]> git.p6c8.net - policy-templates.git/blob - README.md
Update README.md
[policy-templates.git] / README.md
1 **These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
2
3 **You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
4
5 Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
6
7 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
8
9 ```
10 {
11 "policies": {
12 "Authentication": {
13 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
14 }
15 "Authentication_Comment": "These domains are required for us"
16 }
17 }
18 ```
19
20 | Policy Name | Description
21 | --- | --- |
22 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
23 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
24 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
25 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
26 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
27 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
28 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
29 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
30 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
31 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
32 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
33 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
34 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
35 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
36 | **[`Certificates`](#certificates)** |
37 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
38 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
39 | **[`Cookies`](#cookies)** | Configure cookie preferences.
40 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
41 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
42 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
43 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
44 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
45 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
46 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
47 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
48 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
49 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
50 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
51 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
52 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
53 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
54 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
55 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
56 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
57 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
58 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
59 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
60 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
61 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
62 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
63 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
64 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
65 | **[`DisplayBookmarksToolbar (Deprecated)`](#displaybookmarkstoolbar-deprecated)** | Set the initial state of the bookmarks toolbar.
66 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
67 | **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
68 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
69 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
70 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
71 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
72 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
73 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
74 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
75 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
76 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
77 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
78 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
79 | **[`FlashPlugin (Deprecated)`](#flashplugin-deprecated)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
80 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
81 | **[`Handlers`](#handlers)** | Configure default application handlers.
82 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
83 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
84 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
85 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
86 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
87 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
88 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
89 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
90 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
91 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
92 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
93 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
94 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
95 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
96 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
97 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
98 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
99 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
100 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
101 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
102 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
103 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
104 | **[`Preferences`](#preferences)** | Set and lock preferences.
105 | **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
106 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
107 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
108 | **[`Proxy`](#proxy)** | Configure proxy settings.
109 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
110 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
111 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
112 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
113 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
114 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
115 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
116 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
117 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
118 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
119 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
120 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
121 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
122 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
123 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
124 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
125 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
126 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
127 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
128 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
129
130 ### 3rdparty
131
132 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
133
134 For GPO and Intune, the extension developer should provide an ADMX file.
135
136 **Compatibility:** Firefox 68\
137 **CCK2 Equivalent:** N/A\
138 **Preferences Affected:** N/A
139
140 #### macOS
141 ```
142 <dict>
143 <key>3rdparty</key>
144 <dict>
145 <key>Extensions</key>
146 <dict>
147 <key>uBlock0@raymondhill.net</key>
148 <dict>
149 <key>adminSettings</key>
150 <dict>
151 <key>selectedFilterLists</key>
152 <array>
153 <string>ublock-privacy</string>
154 <string>ublock-badware</string>
155 <string>ublock-filters</string>
156 <string>user-filters</string>
157 </array>
158 </dict>
159 </dict>
160 </dict>
161 </dict>
162 </dict>
163 ```
164 #### policies.json
165 ```
166 {
167 "policies": {
168 "3rdparty": {
169 "Extensions": {
170 "uBlock0@raymondhill.net": {
171 "adminSettings": {
172 "selectedFilterLists": [
173 "ublock-privacy",
174 "ublock-badware",
175 "ublock-filters",
176 "user-filters"
177 ]
178 }
179 }
180 }
181 }
182 }
183 }
184 ```
185
186 ### AllowedDomainsForApps
187
188 Define domains allowed to access Google Workspace.
189
190 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
191
192 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
193
194 **Compatibility:** Firefox 89, Firefox ESR 78.11\
195 **CCK2 Equivalent:** N/A\
196 **Preferences Affected:** N/A
197
198 #### Windows (GPO)
199 ```
200 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
201 ```
202 #### Windows (Intune)
203 OMA-URI:
204 ```
205 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
206 ```
207 Value (string):
208 ```
209 <enabled/>
210 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
211 ```
212 #### macOS
213 ```
214 <dict>
215 <key>AllowedDomainsForApps</key>
216 <string>managedfirefox.com,example.com</string>
217 </dict>
218 ```
219 #### policies.json
220 ```
221 {
222 "policies": {
223 "AllowedDomainsForApps": "managedfirefox.com,example.com"
