
3515 <key>StartPage</key>
3516 <string>none | homepage | previous-session | homepage-locked</string>
3517 </dict>
3518 </dict>
3519 ```
3520 #### policies.json
3521 ```
3522 {
3523 "policies": {
3524 "Homepage": {
3525 "URL": "http://example.com/",
3526 "Locked": true | false,
3527 "Additional": ["http://example.org/",
3528 "http://example.edu/"],
3529 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3530 }
3531 }
3532 }
3533 ```
3534 ### InstallAddonsPermission
3535 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3536
3537 `Allow` is a list of origins where extension installs are allowed.
3538
3539 `Default` determines whether or not extension installs are allowed by default.
3540
3541 **Compatibility:** Firefox 60, Firefox ESR 60\
3542 **CCK2 Equivalent:** `permissions.install`\
3543 **Preferences Affected:** `xpinstall.enabled`
3544
3545 #### Windows (GPO)
3546 ```
3547 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3548 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3549 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3550 ```
3551 #### Windows (Intune)
3552 OMA-URI:
3553 ```
3554 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3555 ```
3556 Value (string):
3557 ```
3558 <enabled/>
3559 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3560 ```
3561 OMA-URI:
3562 ```
3563 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3564 ```
3565 Value (string):
3566 ```
3567 <enabled/>
3568 ```
3569 #### macOS
3570 ```
3571 <dict>
3572 <key>InstallAddonsPermission</key>
3573 <dict>
3574 <key>Allow</key>
3575 <array>
3576 <string>http://example.org</string>
3577 <string>http://example.edu</string>
3578 </array>
3579 <key>Default</key>
3580 <true/> | <false/>
3581 </dict>
3582 </dict>
3583 ```
3584 #### policies.json
3585 ```
3586 {
3587 "policies": {
3588 "InstallAddonsPermission": {
3589 "Allow": ["http://example.org/",
3590 "http://example.edu/"],
3591 "Default": true | false
3592 }
3593 }
3594 }
3595 ```
3596 ### LegacyProfiles
3597 Disable the feature enforcing a separate profile for each installation.
3598
3599 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3600
3601 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3602
3603 This policy only work on Windows via GPO (not policies.json).
3604
3605 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3606 **CCK2 Equivalent:** N/A\
3607 **Preferences Affected:** N/A
3608
3609 #### Windows (GPO)
3610 ```
3611 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3612 ```
3613 #### Windows (Intune)
3614 OMA-URI:
3615 ```
3616 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3617 ```
3618 Value (string):
3619 ```
3620 <enabled/> or <disabled/>
3621 ```
3622 ### LegacySameSiteCookieBehaviorEnabled
3623 Enable default legacy SameSite cookie behavior setting.
3624
3625 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3626
3627 **Compatibility:** Firefox 96\
3628 **CCK2 Equivalent:** N/A\
3629 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3630
3631 #### Windows (GPO)
3632 ```
3633 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3634 ```
3635 #### Windows (Intune)
3636 OMA-URI:
3637 ```
3638 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3639 ```
3640 Value (string):
3641 ```
3642 <enabled/> or <disabled/>
3643 ```
3644 #### macOS
3645 ```
3646 <dict>
3647 <key>LegacySameSiteCookieBehaviorEnabled</key>
3648 <true/> | <false/>
3649 </dict>
3650 ```
3651 #### policies.json
3652 ```
3653 {
3654 "policies": {
3655 "LegacySameSiteCookieBehaviorEnabled": true | false
3656 }
3657 ```
3658 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3659 Revert to legacy SameSite behavior for cookies on specified sites.
3660
3661 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3662
3663 **Compatibility:** Firefox 96\
3664 **CCK2 Equivalent:** N/A\
3665 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3666
3667 #### Windows (GPO)
3668 ```
3669 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3670 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3671 ```
3672 #### Windows (Intune)
3673 OMA-URI:
3674 ```
3675 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3676 ```
3677 Value (string):
3678 ```
3679 <enabled/>
3680 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3681 ```
3682 #### macOS
3683 ```
3684 <dict>
3685 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3686 <array>
3687 <string>example.org</string>
3688 <string>example.edu</string>
3689 </array>
3690 </dict>
3691 ```
3692 #### policies.json
3693 ```
3694 {
3695 "policies": {
3696 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3697 "example.edu"]
3698 }
3699 }
3700 ```
3701 ### LocalFileLinks
3702 Enable linking to local files by origin.
3703
3704 **Compatibility:** Firefox 68, Firefox ESR 68\
3705 **CCK2 Equivalent:** N/A\
3706 **Preferences Affected:** `capability.policy.localfilelinks.*`
3707
3708 #### Windows (GPO)
3709 ```
3710 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3711 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3712 ```
3713 #### Windows (Intune)
3714 OMA-URI:
3715 ```
3716 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3717 ```
3718 Value (string):
3719 ```
3720 <enabled/>
3721 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3722 ```
3723 #### macOS
3724 ```
3725 <dict>
3726 <key>LocalFileLinks</key>
3727 <array>
3728 <string>http://example.org</string>
3729 <string>http://example.edu</string>
3730 </array>
3731 </dict>
3732 ```
3733 #### policies.json
3734 ```
3735 {
3736 "policies": {
3737 "LocalFileLinks": ["http://example.org/",
3738 "http://example.edu/"]
3739 }
3740 }
3741 ```
3742 ### ManagedBookmarks
3743 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3744
3745 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3746
3747 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3748 ```
3749 {
3750 "items": {
3751 "id": "BookmarkType",
3752 "properties": {
3753 "children": {
3754 "items": {
3755 "$ref": "BookmarkType"
3756 },
3757 "type": "array"
3758 },
3759 "name": {
3760 "type": "string"
3761 },
3762 "toplevel_name": {
3763 "type": "string"
3764 },
3765 "url": {
3766 "type": "string"
3767 }
3768 },
3769 "type": "object"
3770 },
3771 "type": "array"
3772 }
3773 ```
3774 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3775 **CCK2 Equivalent:** N/A\
3776 **Preferences Affected:** N/A
3777
3778 #### Windows (GPO)
3779 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3780 ```
3781 [
3782 {
3783 "toplevel_name": "My managed bookmarks folder"
3784 },
3785 {
3786 "url": "example.com",
3787 "name": "Example"
3788 },
3789 {
3790 "name": "Mozilla links",
3791 "children": [
3792 {
3793 "url": "https://mozilla.org",
3794 "name": "Mozilla.org"
3795 },
3796 {
3797 "url": "https://support.mozilla.org/",
3798 "name": "SUMO"
3799 }
3800 ]
3801 }
3802 ]
3803 ```
3804 #### Windows (Intune)
3805 OMA-URI:
3806 ```
3807 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3808 ```
3809 Value (string):
3810 ```
3811 <enabled/>
3812 <data id="JSON" value='
3813 [
3814 {
3815 "toplevel_name": "My managed bookmarks folder"
3816 },
3817 {
3818 "url": "example.com",
3819 "name": "Example"
3820 },
3821 {
3822 "name": "Mozilla links",
3823 "children": [
3824 {
3825 "url": "https://mozilla.org",
3826 "name": "Mozilla.org"
3827 },
3828 {
3829 "url": "https://support.mozilla.org/",
3830 "name": "SUMO"
3831 }
3832 ]
3833 }
3834 ]'/>
3835 ```
3836 #### macOS
3837 ```
3838 <dict>
3839 <key>ManagedBookmarks</key>
3840 <array>
3841 <dict>
3842 <key>toplevel_name</key>
3843 <string>My managed bookmarks folder</string>
3844 <dict>
3845 <key>url</key>
3846 <string>example.com</string>
3847 <key>name</key>
3848 <string>Example</string>
3849 </dict>
3850 <dict>
3851 <key>name</key>
3852 <string>Mozilla links</string>
3853 <key>children</key>
3854 <array>
3855 <dict>
3856 <key>url</key>
3857 <string>https://mozilla.org</string>
3858 <key>name</key>
3859 <string>Mozilla</string>
3860 </dict>
3861 <dict>
3862 <key>url</key>
3863 <string>https://support.mozilla.org/</string>
3864 <key>name</key>
3865 <string>SUMO</string>
3866 </dict>
3867 </array>
3868 </dict>
3869 </array>
3870 </dict>
3871 ```
3872 #### policies.json
3873 ```
3874 {
3875 "policies": {
3876 "ManagedBookmarks": [
3877 {
3878 "toplevel_name": "My managed bookmarks folder"
3879 },
3880 {
3881 "url": "example.com",
3882 "name": "Example"
3883 },
3884 {
3885 "name": "Mozilla links",
3886 "children": [
3887 {
3888 "url": "https://mozilla.org",
3889 "name": "Mozilla.org"
3890 },
3891 {
3892 "url": "https://support.mozilla.org/",
3893 "name": "SUMO"
3894 }
3895 ]
3896 }
3897 ]