224 }
225 }
226 ```
227 ### AppAutoUpdate
228
229 Enable or disable **automatic** application update.
230
231 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
232
233 If set to false, application updates are downloaded but the user can choose when to install the update.
234
235 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
236
237 **Compatibility:** Firefox 75, Firefox ESR 68.7\
238 **CCK2 Equivalent:** N/A\
239 **Preferences Affected:** `app.update.auto`
240
241 #### Windows (GPO)
242 ```
243 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
244 ```
245 #### Windows (Intune)
246 OMA-URI:
247 ```
248 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
249 ```
250 Value (string):
251 ```
252 <enabled/> or <disabled/>
253 ```
254 #### macOS
255 ```
256 <dict>
257 <key>AppAutoUpdate</key>
258 <true/> | <false/>
259 </dict>
260 ```
261 #### policies.json
262 ```
263 {
264 "policies": {
265 "AppAutoUpdate": true | false
266 }
267 }
268 ```
269 ### AppUpdatePin
270
271 Prevent Firefox from being updated beyond the specified version.
272
273 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
274
275 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
276
277 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
278
279 **Compatibility:** Firefox 102,\
280 **CCK2 Equivalent:** N/A\
281 **Preferences Affected:** N/A
282
283 #### Windows (GPO)
284 ```
285 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
286 ```
287 #### Windows (Intune)
288 OMA-URI:
289 ```
290 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
291 ```
292 Value (string):
293 ```
294 <enabled/>
295 <data id="AppUpdatePin" value="106."/>
296 ```
297 #### macOS
298 ```
299 <dict>
300 <key>AppUpdatePin</key>
301 <string>106.</string>
302 </dict>
303 ```
304 #### policies.json
305 ```
306 {
307 "policies": {
308 "AppUpdatePin": "106."
309 }
310 }
311 ```
312 ### AppUpdateURL
313
314 Change the URL for application update if you are providing Firefox updates from a custom update server.
315
316 **Compatibility:** Firefox 62, Firefox ESR 60.2\
317 **CCK2 Equivalent:** N/A\
318 **Preferences Affected:** `app.update.url`
319
320 #### Windows (GPO)
321 ```
322 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
323 ```
324 #### Windows (Intune)
325 OMA-URI:
326 ```
327 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
328 ```
329 Value (string):
330 ```
331 <enabled/>
332 <data id="AppUpdateURL" value="https://yoursite.com"/>
333 ```
334 #### macOS
335 ```
336 <dict>
337 <key>AppUpdateURL</key>
338 <string>https://yoursite.com</string>
339 </dict>
340 ```
341 #### policies.json
342 ```
343 {
344 "policies": {
345 "AppUpdateURL": "https://yoursite.com"
346 }
347 }
348 ```
349 ### Authentication
350
351 Configure sites that support integrated authentication.
352
353 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
354
355 `PrivateBrowsing` enables integrated authentication in private browsing.
356
357 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
358 **CCK2 Equivalent:** N/A\
359 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
360
361 #### Windows (GPO)
362 ```
363 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
364 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
365 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
366 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
367 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
368 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
369 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
370 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
371 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
372 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
373 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
374 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
375 ```
376 #### Windows (Intune)
377 OMA-URI:
378 ```
379 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
380 ```
381 Value (string):
382 ```
383 <enabled/>
384 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
385 ```
386 OMA-URI:
387 ```
388 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
389 ```
390 Value (string):
391 ```
392 <enabled/>
393 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
394 ```
395 OMA-URI:
396 ```
397 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
398 ```
399 Value (string):
400 ```
401 <enabled/>
402 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
403 ```
404 OMA-URI:
405 ```
406 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
407 ```
408 Value (string):
409 ```
410 <enabled/>
411 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
412 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
413 ```
414 OMA-URI:
415 ```
416 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
417 ```
418 Value (string):
419 ```
420 <enabled/> or <disabled/>
421 ```
422 OMA-URI:
423 ```
424 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
425 ```
426 Value (string):
427 ```
428 <enabled/> or <disabled/>
429 ```
430 #### macOS
431 ```
432 <dict>
433 <key>Authentication</key>
434 <dict>
435 <key>SPNEGO</key>
436 <array>
437 <string>mydomain.com</string>
438 <string>https://myotherdomain.com</string>
439 </array>
440 <key>Delegated</key>
441 <array>
442 <string>mydomain.com</string>
443 <string>https://myotherdomain.com</string>
444 </array>
445 <key>NTLM</key>
446 <array>
447 <string>mydomain.com</string>
448 <string>https://myotherdomain.com</string>
449 </array>
450 <key>AllowNonFQDN</key>
451 <dict>
452 <key>SPNEGO</key>
453 <true/> | <false/>
454 <key>NTLM</key>
455 <true/> | <false/>
456 </dict>
457 <key>AllowProxies</key>
458 <dict>
459 <key>SPNEGO</key>
460 <true/> | <false/>
461 <key>NTLM</key>
462 <true/> | <false/>
463 </dict>
464 <key>Locked</key>
465 <true/> | <false/>
466 <key>PrivateBrowsing</key>
467 <true/> | <false/>
468 </dict>
469 </dict>
470 ```
471 #### policies.json
472 ```
473 {
474 "policies": {
475 "Authentication": {
476 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
477 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
478 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
479 "AllowNonFQDN": {
480 "SPNEGO": true | false,
481 "NTLM": true | false
482 },
483 "AllowProxies": {
484 "SPNEGO": true | false,
485 "NTLM": true | false
486 },
487 "Locked": true | false,
488 "PrivateBrowsing": true | false
489 }
490 }
491 }
492 ```
493 ### AutoLaunchProtocolsFromOrigins
494 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
495
496 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
497
498 The schema is:
499 ```
500 {
501 "items": {
502 "properties": {
503 "allowed_origins": {
504 "items": {
505 "type": "string"
506 },
507 "type": "array"
508 },
509 "protocol": {
510 "type": "string"
511 }
512 },
513 "required": [
514 "protocol",
515 "allowed_origins"
516 ],
517 "type": "object"
518 },
519 "type": "array"
520 }
521 ```
522 **Compatibility:** Firefox 90, Firefox ESR 78.12\
523 **CCK2 Equivalent:** N/A\
524 **Preferences Affected:** N/A
525
526 #### Windows (GPO)
527 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
528 ```
529 [
530 {
531 "protocol": "zoommtg",
532 "allowed_origins": [
533 "https://somesite.zoom.us"
534 ]
535 }
536 ]
537 ```
538 #### Windows (Intune)
539 OMA-URI:
540 ```
541 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
542 ```
543 Value (string):
544 ```
545 <enabled/>
546 <data id="JSON" value='
547 [
548 {
549 "protocol": "zoommtg",
550 "allowed_origins": [
551 "https://somesite.zoom.us"
552 ]
553 }
554 ]'/>
555 ```
556 #### macOS
557 ```
558 <dict>
559 <key>AutoLaunchProtocolsFromOrigins</key>
560 <array>
561 <dict>
562 <key>protocol</key>
563 <string>zoommtg</string>
564 <key>allowed_origins</key>
565 <array>
566 <string>https://somesite.zoom.us</string>
567 </array>
568 </dict>
569 </array>
570 </dict>
571 ```
572 #### policies.json
573 ```
574 {
575 "policies": {
576 "AutoLaunchProtocolsFromOrigins": [{
577 "protocol": "zoommtg",
578 "allowed_origins": [
579 "https://somesite.zoom.us"
580 ]
581 }]
582 }
583 }
584 ```
585 ### BackgroundAppUpdate
586
587 Enable or disable **automatic** application update **in the background**, when the application is not running.
588
589 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
590
591 If set to false, the application will not try to install updates when the application is not running.
592
593 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
594
595 **Compatibility:** Firefox 90 (Windows only)\
596 **CCK2 Equivalent:** N/A\
597 **Preferences Affected:** `app.update.background.enabled`
598
599 #### Windows (GPO)
600 ```
601 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
602 ```
603 #### Windows (Intune)