3898 }
3899 }
3900 ```
3901 ### ManualAppUpdateOnly
3902
3903 Switch to manual updates only.
3904
3905 If this policy is enabled:
3906 1. The user will never be prompted to install updates
3907 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3908 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3909
3910 This policy is primarily intended for advanced end users, not for enterprises, but it is available via GPO.
3911
3912 **Compatibility:** Firefox 87\
3913 **CCK2 Equivalent:** N/A\
3914 **Preferences Affected:** N/A
3915
3916 #### Windows (GPO)
3917 ```
3918 Software\Policies\Mozilla\Firefox\ManualAppUpdateOnly = 0x1 | 0x0
3919 ```
3920 #### Windows (Intune)
3921 OMA-URI:
3922 ```
3923 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManualAppUpdateOnly
3924 ```
3925 Value (string):
3926 ```
3927 <enabled/> or <disabled/>
3928 ```
3929 #### macOS
3930 ```
3931 <dict>
3932 <key>ManualAppUpdateOnly</key>
3933 <true/> | <false/>
3934 </dict>
3935 ```
3936 #### policies.json
3937 ```
3938 {
3939 "policies": {
3940 "ManualAppUpdateOnly": true | false
3941 }
3942 }
3943 ```
3944 ### NetworkPrediction
3945 Enable or disable network prediction (DNS prefetching).
3946
3947 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3948 **CCK2 Equivalent:** N/A\
3949 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3950
3951 #### Windows (GPO)
3952 ```
3953 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3954 ```
3955 #### Windows (Intune)
3956 OMA-URI:
3957 ```
3958 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3959 ```
3960 Value (string):
3961 ```
3962 <enabled/> or <disabled/>
3963 ```
3964 #### macOS
3965 ```
3966 <dict>
3967 <key>NetworkPrediction</key>
3968 <true/> | <false/>
3969 </dict>
3970 ```
3971 #### policies.json
3972 ```
3973 {
3974 "policies": {
3975 "NetworkPrediction": true | false
3976 }
3977 ```
3978 ### NewTabPage
3979 Enable or disable the New Tab page.
3980
3981 **Compatibility:** Firefox 68, Firefox ESR 68\
3982 **CCK2 Equivalent:** N/A\
3983 **Preferences Affected:** `browser.newtabpage.enabled`
3984
3985 #### Windows (GPO)
3986 ```
3987 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3988 ```
3989 #### Windows (Intune)
3990 OMA-URI:
3991 ```
3992 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3993 ```
3994 Value (string):
3995 ```
3996 <enabled/> or <disabled/>
3997 ```
3998 #### macOS
3999 ```
4000 <dict>
4001 <key>NewTabPage</key>
4002 <true/> | <false/>
4003 </dict>
4004 ```
4005 #### policies.json
4006 ```
4007 {
4008 "policies": {
4009 "NewTabPage": true | false
4010 }
4011 ```
4012 ### NoDefaultBookmarks
4013 Disable the creation of default bookmarks.
4014
4015 This policy is only effective if the user profile has not been created yet.
4016
4017 **Compatibility:** Firefox 60, Firefox ESR 60\
4018 **CCK2 Equivalent:** `removeDefaultBookmarks`\
4019 **Preferences Affected:** N/A
4020
4021 #### Windows (GPO)
4022 ```
4023 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
4024 ```
4025 #### Windows (Intune)
4026 OMA-URI:
4027 ```
4028 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
4029 ```
4030 Value (string):
4031 ```
4032 <enabled/> or <disabled/>
4033 ```
4034 #### macOS
4035 ```
4036 <dict>
4037 <key>NoDefaultBookmarks</key>
4038 <true/> | <false/>
4039 </dict>
4040 ```
4041 #### policies.json
4042 ```
4043 {
4044 "policies": {
4045 "NoDefaultBookmarks": true | false
4046 }
4047 }
4048 ```
4049 ### OfferToSaveLogins
4050 Control whether or not Firefox offers to save passwords.
4051
4052 **Compatibility:** Firefox 60, Firefox ESR 60\
4053 **CCK2 Equivalent:** `dontRememberPasswords`\
4054 **Preferences Affected:** `signon.rememberSignons`
4055
4056 #### Windows (GPO)
4057 ```
4058 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
4059 ```
4060 #### Windows (Intune)
4061 OMA-URI:
4062 ```
4063 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
4064 ```
4065 Value (string):
4066 ```
4067 <enabled/> or <disabled/>
4068 ```
4069 #### macOS
4070 ```
4071 <dict>
4072 <key>OfferToSaveLogins</key>
4073 <true/> | <false/>
4074 </dict>
4075 ```
4076 #### policies.json
4077 ```
4078 {
4079 "policies": {
4080 "OfferToSaveLogins": true | false
4081 }
4082 }
4083 ```
4084 ### OfferToSaveLoginsDefault
4085 Sets the default value of signon.rememberSignons without locking it.
4086
4087 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4088 **CCK2 Equivalent:** `dontRememberPasswords`\
4089 **Preferences Affected:** `signon.rememberSignons`
4090
4091 #### Windows (GPO)
4092 ```
4093 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4094 ```
4095 #### Windows (Intune)
4096 OMA-URI:
4097 ```
4098 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4099 ```
4100 Value (string):
4101 ```
4102 <enabled/> or <disabled/>
4103 ```
4104 #### macOS
4105 ```
4106 <dict>
4107 <key>OfferToSaveLoginsDefault</key>
4108 <true/> | <false/>
4109 </dict>
4110 ```
4111 #### policies.json
4112 ```
4113 {
4114 "policies": {
4115 "OfferToSaveLoginsDefault": true | false
4116 }
4117 }
4118 ```
4119 ### OverrideFirstRunPage
4120 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4121
4122 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4123
4124 **Compatibility:** Firefox 60, Firefox ESR 60\
4125 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4126 **Preferences Affected:** `startup.homepage_welcome_url`
4127
4128 #### Windows (GPO)
4129 ```
4130 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4131 ```
4132 #### Windows (Intune)
4133 OMA-URI:
4134 ```
4135 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4136 ```
4137 Value (string):
4138 ```
4139 <enabled/>
4140 <data id="OverridePage" value="https://example.com"/>
4141 ```
4142 #### macOS
4143 ```
4144 <dict>
4145 <key>OverrideFirstRunPage</key>
4146 <string>http://example.org</string>
4147 </dict>
4148 ```
4149 #### policies.json
4150 ```
4151 {
4152 "policies": {
4153 "OverrideFirstRunPage": "http://example.org"
4154 }
4155 }
4156 ```
4157 ### OverridePostUpdatePage
4158 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4159
4160 **Compatibility:** Firefox 60, Firefox ESR 60\
4161 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4162 **Preferences Affected:** `startup.homepage_override_url`
4163
4164 #### Windows (GPO)
4165 ```
4166 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4167 ```
4168 #### Windows (Intune)
4169 OMA-URI:
4170 ```
4171 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4172 ```
4173 Value (string):
4174 ```
4175 <enabled/>
4176 <data id="OverridePage" value="https://example.com"/>
4177 ```
4178 #### macOS
4179 ```
4180 <dict>
4181 <key>OverridePostUpdatePage</key>
4182 <string>http://example.org</string>
4183 </dict>
4184 ```
4185 #### policies.json
4186 ```
4187 {
4188 "policies": {
4189 "OverridePostUpdatePage": "http://example.org"
4190 }
4191 }
4192 ```
4193 ### PasswordManagerEnabled
4194 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4195
4196 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4197 **CCK2 Equivalent:** N/A\
4198 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4199
4200 #### Windows (GPO)
4201 ```
4202 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4203 ```
4204 #### Windows (Intune)