604 OMA-URI:
605 ```
606 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
607 ```
608 Value (string):
609 ```
610 <enabled/> or <disabled/>
611 ```
612 #### macOS
613 ```
614 <dict>
615 <key>BackgroundAppUpdate</key>
616 <true/> | <false/>
617 </dict>
618 ```
619 #### policies.json
620 ```
621 {
622 "policies": {
623 "BackgroundAppUpdate": true | false
624 }
625 }
626 ```
627 ### BlockAboutAddons
628
629 Block access to the Add-ons Manager (about:addons).
630
631 **Compatibility:** Firefox 60, Firefox ESR 60\
632 **CCK2 Equivalent:** `disableAddonsManager`\
633 **Preferences Affected:** N/A
634
635 #### Windows (GPO)
636 ```
637 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
638 ```
639 #### Windows (Intune)
640 OMA-URI:
641 ```
642 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
643 ```
644 Value (string):
645 ```
646 <enabled/> or <disabled/>
647 ```
648 #### macOS
649 ```
650 <dict>
651 <key>BlockAboutAddons</key>
652 <true/> | <false/>
653 </dict>
654 ```
655 #### policies.json
656 ```
657 {
658 "policies": {
659 "BlockAboutAddons": true | false
660 }
661 }
662 ```
663 ### BlockAboutConfig
664
665 Block access to about:config.
666
667 **Compatibility:** Firefox 60, Firefox ESR 60\
668 **CCK2 Equivalent:** `disableAboutConfig`\
669 **Preferences Affected:** N/A
670
671 #### Windows (GPO)
672 ```
673 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
674 ```
675 #### Windows (Intune)
676 OMA-URI:
677 ```
678 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
679 ```
680 Value (string):
681 ```
682 <enabled/> or <disabled/>
683 ```
684 #### macOS
685 ```
686 <dict>
687 <key>BlockAboutConfig</key>
688 <true/> | <false/>
689 </dict>
690 ```
691 #### policies.json
692 ```
693 {
694 "policies": {
695 "BlockAboutConfig": true | false
696 }
697 }
698 ```
699 ### BlockAboutProfiles
700
701 Block access to About Profiles (about:profiles).
702
703 **Compatibility:** Firefox 60, Firefox ESR 60\
704 **CCK2 Equivalent:** `disableAboutProfiles`\
705 **Preferences Affected:** N/A
706
707 #### Windows (GPO)
708 ```
709 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
710 ```
711 #### Windows (Intune)
712 OMA-URI:
713 ```
714 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
715 ```
716 Value (string):
717 ```
718 <enabled/> or <disabled/>
719 ```
720 #### macOS
721 ```
722 <dict>
723 <key>BlockAboutProfiles</key>
724 <true/> | <false/>
725 </dict>
726 ```
727 #### policies.json
728 ```
729 {
730 "policies": {
731 "BlockAboutProfiles": true | false
732 }
733 }
734 ```
735 ### BlockAboutSupport
736
737 Block access to Troubleshooting Information (about:support).
738
739 **Compatibility:** Firefox 60, Firefox ESR 60\
740 **CCK2 Equivalent:** `disableAboutSupport`\
741 **Preferences Affected:** N/A
742
743 #### Windows (GPO)
744 ```
745 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
746 ```
747 #### Windows (Intune)
748 OMA-URI:
749 ```
750 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
751 ```
752 Value (string):
753 ```
754 <enabled/> or <disabled/>
755 ```
756 #### macOS
757 ```
758 <dict>
759 <key>BlockAboutSupport</key>
760 <true/> | <false/>
761 </dict>
762 ```
763 #### policies.json
764 ```
765 {
766 "policies": {
767 "BlockAboutSupport": true | false
768 }
769 }
770 ```
771 ### Bookmarks
772
773 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
774
775 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
776
777 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
778
779 **Compatibility:** Firefox 60, Firefox ESR 60\
780 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
781 **Preferences Affected:** N/A
782
783 #### Windows (GPO)
784 ```
785 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
786 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
787 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
788 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
789 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
790
791 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
792 ```
793 []
794 ```
795
796 ```
797 #### Windows (Intune)
798 OMA-URI:
799 ```
800 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
801 ```
802 Value (string):
803 ```
804 <enabled/>
805 <data id="BookmarkTitle" value="Example"/>
806 <data id="BookmarkURL" value="https://example.com"/>
807 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
808 <data id="BookmarkPlacement" value="toolbar | menu"/>
809 <data id="BookmarkFolder" value="FolderName"/>
810 ```
811 OMA-URI:
812 ```
813 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
814 ```
815 Value (string):
816 ```
817 <enabled/>
818 <data id="JSON" value='[]'/>
819 ```
820 #### macOS
821 ```
822 <dict>
823 <key>Bookmarks</key>
824 <array>
825 <dict>
826 <key>Title</key>
827 <string>Example</string>
828 <key>URL</key>
829 <string>https://example.com</string>
830 <key>Favicon</key>
831 <string>https://example.com/favicon.ico</string>
832 <key>Placement</key>
833 <string>toolbar | menu</string>
834 <key>Folder</key>
835 <string>FolderName</string>
836 </dict>
837 </array>
838 </dict>
839 ```
840 #### policies.json
841 ```
842 {
843 "policies": {
844 "Bookmarks": [
845 {
846 "Title": "Example",
847 "URL": "https://example.com",
848 "Favicon": "https://example.com/favicon.ico",
849 "Placement": "toolbar" | "menu",
850 "Folder": "FolderName"
851 }
852 ]