4205 OMA-URI:
4206 ```
4207 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4208 ```
4209 Value (string):
4210 ```
4211 <enabled/> or <disabled/>
4212 ```
4213 #### macOS
4214 ```
4215 <dict>
4216 <key>PasswordManagerEnabled</key>
4217 <true/> | <false/>
4218 </dict>
4219 ```
4220 #### policies.json
4221 ```
4222 {
4223 "policies": {
4224 "PasswordManagerEnabled": true | false
4225 }
4226 }
4227 ```
4228 ### PasswordManagerExceptions
4229 Prevent Firefox from saving passwords for specific sites.
4230
4231 The sites are specified as a list of origins.
4232
4233 **Compatibility:** Firefox 101\
4234 **CCK2 Equivalent:** N/A\
4235 **Preferences Affected:** N/A
4236
4237 #### Windows (GPO)
4238 ```
4239 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4240 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4241 ```
4242 #### Windows (Intune)
4243 OMA-URI:
4244 ```
4245 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4246 ```
4247 Value (string):
4248 ```
4249 <enabled/>
4250 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4251 ```
4252 #### macOS
4253 ```
4254 <dict>
4255 <key>PasswordManagerExceptions</key>
4256 <array>
4257 <string>https://example.org</string>
4258 <string>https://example.edu</string>
4259 </array>
4260 </dict>
4261 ```
4262 #### policies.json
4263 ```
4264 {
4265 "policies": {
4266 "PasswordManagerExceptions": ["https://example.org",
4267 "https://example.edu"]
4268 }
4269 }
4270 ```
4271
4272 ### PDFjs
4273 Disable or configure PDF.js, the built-in PDF viewer.
4274
4275 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4276
4277 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4278
4279 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4280
4281 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4282 **CCK2 Equivalent:** N/A\
4283 **Preferences Affected:** `pdfjs.disabled`, `pdfjs.enablePermissions`
4284
4285 #### Windows (GPO)
4286 ```
4287 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4288 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4289 ```
4290 #### Windows (Intune)
4291 OMA-URI:
4292 ```
4293 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4294 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4295 ```
4296 Value (string):
4297 ```
4298 <enabled/>or <disabled/>
4299 ```
4300 #### macOS
4301 ```
4302 <dict>
4303 <key>PDFjs</key>
4304 <dict>
4305 <key>Enabled</key>
4306 <true/> | <false/>
4307 <key>EnablePermissions</key>
4308 <true/> | <false/>
4309 </dict>
4310 </dict>
4311 ```
4312 #### policies.json
4313 ```
4314 {
4315 "policies": {
4316 "PDFjs": {
4317 "Enabled": true | false,
4318 "EnablePermissions": true | false
4319 }
4320 }
4321 }
4322 ```
4323 ### Permissions
4324 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4325
4326 `Allow` is a list of origins where the feature is allowed.
4327
4328 `Block` is a list of origins where the feature is not allowed.
4329
4330 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4331
4332 `Locked` prevents the user from changing preferences for the feature.
4333
4334 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4335
4336 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4337 **CCK2 Equivalent:** N/A\
4338 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4339
4340 #### Windows (GPO)
4341 ```
4342 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4343 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4344 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4345 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4346 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4347 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4348 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4349 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4350 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4351 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4352 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4353 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4354 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4355 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4356 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4357 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4358 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4359 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4360 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4361 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4362 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4363 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4364 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4365 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4366 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4367 ```
4368 #### Windows (Intune)
4369 OMA-URI:
4370 ```
4371 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4372 ```
4373 Value (string):
4374 ```
4375 <enabled/> or <disabled/>
4376 ```
4377 OMA-URI:
4378 ```
4379 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4380 ```
4381 Value (string):
4382 ```
4383 <enabled/> or <disabled/>
4384 ```
4385 OMA-URI:
4386 ```
4387 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4388 ```
4389 Value (string):
4390 ```
4391 <enabled/>
4392 <data id="Permissions" value="1&#xF000;https://example.org"/>
4393 ```
4394 OMA-URI:
4395 ```
4396 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4397 ```
4398 Value (string):
4399 ```
4400 <enabled/> or <disabled/>
4401 ```
4402 OMA-URI:
4403 ```
4404 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4405 ```
4406 Value (string):
4407 ```
4408 <enabled/> or <disabled/>
4409 ```
4410 OMA-URI:
4411 ```
4412 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4413 ```
4414 Value (string):
4415 ```
4416 <enabled/>
4417 <data id="Permissions" value="1&#xF000;https://example.org"/>
4418 ```
4419 OMA-URI:
4420 ```
4421 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4422 ```
4423 Value (string):
4424 ```
4425 <enabled/>
4426 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4427 ```
4428 OMA-URI:
4429 ```
4430 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4431 ```
4432 Value (string):
4433 ```
4434 <enabled/>
4435 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4436 ```
4437 OMA-URI:
4438 ```
4439 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4440 ```
4441 Value (string):
4442 ```
4443 <enabled/> or <disabled/>
4444 ```
4445 OMA-URI:
4446 ```
4447 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4448 ```
4449 Value (string):
4450 ```
4451 <enabled/>
4452 <data id="Permissions" value="1&#xF000;https://example.org"/>
4453 ```
4454 OMA-URI:
4455 ```
4456 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4457 ```
4458 Value (string):
4459 ```
4460 <enabled/>
4461 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4462 ```
4463 OMA-URI:
4464 ```
4465 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4466 ```
4467 Value (string):
4468 ```
4469 <enabled/> or <disabled/>
4470 ```
4471 OMA-URI:
4472 ```
4473 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4474 ```
4475 Value (string):
4476 ```
4477 <enabled/> or <disabled/>
4478 ```
4479 #### macOS
4480 ```
4481 <dict>
4482 <key>Permissions</key>
4483 <dict>
4484 <key>Camera</key>
4485 <dict>
4486 <key>Allow</key>
4487 <array>
4488 <string>https://example.org</string>
4489 <string>https://example.org:1234</string>
4490 </array>
4491 <key>Block</key>
4492 <array>
4493 <string>https://example.edu</string>
4494 </array>
4495 <key>BlockNewRequests</key>
4496 <true/> | <false/>
4497 <key>Locked</key>
4498 <true/> | <false/>
4499 </dict>
4500 <key>Microphone</key>
4501 <dict>
4502 <key>Allow</key>
4503 <array>
4504 <string>https://example.org</string>
4505 </array>
4506 <key>Block</key>
4507 <array>
4508 <string>https://example.edu</string>
4509 </array>
4510 <key>BlockNewRequests</key>
4511 <true/> | <false/>
4512 <key>Locked</key>
4513 <true/> | <false/>
4514 </dict>
4515 <key>Location</key>
4516 <dict>
4517 <key>Allow</key>
4518 <array>
4519 <string>https://example.org</string>
4520 </array>
4521 <key>Block</key>
4522 <array>
4523 <string>https://example.edu</string>
4524 </array>
4525 <key>BlockNewRequests</key>
4526 <true/> | <false/>
4527 <key>Locked</key>
4528 <true/> | <false/>
4529 </dict>
4530 <key>Notifications</key>
4531 <dict>
4532 <key>Allow</key>
4533 <array>
4534 <string>https://example.org</string>
4535 </array>
4536 <key>Block</key>
4537 <array>
4538 <string>https://example.edu</string>
4539 </array>
4540 <key>BlockNewRequests</key>
4541 <true/>
4542 <key>Locked</key>
4543 <true/>
4544 </dict>
4545 <key>Autoplay</key>
4546 <dict>
4547 <key>Allow</key>
4548 <array>
4549 <string>https://example.org</string>
4550 </array>
4551 <key>Block</key>
4552 <array>
4553 <string>https://example.edu</string>
4554 </array>
4555 <key>Default</key>
4556 <string>allow-audio-video | block-audio | block-audio-video</string>
4557 <key>Locked</key>
4558 <true/> | <false/>
4559 </dict>
4560 </dict>
4561 </dict>
4562 ```
4563 #### policies.json
4564 ```
4565 {
4566 "policies": {
4567 "Permissions": {
4568 "Camera": {
4569 "Allow": ["https://example.org","https://example.org:1234"],
4570 "Block": ["https://example.edu"],
4571 "BlockNewRequests": true | false,
4572 "Locked": true | false
4573 },
4574 "Microphone": {
4575 "Allow": ["https://example.org"],
4576 "Block": ["https://example.edu"],
4577 "BlockNewRequests": true | false,
4578 "Locked": true | false
4579 },
4580 "Location": {
4581 "Allow": ["https://example.org"],
4582 "Block": ["https://example.edu"],
4583 "BlockNewRequests": true | false,
4584 "Locked": true | false
4585 },
4586 "Notifications": {
4587 "Allow": ["https://example.org"],
4588 "Block": ["https://example.edu"],
4589 "BlockNewRequests": true | false,
4590 "Locked": true | false
4591 },
4592 "Autoplay": {
4593 "Allow": ["https://example.org"],
4594 "Block": ["https://example.edu"],
4595 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4596 "Locked": true | false
4597 }
4598 }
4599 }
4600 }
4601 ```
4602 ### PictureInPicture
4603
4604 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4605
4606 **Compatibility:** Firefox 78, Firefox ESR 78\
4607 **CCK2 Equivalent:** N/A\
4608 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4609
4610 #### Windows (GPO)
4611 ```
4612 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4613 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4614
4615 ```
4616 #### Windows (Intune)
4617 OMA-URI:
4618 ```
4619 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4620 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4621 ```
4622 Value (string):
4623 ```
4624 <enabled/> or <disabled/>
4625 ```
4626 #### macOS
4627 ```
4628 <dict>
4629 <key>PictureInPicture</key>
4630 <dict>
4631 <key>Enabled</key>
4632 <true/> | <false/>
4633 <key>Locked</key>
4634 <true/> | <false/>
4635 </dict>
4636 </dict>
4637 ```
4638 #### policies.json
4639 ```
4640 {
4641 "policies": {
4642 "PictureInPicture": {
4643 "Enabled": true | false,
4644 "Locked": true | false
4645 }
4646 }
4647 }
4648 ```
4649 ### PopupBlocking
4650 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4651
4652 `Allow` is a list of origins where popup-windows are allowed.
4653
4654 `Default` determines whether or not pop-up windows are allowed by default.
4655
4656 `Locked` prevents the user from changing pop-up preferences.
4657
4658 **Compatibility:** Firefox 60, Firefox ESR 60\
4659 **CCK2 Equivalent:** `permissions.popup`\
4660 **Preferences Affected:** `dom.disable_open_during_load`
4661
4662 #### Windows (GPO)
4663 ```
4664 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4665 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4666 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4667 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4668 ```
4669 #### Windows (Intune)
4670 OMA-URI:
4671 ```
4672 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4673 ```
4674 Value (string):
4675 ```
4676 <enabled/>
4677 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4678 ```
4679 OMA-URI:
4680 ```
4681 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4682 ```
4683 Value (string):
4684 ```
4685 <enabled/> or <disabled/>
4686 ```
4687 OMA-URI:
4688 ```
4689 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4690 ```
4691 Value (string):
4692 ```
4693 <enabled/> or <disabled/>
4694 ```
4695 #### macOS
4696 ```
4697 <dict>
4698 <key>PopupBlocking</key>
4699 <dict>
4700 <key>Allow</key>
4701 <array>
4702 <string>http://example.org</string>
4703 <string>http://example.edu</string>
4704 </array>
4705 <key>Default</key>
4706 <true/> | <false/>
4707 <key>Locked</key>
4708 <true/> | <false/>
4709 </dict>
4710 </dict>
4711 ```
4712 #### policies.json
4713 ```
4714 {
4715 "policies": {
4716 "PopupBlocking": {
4717 "Allow": ["http://example.org/",
4718 "http://example.edu/"],
4719 "Default": true | false,
4720 "Locked": true | false
4721 }
4722 }
4723 }
4724 ```
4725 ### Preferences
4726 Set and lock preferences.
4727
4728 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4729
4730 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4731
4732 Preferences that start with the following prefixes are supported:
4733 ```
4734 accessibility.
4735 alerts.* (Firefox 122, Firefox ESR 115.7)
4736 app.update.* (Firefox 86, Firefox ESR 78.8)
4737 browser.
4738 datareporting.policy.
4739 dom.
4740 extensions.
4741 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4742 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4743 geo.
4744 gfx.
4745 intl.
4746 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4747 layers.
4748 layout.
4749 media.
4750 network.
4751 pdfjs. (Firefox 84, Firefox ESR 78.6)
4752 places.
4753 pref.
4754 print.
4755 signon. (Firefox 83, Firefox ESR 78.5)
4756 spellchecker. (Firefox 84, Firefox ESR 78.6)
4757 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4758 ui.
4759 widget.
4760 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4761 xpinstall.whitelist.required (Firefox 118, Firefox ESR 115.3)
4762 ```
4763 as well as the following security preferences:
4764
4765 | Preference | Type | Default
4766 | --- | --- | --- |
4767 | security.default_personal_cert | string | Ask Every Time
4768 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4769 | security.disable_button.openCertManager | string | N/A
4770 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the View Certificates button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4771 | security.disable_button.openDeviceManager | string | N/A
4772 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true and locked, the Security Devices button in preferences is disabled (Firefox 121, Firefox ESR 115.6)
4773 | security.insecure_connection_text.enabled | bool | false
4774 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4775 | security.insecure_connection_text.pbmode.enabled | bool | false
4776 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4777 | security.mixed_content.block_active_content | boolean | true
4778 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4779 | security.osclientcerts.autoload | boolean | false
4780 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4781 | security.OCSP.enabled | integer | 1
4782 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4783 | security.OCSP.require | boolean | false
4784 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4785 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4786 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4787 | security.ssl.enable_ocsp_stapling | boolean | true
4788 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4789 | security.ssl.errorReporting.enabled | boolean | true
4790 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4791 | security.ssl.require_safe_negotiation | boolean | false
4792 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4793 | security.tls.enable_0rtt_data | boolean | true
4794 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4795 | security.tls.hello_downgrade_check | boolean | true
4796 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4797 | security.tls.version.enable-deprecated | boolean | false
4798 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4799 | security.warn_submit_secure_to_insecure | boolean | true
4800 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4801
4802 Using the preference as the key, set the `Value` to the corresponding preference value.
4803
4804 `Status` can be "default", "locked", "user" or "clear"
4805
4806 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4807 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4808 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4809 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4810
4811 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4812
4813 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4814
4815 You can also set the `Type` starting in Firefox 123 and Firefox ESR 115.8. It can be `number`, `boolean` or `string`. This is especially useful if you are seeing 0 or 1 values being converted to booleans when set as user preferences.
4816
4817 See the examples below for more detail.
4818
4819 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4820
4821 Status
4822 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4823 **CCK2 Equivalent:** `preferences`\
4824 **Preferences Affected:** Many
4825
4826 #### Windows (GPO)
4827 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4828 ```
4829 {
4830 "accessibility.force_disabled": {
4831 "Value": 1,
4832 "Status": "default",
4833 "Type": "number"
4834
4835 },
4836 "browser.cache.disk.parent_directory": {
4837 "Value": "SOME_NATIVE_PATH",
4838 "Status": "user"
4839 },
4840 "browser.tabs.warnOnClose": {
4841 "Value": false,
4842 "Status": "locked"
4843 }
4844 }
4845 ```
4846 #### Windows (Intune)
4847 OMA-URI:
4848 ```
4849 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4850 ```
4851 Value (string):
4852 ```
4853 <enabled/>
4854 <data id="JSON" value='
4855 {
4856 "accessibility.force_disabled": {
4857 "Value": 1,
4858 "Status": "default",
4859 "Type": "number"
4860 },
4861 "browser.cache.disk.parent_directory": {
4862 "Value": "SOME_NATIVE_PATH",
4863 "Status": "user"
4864 },
4865 "browser.tabs.warnOnClose": {
4866 "Value": false,
4867 "Status": "locked"
4868 }
4869 }'/>
4870 ```
4871 #### macOS
4872 ```
4873 <dict>
4874 <key>Preferences</key>
4875 <dict>
4876 <key>accessibility.force_disabled</key>
4877 <dict>
4878 <key>Value</key>
4879 <integer>1</integer>
4880 <key>Status</key>
4881 <string>default</string>
4882 <key>Type</key>
4883 <string>number</string>
4884 </dict>
4885 <key>browser.cache.disk.parent_directory</key>
4886 <dict>
4887 <key>Value</key>
4888 <string>SOME_NATIVE_PATH</string>
4889 <key>Status</key>
4890 <string>user</string>
4891 </dict>
4892 <key>browser.tabs.warnOnClose</key>
4893 <dict>
4894 <key>Value</key>
4895 <false/>
4896 <key>Status</key>
4897 <string>locked</string>
4898 </dict>
4899 </dict>
4900 </dict>
4901 ```
4902 #### policies.json
4903 ```
4904 {
4905 "policies": {
4906 "Preferences": {
4907 "accessibility.force_disabled": {
4908 "Value": 1,
4909 "Status": "default"
4910 "Type": "number"
4911 },
4912 "browser.cache.disk.parent_directory": {
4913 "Value": "SOME_NATIVE_PATH",
4914 "Status": "user"
4915 },
4916 "browser.tabs.warnOnClose": {
4917 "Value": false,
4918 "Status": "locked"