853 }
854 }
855 ```
856 ### CaptivePortal
857 Enable or disable the detection of captive portals.
858
859 **Compatibility:** Firefox 67, Firefox ESR 60.7\
860 **CCK2 Equivalent:** N/A\
861 **Preferences Affected:** `network.captive-portal-service.enabled`
862
863 #### Windows (GPO)
864 ```
865 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
866 ```
867 #### Windows (Intune)
868 OMA-URI:
869 ```
870 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
871 ```
872 Value (string):
873 ```
874 <enabled/> or <disabled/>
875 ```
876 #### macOS
877 ```
878 <dict>
879 <key>CaptivePortal</key>
880 <true/> | <false/>
881 </dict>
882 ```
883 #### policies.json
884 ```
885 {
886 "policies": {
887 "CaptivePortal": true | false
888 }
889 }
890 ```
891 ### Certificates
892
893 ### Certificates | ImportEnterpriseRoots
894
895 Trust certificates that have been added to the operating system certificate store by a user or administrator.
896
897 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
898
899 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
900
901 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
902 **CCK2 Equivalent:** N/A\
903 **Preferences Affected:** `security.enterprise_roots.enabled`
904
905 #### Windows (GPO)
906 ```
907 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
908 ```
909 #### Windows (Intune)
910 OMA-URI:
911 ```
912 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
913 ```
914 Value (string):
915 ```
916 <enabled/> or <disabled/>
917 ```
918 #### macOS
919 ```
920 <dict>
921 <key>Certificates</key>
922 <dict>
923 <key>ImportEnterpriseRoots</key>
924 <true/> | <false/>
925 </dict>
926 </dict>
927 ```
928 #### policies.json
929 ```
930 {
931 "policies": {
932 "Certificates": {
933 "ImportEnterpriseRoots": true | false
934 }
935 }
936 }
937 ```
938 ### Certificates | Install
939
940 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
941
942 - Windows
943 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
944 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
945 - macOS
946 - /Library/Application Support/Mozilla/Certificates
947 - ~/Library/Application Support/Mozilla/Certificates
948 - Linux
949 - /usr/lib/mozilla/certificates
950 - /usr/lib64/mozilla/certificates
951 - ~/.mozilla/certificates
952
953 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
954
955 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
956
957 Certificates are installed using the trust string `CT,CT,`.
958
959 Binary (DER) and ASCII (PEM) certificates are both supported.
960
961 **Compatibility:** Firefox 64, Firefox ESR 64\
962 **CCK2 Equivalent:** `certs.ca`\
963 **Preferences Affected:** N/A
964
965 #### Windows (GPO)
966 ```
967 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
968 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
969 ```
970 #### Windows (Intune)
971 OMA-URI:
972 ```
973 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
974 ```
975 Value (string):
976 ```
977 <enabled/>
978 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
979 ```
980 #### macOS
981 ```
982 <dict>
983 <key>Certificates</key>
984 <dict>
985 <key>Install</key>
986 <array>
987 <string>cert1.der</string>
988 <string>/Users/username/cert2.pem</string>
989 </array>
990 </dict>
991 </dict>
992 ```
993 #### policies.json
994 ```
995 {
996 "policies": {
997 "Certificates": {
998 "Install": ["cert1.der", "/home/username/cert2.pem"]
999 }
1000 }
1001 }
1002 ```
1003 ### Cookies
1004 Configure cookie preferences.
1005
1006 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1007
1008 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1009
1010 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1011
1012 `Behavior` sets the default behavior for cookies based on the values below.