4919 }
4920 }
4921 }
4922 }
4923 ```
4924 ### PrimaryPassword
4925 Require or prevent using a primary (formerly master) password.
4926
4927 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4928
4929 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4930
4931 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4932 **CCK2 Equivalent:** `noMasterPassword`\
4933 **Preferences Affected:** N/A
4934
4935 #### Windows (GPO)
4936 ```
4937 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4938 ```
4939 #### Windows (Intune)
4940 OMA-URI:
4941 ```
4942 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4943 ```
4944 Value (string):
4945 ```
4946 <enabled/> or <disabled/>
4947 ```
4948 #### macOS
4949 ```
4950 <dict>
4951 <key>PrimaryPassword</key>
4952 <true/> | <false/>
4953 </dict>
4954 ```
4955 #### policies.json
4956 ```
4957 {
4958 "policies": {
4959 "PrimaryPassword": true | false
4960 }
4961 }
4962 ```
4963 ### PrintingEnabled
4964 Enable or disable printing.
4965
4966 **Compatibility:** Firefox 120, Firefox ESR 115.5\
4967 **CCK2 Equivalent:** N/A\
4968 **Preferences Affected:** `print.enabled`
4969
4970 #### Windows (GPO)
4971 ```
4972 Software\Policies\Mozilla\Firefox\PrintingEnabled = 0x1 | 0x0
4973 ```
4974 #### Windows (Intune)
4975 OMA-URI:
4976 ```
4977 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrintingEnabled
4978 ```
4979 Value (string):
4980 ```
4981 <enabled/> or <disabled/>
4982 ```
4983 #### macOS
4984 ```
4985 <dict>
4986 <key>PrintingEnabled</key>
4987 <true/> | <false/>
4988 </dict>
4989 ```
4990 #### policies.json
4991 ```
4992 {
4993 "policies": {
4994 "PrintingEnabled": true | false
4995 }
4996 }
4997 ```
4998 ### PromptForDownloadLocation
4999 Ask where to save each file before downloading.
5000
5001 **Compatibility:** Firefox 68, Firefox ESR 68\
5002 **CCK2 Equivalent:** N/A\
5003 **Preferences Affected:** `browser.download.useDownloadDir`
5004
5005 #### Windows (GPO)
5006 ```
5007 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
5008 ```
5009 #### Windows (Intune)
5010 OMA-URI:
5011 ```
5012 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
5013 ```
5014 Value (string):
5015 ```
5016 <enabled/> or <disabled/>
5017 ```
5018 #### macOS
5019 ```
5020 <dict>
5021 <key>PromptForDownloadLocation</key>
5022 <true/> | <false/>
5023 </dict>
5024 ```
5025 #### policies.json
5026 ```
5027 {
5028 "policies": {
5029 "PromptForDownloadLocation": true | false
5030 }
5031 }
5032 ```
5033 ### Proxy
5034 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5035 To specify ports, append them to the hostnames with a colon (:).
5036
5037 Unless you lock this policy, changes the user already has in place will take effect.
5038
5039 `Mode` is the proxy method being used.
5040
5041 `Locked` is whether or not proxy settings can be changed.
5042
5043 `HTTPProxy` is the HTTP proxy server.
5044
5045 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5046
5047 `SSLProxy` is the SSL proxy server.
5048
5049 `FTPProxy` is the FTP proxy server.
5050
5051 `SOCKSProxy` is the SOCKS proxy server
5052
5053 `SOCKSVersion` is the SOCKS version (4 or 5)
5054
5055 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5056
5057 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5058
5059 `AutoLogin` means do not prompt for authentication if password is saved.
5060
5061 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5062
5063 **Compatibility:** Firefox 60, Firefox ESR 60\
5064 **CCK2 Equivalent:** `networkProxy*`\
5065 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5066
5067 #### Windows (GPO)
5068 ```
5069 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5070 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5071 Software\Policies\Mozilla\Firefox\Proxy\HTTPProxy = https://httpproxy.example.com
5072 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5073 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5074 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5075 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5076 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5077 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5078 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5079 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5080 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5081 ```
5082 #### Windows (Intune)
5083 **Note**
5084 These setttings were moved to a category to make them easier to configure via Intune.
5085
5086 OMA-URI:
5087 ```
5088 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5089 ```
5090 Value (string):
5091 ```
5092 <enabled/> or <disabled/>
5093 ```
5094 OMA-URI:
5095 ```
5096 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5097 ```
5098 Value (string):
5099 ```
5100 <enabled/>
5101 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5102 ```
5103 OMA-URI:
5104 ```
5105 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5106 ```
5107 Value (string):
5108 ```
5109 <enabled/>
5110 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5111 ```
5112 OMA-URI:
5113 ```
5114 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5115 ```
5116 Value (string):
5117 ```
5118 <enabled/> or <disabled/>
5119 ```
5120 OMA-URI:
5121 ```
5122 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5123 ```
5124 Value (string):
5125 ```
5126 <enabled/>
5127 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5128 ```
5129 OMA-URI:
5130 ```
5131 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5132 ```
5133 Value (string):
5134 ```
5135 <enabled/>
5136 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5137 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5138 ```
5139 OMA-URI:
5140 ```
5141 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5142 ```
5143 Value (string):
5144 ```
5145 <enabled/>
5146 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5147 ```
5148 OMA-URI:
5149 ```
5150 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5151 ```
5152 Value (string):
5153 ```
5154 <enabled/>
5155 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5156 ```
5157 OMA-URI:
5158 ```
5159 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5160 ```
5161 Value (string):
5162 ```
5163 <enabled/> or <disabled/>
5164 ```
5165 OMA-URI:
5166 ```
5167 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5168 ```
5169 Value (string):
5170 ```
5171 <enabled/> or <disabled/>
5172 ```
5173 OMA-URI (Old way):
5174 ```
5175 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5176 ```
5177 Value (string):
5178 ```
5179 <enabled/>
5180 <data id="ProxyLocked" value="true | false"/>
5181 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5182 <data id="HTTPProxy" value="httpproxy.example.com"/>
5183 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5184 <data id="SSLProxy" value="sslproxy.example.com"/>
5185 <data id="FTPProxy" value="ftpproxy.example.com"/>
5186 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5187 <data id="SOCKSVersion" value="4 | 5"/>
5188 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5189 <data id="Passthrough" value="<local>"/>
5190 <data id="AutoLogin" value="true | false"/>
5191 <data id="UseProxyForDNS" value="true | false"/>
5192 ```
5193 #### macOS
5194 ```
5195 <dict>
5196 <key>Proxy</key>
5197 <dict>
5198 <key>Mode</key>
5199 <string>none | system | manual | autoDetect | autoConfig</string>
5200 <key>Locked</key>
5201 <true> | </false>
5202 <key>HTTPProxy</key>
5203 <string>https://httpproxy.example.com</string>
5204 <key>UseHTTPProxyForAllProtocols</key>
5205 <true> | </false>
5206 <key>SSLProxy</key>
5207 <string>https://sslproxy.example.com</string>
5208 <key>FTPProxy</key>
5209 <string>https://ftpproxy.example.com</string>
5210 <key>SOCKSProxy</key>
5211 <string>https://socksproxy.example.com</string>
5212 <key>SOCKSVersion</key>
5213 <string>4 | 5</string>
5214 <key>Passthrough</key>
5215 <string>&lt;local>&gt;</string>
5216 <key>AutoConfigURL</key>
5217 <string>URL_TO_AUTOCONFIG</string>
5218 <key>AutoLogin</key>
5219 <true> | </false>
5220 <key>UseProxyForDNS</key>
5221 <true> | </false>
5222 </dict>
5223 </dict>
5224 ```
5225 #### policies.json
5226 ```
5227 {
5228 "policies": {
5229 "Proxy": {
5230 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5231 "Locked": true | false,
5232 "HTTPProxy": "hostname",
5233 "UseHTTPProxyForAllProtocols": true | false,
5234 "SSLProxy": "hostname",
5235 "FTPProxy": "hostname",
5236 "SOCKSProxy": "hostname",
5237 "SOCKSVersion": 4 | 5,
5238 "Passthrough": "<local>",
5239 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5240 "AutoLogin": true | false,
5241 "UseProxyForDNS": true | false
5242 }
5243 }
5244 }
5245 ```
5246 ### RequestedLocales
5247 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5248
5249 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5250
5251 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5252 **CCK2 Equivalent:** N/A\
5253 **Preferences Affected:** N/A
5254 #### Windows (GPO)
5255 ```
5256 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5257 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5258
5259 or
5260
5261 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5262 ```
5263 #### Windows (Intune)
5264 OMA-URI:
5265 ```
5266 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5267 ```
5268 Value (string):
5269 ```
5270 <enabled/>
5271 <data id="Preferences_String" value="de,en-US"/>
5272 ```
5273 #### macOS
5274 ```
5275 <dict>
5276 <key>RequestedLocales</key>
5277 <array>
5278 <string>de</string>
5279 <string>en-US</string>
5280 </array>
5281 </dict>
5282
5283 or
5284
5285 <dict>
5286 <key>RequestedLocales</key>
5287 <string>de,en-US</string>
5288 </dict>
5289
5290 ```
5291 #### policies.json
5292 ```
5293 {
5294 "policies": {
5295 "RequestedLocales": ["de", "en-US"]
5296 }
5297 }
5298
5299 or
5300
5301 {
5302 "policies": {
5303 "RequestedLocales": "de,en-US"
5304 }
5305 }
5306 ```
5307 <a name="SanitizeOnShutdown"></a>
5308
5309 ### SanitizeOnShutdown (Selective)
5310 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5311
5312 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5313
5314 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5315 **CCK2 Equivalent:** N/A\
5316 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5317 #### Windows (GPO)
5318 ```
5319 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5320 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5321 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5322 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5323 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5324 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5325 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5326 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5327 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5328 ```
5329 #### Windows (Intune)
5330 OMA-URI:
5331 ```
5332 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5333 ```
5334 Value (string):
5335 ```
5336 <enabled/> or <disabled/>
5337 ```
5338 OMA-URI:
5339 ```
5340 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5341 ```
5342 Value (string):
5343 ```
5344 <enabled/> or <disabled/>
5345 ```
5346 OMA-URI:
5347 ```
5348 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5349 ```
5350 Value (string):
5351 ```
5352 <enabled/> or <disabled/>
5353 ```
5354 OMA-URI:
5355 ```
5356 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5357 ```
5358 Value (string):
5359 ```
5360 <enabled/> or <disabled/>
5361 ```
5362 OMA-URI:
5363 ```
5364 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5365 ```
5366 Value (string):
5367 ```
5368 <enabled/> or <disabled/>
5369 ```
5370 OMA-URI:
5371 ```
5372 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5373 ```
5374 Value (string):
5375 ```
5376 <enabled/> or <disabled/>
5377 ```
5378 OMA-URI:
5379 ```
5380 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5381 ```
5382 Value (string):
5383 ```
5384 <enabled/> or <disabled/>
5385 ```
5386 OMA-URI:
5387 ```
5388 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5389 ```
5390 Value (string):
5391 ```
5392 <enabled/> or <disabled/>
5393 ```
5394 OMA-URI:
5395 ```
5396 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5397 ```
5398 Value (string):
5399 ```
5400 <enabled/> or <disabled/>
5401 ```
5402 #### macOS
5403 ```
5404 <dict>
5405 <key>SanitizeOnShutdown</key>
5406 <dict>
5407 <key>Cache</key>
5408 <true/> | <false/>
5409 <key>Cookies</key>
5410 <true/> | <false/>
5411 <key>Downloads</key>
5412 <true/> | <false/>
5413 <key>FormData</key>
5414 <true/> | <false/>
5415 <key>History</key>
5416 <true/> | <false/>
5417 <key>Sessions</key>
5418 <true/> | <false/>
5419 <key>SiteSettings</key>
5420 <true/> | <false/>
5421 <key>OfflineApps</key>
5422 <true/> | <false/>
5423 <key>Locked</key>
5424 <true/> | <false/>
5425 </dict>
5426 </dict>
5427 ```
5428 #### policies.json
5429 ```
5430 {
5431 "policies": {
5432 "SanitizeOnShutdown": {
5433 "Cache": true | false,
5434 "Cookies": true | false,
5435 "Downloads": true | false,
5436 "FormData": true | false,
5437 "History": true | false,
5438 "Sessions": true | false,
5439 "SiteSettings": true | false,
5440 "OfflineApps": true | false,
5441 "Locked": true | false
5442 }
5443 }
5444 }
5445 ```
5446 ### SanitizeOnShutdown (All)
5447 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5448
5449 **Compatibility:** Firefox 60, Firefox ESR 60\
5450 **CCK2 Equivalent:** N/A\
5451 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5452 #### Windows (GPO)
5453 ```
5454 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5455 ```
5456 #### Windows (Intune)
5457 OMA-URI:
5458 ```
5459 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5460 ```
5461 Value (string):
5462 ```
5463 <enabled/> or <disabled/>
5464 ```
5465 #### macOS
5466 ```
5467 <dict>
5468 <key>SanitizeOnShutdown</key>
5469 <true/> | <false/>
5470 </dict>
5471 ```
5472 #### policies.json
5473 ```
5474 {
5475 "policies": {
5476 "SanitizeOnShutdown": true | false
5477 }
5478 }
5479 ```
5480 ### SearchBar
5481 Set whether or not search bar is displayed.
5482
5483 **Compatibility:** Firefox 60, Firefox ESR 60\
5484 **CCK2 Equivalent:** `showSearchBar`\
5485 **Preferences Affected:** N/A
5486
5487 #### Windows (GPO)
5488 ```
5489 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5490 ```
5491
5492 #### Windows (Intune)
5493 OMA-URI:
5494 ```
5495 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5496 ```
5497 Value (string):
5498 ```
5499 <enabled/>
5500 <data id="SearchBar" value="unified | separate"/>
5501 ```
5502 #### macOS
5503 ```
5504 <dict>
5505 <key>SearchBar</key>
5506 <string>unified | separate</string>
5507 </dict>
5508 ```
5509 #### policies.json
5510 ```
5511 {
5512 "policies": {
5513 "SearchBar": "unified" | "separate"
5514 }
5515 }
5516 ```
5517 <a name="SearchEngines"></a>
5518
5519 ### SearchEngines (This policy is only available on the ESR.)
5520
5521 ### SearchEngines | Add
5522
5523 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5524
5525 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5526
5527 `Name` is the name of the search engine.
5528
5529 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5530
5531 `Method` is either GET or POST
5532
5533 `IconURL` is a URL for the icon to use.
5534
5535 `Alias` is a keyword to use for the engine.
5536
5537 `Description` is a description of the search engine.
5538
5539 `PostData` is the POST data as name value pairs separated by &.
5540
5541 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5542
5543 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5544
5545 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5546 **CCK2 Equivalent:** `searchplugins`\
5547 **Preferences Affected:** N/A
5548
5549 #### Windows (GPO)
5550 ```
5551 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5552 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5553 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5554 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5555 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5556 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5557 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5558 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5559 ```
5560 #### Windows (Intune)
5561 OMA-URI:
5562 ```
5563 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5564 ```
5565 Value (string):
5566 ```
5567 <enabled/>
5568 <data id="SearchEngine_Name" value="Example1"/>
5569 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5570 <data id="SearchEngine_Method" value="GET | POST"/>
5571 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5572 <data id="SearchEngine_Alias" value="example"/>
5573 <data id="SearchEngine_Description" value="Example Description"/>
5574 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5575 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5576 ```
5577 #### macOS
5578 ```
5579 <dict>
5580 <key>SearchEngines</key>
5581 <dict>
5582 <key>Add</key>
5583 <array>
5584 <dict>
5585 <key>Name</key>
5586 <string>Example1</string>
5587 <key>URLTemplate</key>
5588 <string>https://www.example.org/q={searchTerms}</string>
5589 <key>Method</key>
5590 <string>GET | POST </string>
5591 <key>IconURL</key>
5592 <string>https://www.example.org/favicon.ico</string>
5593 <key>Alias</key>
5594 <string>example</string>
5595 <key>Description</key>
5596 <string>Example Description</string>
5597 <key>SuggestURLTemplate</key>
5598 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5599 <key>PostData</key>
5600 <string>name=value&q={searchTerms}</string>
5601 </dict>
5602 <array>
5603 </dict>
5604 </dict>
5605 ```
5606 #### policies.json
5607 ```
5608 {
5609 "policies": {
5610 "SearchEngines": {
5611 "Add": [
5612 {
5613 "Name": "Example1",
5614 "URLTemplate": "https://www.example.org/q={searchTerms}",
5615 "Method": "GET" | "POST",
5616 "IconURL": "https://www.example.org/favicon.ico",
5617 "Alias": "example",
5618 "Description": "Description",
5619 "PostData": "name=value&q={searchTerms}",
5620 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5621 }
5622 ]
5623 }
5624 }
5625 }
5626 ```
5627 ### SearchEngines | Default
5628
5629 Set the default search engine. This policy is only available on the ESR.
5630
5631 **Compatibility:** Firefox ESR 60\
5632 **CCK2 Equivalent:** `defaultSearchEngine`\
5633 **Preferences Affected:** N/A
5634
5635 #### Windows (GPO)
5636 ```
5637 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5638 ```
5639 #### Windows (Intune)
5640 OMA-URI:
5641 ```
5642 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5643 ```
5644 Value (string):
5645 ```
5646 <enabled/>
5647 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5648 ```
5649 #### macOS
5650 ```
5651 <dict>
5652 <key>SearchEngines</key>
5653 <dict>
5654 <key>Default</key>
5655 <string>NAME_OF_SEARCH_ENGINE</string>
5656 </dict>
5657 </dict>
5658 ```
5659 #### policies.json
5660 ```
5661 {
5662 "policies": {
5663 "SearchEngines": {
5664 "Default": "NAME_OF_SEARCH_ENGINE"
5665 }
5666 }
5667 }
5668 ```
5669 ### SearchEngines | PreventInstalls
5670
5671 Prevent installing search engines from webpages.
5672
5673 **Compatibility:** Firefox ESR 60\
5674 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5675 **Preferences Affected:** N/A
5676
5677 #### Windows (GPO)
5678 ```
5679 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5680 ```
5681 #### Windows (Intune)
5682 OMA-URI:
5683 ```
5684 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5685 ```
5686 Value (string):
5687 ```
5688 <enabled/> or <disabled/>
5689 ```
5690 #### macOS
5691 ```
5692 <dict>
5693 <key>SearchEngines</key>
5694 <dict>
5695 <key>PreventInstalls</key>
5696 <true/> | <false/>
5697 </dict>
5698 </dict>
5699 ```
5700 #### policies.json
5701 ```
5702 {
5703 "policies": {
5704 "SearchEngines": {
5705 "PreventInstalls": true | false
5706 }
5707 }
5708 }
5709 ```
5710 ### SearchEngines | Remove
5711
5712 Hide built-in search engines. This policy is only available on the ESR.
5713
5714 **Compatibility:** Firefox ESR 60.2\
5715 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5716 **Preferences Affected:** N/A
5717
5718 #### Windows (GPO)
5719 ```
5720 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5721 ```
5722 #### Windows (Intune)
5723 OMA-URI:
5724 ```
5725 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5726 ```
5727 Value (string):
5728 ```
5729 <enabled/>
5730 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5731 ```
5732 #### macOS
5733 ```
5734 <dict>
5735 <key>SearchEngines</key>
5736 <dict>
5737 <key>Remove</key>
5738 <array>
5739 <string>NAME_OF_SEARCH_ENGINE</string>
5740 </array>
5741 </dict>
5742 </dict>
5743 ```
5744 #### policies.json
5745 ```
5746 {
5747 "policies": {
5748 "SearchEngines": {
5749 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5750 }
5751 }
5752 }
5753 ```
5754 ### SearchSuggestEnabled
5755
5756 Enable search suggestions.
5757
5758 **Compatibility:** Firefox 68, Firefox ESR 68\
5759 **CCK2 Equivalent:** N/A\
5760 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5761
5762 #### Windows (GPO)
5763 ```
5764 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5765 ```
5766 #### Windows (Intune)
5767 OMA-URI:
5768 ```
5769 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5770 ```
5771 Value (string):
5772 ```
5773 <enabled/> or <disabled/>
5774 ```
5775 #### macOS
5776 ```
5777 <dict>
5778 <key>SearchSuggestEnabled</key>
5779 <true/> | <false/>
5780 </dict>
5781 ```
5782 #### policies.json
5783 ```
5784 {
5785 "policies": {
5786 "SearchSuggestEnabled": true | false
5787 }
5788 }
5789 ```
5790 ### SecurityDevices
5791
5792 Add or delete PKCS #11 modules.
5793
5794 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5795 **CCK2 Equivalent:** N/A\
5796 **Preferences Affected:** N/A
5797
5798 #### Windows (GPO)
5799 ```
5800 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5801 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5802 ```
5803 #### Windows (Intune)
5804 OMA-URI:
5805 ```
5806 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5807 ```
5808 Value (string):
5809 ```
5810 <enabled/>
5811 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5812 ```
5813 OMA-URI:
5814 ```
5815 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5816 ```
5817 Value (string):
5818 ```
5819 <enabled/>
5820 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5821 ```
5822 #### macOS
5823 ```
5824 <dict>
5825 <key>SecurityDevices</key>
5826 <dict>
5827 <key>Add<key>
5828 <dict>
5829 <key>NAME_OF_DEVICE_TO_ADD</key>
5830 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5831 </dict>
5832 <key>Delete</add>
5833 <array>
5834 <string>NAME_OF_DEVICE_TO_DELETE</string>
5835 </array>
5836 </dict>
5837 </dict>
5838 ```
5839 #### policies.json
5840 ```
5841 {
5842 "policies": {
5843 "SecurityDevices": {
5844 "Add": {
5845 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5846 },
5847 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5848 }
5849 }
5850 }
5851 ```
5852 ### SecurityDevices (Deprecated)
5853
5854 Install PKCS #11 modules.
5855
5856 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5857 **CCK2 Equivalent:** `certs.devices`\
5858 **Preferences Affected:** N/A
5859
5860 #### Windows (GPO)
5861 ```
5862 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5863 ```
5864 #### Windows (Intune)
5865 OMA-URI:
5866 ```
5867 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5868 ```
5869 Value (string):
5870 ```
5871 <enabled/>
5872 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5873 ```
5874 #### macOS
5875 ```
5876 <dict>
5877 <key>SecurityDevices</key>
5878 <dict>
5879 <key>NAME_OF_DEVICE</key>
5880 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5881 </dict>
5882 </dict>
5883 ```
5884 #### policies.json
5885 ```
5886 {
5887 "policies": {
5888 "SecurityDevices": {
5889 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5890 }
5891 }
5892 }
5893 ```
5894 ### ShowHomeButton
5895 Show the home button on the toolbar.
5896
5897 Future versions of Firefox will not show the home button by default.
5898
5899 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5900 **CCK2 Equivalent:** N/A\
5901 **Preferences Affected:** N/A
5902
5903 #### Windows (GPO)
5904 ```
5905 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5906 ```
5907 #### Windows (Intune)
5908 OMA-URI:
5909 ```
5910 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5911 ```
5912 Value (string):
5913 ```
5914 <enabled/> or <disabled/>
5915 ```
5916 #### macOS
5917 ```
5918 <dict>
5919 <key>ShowHomeButton</key>
5920 <true/> | <false/>
5921 </dict>
5922 ```
5923 #### policies.json
5924 ```
5925 {
5926 "policies": {
5927 "ShowHomeButton": true | false
5928 }
5929 }
5930 ```
5931 ### SSLVersionMax
5932
5933 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5934
5935 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5936 **CCK2 Equivalent:** N/A\
5937 **Preferences Affected:** `security.tls.version.max`
5938
5939 #### Windows (GPO)
5940 ```
5941 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5942 ```
5943 #### Windows (Intune)
5944 OMA-URI:
5945 ```
5946 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5947 ```
5948 Value (string):
5949 ```
5950 <enabled/>
5951 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5952 ```
5953 #### macOS
5954 ```
5955 <dict>
5956 <key>SSLVersionMax</key>
5957 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5958 </dict>
5959 ```
5960
5961 #### policies.json
5962 ```
5963 {
5964 "policies": {
5965 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5966 }
5967 }
5968 ```
5969 ### SSLVersionMin
5970
5971 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5972
5973 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5974 **CCK2 Equivalent:** N/A\
5975 **Preferences Affected:** `security.tls.version.min`
5976
5977 #### Windows (GPO)
5978 ```
5979 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5980 ```
5981 #### Windows (Intune)
5982 OMA-URI:
5983 ```
5984 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5985 ```
5986 Value (string):
5987 ```
5988 <enabled/>
5989 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5990 ```
5991 #### macOS
5992 ```
5993 <dict>
5994 <key>SSLVersionMin</key>
5995 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5996 </dict>
5997 ```
5998
5999 #### policies.json
6000 ```
6001 {
6002 "policies": {
6003 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6004 }
6005 }
6006 ```
6007 ### SupportMenu
6008 Add a menuitem to the help menu for specifying support information.
6009
6010 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
6011 **CCK2 Equivalent:** helpMenu\
6012 **Preferences Affected:** N/A
6013
6014 #### Windows (GPO)
6015 ```
6016 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
6017 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
6018 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
6019 ```
6020 #### Windows (Intune)
6021 OMA-URI:
6022 ```
6023 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
6024 ```
6025 Value (string):
6026 ```
6027 <enabled/>
6028 <data id="SupportMenuTitle" value="Support Menu"/>
6029 <data id="SupportMenuURL" value="http://example.com/support"/>
6030 <data id="SupportMenuAccessKey" value="S"/>
6031 ```
6032 #### macOS
6033 ```
6034 <dict>
6035 <key>SupportMenu</key>
6036 <dict>
6037 <key>Title</key>
6038 <string>SupportMenu</string>
6039 <key>URL</key>
6040 <string>http://example.com/support</string>
6041 <key>AccessKey</key>
6042 <string>S</string>
6043 </dict>
6044 </dict>
6045 ```
6046 #### policies.json
6047 ```
6048 {
6049 "policies": {
6050 "SupportMenu": {
6051 "Title": "Support Menu",
6052 "URL": "http://example.com/support",
6053 "AccessKey": "S"
6054 }
6055 }
6056 }
6057 ```
6058 ### StartDownloadsInTempDirectory
6059 Force downloads to start off in a local, temporary location rather than the default download directory.
6060
6061 **Compatibility:** Firefox 102\
6062 **CCK2 Equivalent:** N/A\
6063 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
6064
6065 #### Windows (GPO)
6066 ```
6067 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
6068 ```
6069 #### Windows (Intune)
6070 OMA-URI:
6071 ```
6072 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
6073 ```
6074 Value (string):
6075 ```
6076 <enabled/> or <disabled/>
6077 ```
6078 #### macOS
6079 ```
6080 <dict>
6081 <key>StartDownloadsInTempDirectory</key>
6082 <true/> | <false/>
6083 </dict>
6084 ```
6085 #### policies.json
6086 ```
6087 {
6088 "policies": {
6089 "StartDownloadsInTempDirectory": true | false
6090 }
6091 ```
6092 ### UserMessaging
6093
6094 Prevent Firefox from messaging the user in certain situations.
6095
6096 `WhatsNew` Remove the "What's New" icon and menuitem.
6097
6098 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6099
6100 `FeatureRecommendations` If false, don't recommend browser features.
6101
6102 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6103
6104 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6105
6106 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6107
6108 `Locked` prevents the user from changing user messaging preferences.
6109
6110 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6111 **CCK2 Equivalent:** N/A\
6112 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6113
6114 #### Windows (GPO)
6115 ```
6116 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
6117 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6118 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6119 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6120 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6121 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6122 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
6123 ```
6124 #### Windows (Intune)
6125 OMA-URI:
6126 ```
6127 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6128 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6129 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6130 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6131 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6132 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6133 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
6134 ```
6135 Value (string):
6136 ```
6137 <enabled/> or <disabled/>
6138 ```
6139 #### macOS
6140 ```
6141 <dict>
6142 <key>UserMessaging</key>
6143 <dict>
6144 <key>WhatsNew</key>
6145 <true/> | <false/>
6146 <key>ExtensionRecommendations</key>
6147 <true/> | <false/>
6148 <key>FeatureRecommendations</key>
6149 <true/> | <false/>
6150 <key>UrlbarInterventions</key>
6151 <true/> | <false/>
6152 <key>SkipOnboarding</key>
6153 <true/> | <false/>
6154 <key>MoreFromMozilla</key>
6155 <true/> | <false/>
6156 <key>Locked</key>
6157 <true/> | <false/>
6158 </dict>
6159 </dict>
6160 ```
6161 #### policies.json
6162 ```
6163 {
6164 "policies": {
6165 "UserMessaging": {
6166 "WhatsNew": true | false,
6167 "ExtensionRecommendations": true | false,
6168 "FeatureRecommendations": true | false,
6169 "UrlbarInterventions": true | false,
6170 "SkipOnboarding": true | false,
6171 "MoreFromMozilla": true | false,
6172 "Locked": true | false
6173 }
6174 }
6175 }
6176 ```
6177 ### UseSystemPrintDialog
6178 Use the system print dialog instead of the print preview window.
6179
6180 **Compatibility:** Firefox 102\
6181 **CCK2 Equivalent:** N/A\
6182 **Preferences Affected:** `print.prefer_system_dialog`
6183
6184 #### Windows (GPO)
6185 ```
6186 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6187 ```
6188 #### Windows (Intune)
6189 OMA-URI:
6190 ```
6191 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6192 ```
6193 Value (string):
6194 ```
6195 <enabled/> or <disabled/>
6196 ```
6197 #### macOS
6198 ```
6199 <dict>
6200 <key>UseSystemPrintDialog</key>
6201 <true/> | <false/>
6202 </dict>
6203 ```
6204 #### policies.json
6205 ```
6206 {
6207 "policies": {
6208 "UseSystemPrintDialog": true | false
6209 }
6210 }
6211 ```
6212 ### WebsiteFilter
6213 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6214 The arrays are limited to 1000 entries each.
6215
6216 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6217
6218 For specific protocols, use `https://*/*` or `http://*/*`.
6219
6220 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6221
6222 **Compatibility:** Firefox 60, Firefox ESR 60\
6223 **CCK2 Equivalent:** N/A\
6224 **Preferences Affected:** N/A
6225
6226 #### Windows (GPO)
6227 ```
6228 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6229 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6230 ```
6231 #### Windows (Intune)
6232 OMA-URI:
6233 ```
6234 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6235 ```
6236 Value (string):
6237 ```
6238 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6239 ```
6240 OMA-URI:
6241 ```
6242 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6243 ```
6244 Value (string):
6245 ```
6246 <enabled/>
6247 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6248 ```
6249 #### macOS
6250 ```
6251 <dict>
6252 <key>WebsiteFilter</key>
6253 <dict>
6254 <key>Block</key>
6255 <array>
6256 <string><all_urls></string>
6257 </array>
6258 <key>Exceptions</key>
6259 <array>
6260 <string>http://example.org/*</string>
6261 </array>
6262 </dict>
6263
6264 </dict>
6265 ```
6266 #### policies.json
6267 ```
6268 {
6269 "policies": {
6270 "WebsiteFilter": {
6271 "Block": ["<all_urls>"],
6272 "Exceptions": ["http://example.org/*"]
6273 }
6274 }
6275 }
6276 ```
6277 ### WindowsSSO
6278 Allow Windows single sign-on for Microsoft, work, and school accounts.
6279
6280 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6281
6282 **Compatibility:** Firefox 91\
6283 **CCK2 Equivalent:** N/A\
6284 **Preferences Affected:** `network.http.windows-sso.enabled`
6285
6286 #### Windows (GPO)
6287 ```
6288 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6289 ```
6290 #### Windows (Intune)
6291 OMA-URI:
6292 ```
6293 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6294 ```
6295 Value (string):
6296 ```
6297 <enabled/> or <disabled/>
6298 ```
6299 #### policies.json
6300 ```
6301 {
6302 "policies": {
6303 "WindowsSSO": true | false
6304 }
6305 }
6306 ```

patrick-canterino.de