1013
1014 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1015
1016 | Value | Description
1017 | --- | ---
1018 | accept | Accept all cookies
1019 | reject-foreign | Reject third party cookies
1020 | reject | Reject all cookies
1021 | limit-foreign | Reject third party cookies for sites you haven't visited
1022 | reject-tracker | Reject cookies for known trackers (default)
1023 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1024
1025 `Default` (Deprecated) determines whether cookies are accepted at all.
1026
1027 `AcceptThirdParty` (Deprecated) determines how third-party cookies are handled.
1028
1029 `ExpireAtSessionEnd` determines when cookies expire.
1030
1031 `RejectTracker` (Deprecated) only rejects cookies for trackers.
1032
1033 `Locked` prevents the user from changing cookie preferences.
1034
1035 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1036 **CCK2 Equivalent:** N/A\
1037 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1038
1039 #### Windows (GPO)
1040 ```
1041 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1042 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1043 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1044 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1045 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1046 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1047 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1048 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1049 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1050 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1051 ```
1052 #### Windows (Intune)
1053 OMA-URI:
1054 ```
1055 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1056 ```
1057 Value (string):
1058 ```
1059 <enabled/>
1060 <data id="Permissions" value="1&#xF000;https://example.com"/>
1061 ```
1062 OMA-URI:
1063 ```
1064 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1065 ```
1066 Value (string):
1067 ```
1068 <enabled/>
1069 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1070 ```
1071 OMA-URI:
1072 ```
1073 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1074 ```
1075 Value (string):
1076 ```
1077 <enabled/>
1078 <data id="Permissions" value="1&#xF000;https://example.org"/>
1079 ```
1080 OMA-URI:
1081 ```
1082 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1083 ```
1084 Value (string):
1085 ```
1086 <enabled/> or <disabled/>
1087 ```
1088 OMA-URI:
1089 ```
1090 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1091 ```
1092 Value (string):
1093 ```
1094 <enabled/>
1095 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1096 ```
1097 OMA-URI:
1098 ```
1099 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1100 ```
1101 Value (string):
1102 ```
1103 <enabled/> or <disabled/>
1104 ```
1105 OMA-URI:
1106 ```
1107 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1108 ```
1109 Value (string):
1110 ```
1111 <enabled/> or <disabled/>
1112 ```
1113 OMA-URI:
1114 ```
1115 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1116 ```
1117 Value (string):
1118 ```
1119 <enabled/> or <disabled/>
1120 ```
1121 OMA-URI:
1122 ```
1123 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1124 ```
1125 Value (string):
1126 ```
1127 <enabled/>
1128 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1129 ```
1130 OMA-URI:
1131 ```
1132 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1133 ```
1134 Value (string):
1135 ```
1136 <enabled/>
1137 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1138 ```
1139 #### macOS
1140 ```
1141 <dict>
1142 <key>Cookies</key>
1143 <dict>
1144 <key>Allow</key>
1145 <array>
1146 <string>http://example.com</string>
1147 </array>
1148 <key>AllowSession</key>
1149 <array>
1150 <string>http://example.edu</string>
1151 </array>
1152 <key>Block</key>
1153 <array>
1154 <string>http://example.org</string>
1155 </array>
1156 <key>Default</key>
1157 <true/> | <false/>
1158 <key>AcceptThirdParty</key>
1159 <string>always | never | from-visited</string>
1160 <key>ExpireAtSessionEnd</key>
1161 <true/> | <false/>
1162 <key>RejectTracker</key>
1163 <true/> | <false/>
1164 <key>Locked</key>
1165 <true/> | <false/>
1166 <key>Behavior</key>
1167 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1168 <key>BehaviorPrivateBrowsing</key>
1169 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1170 </dict>
1171 </dict>
1172 ```
1173 #### policies.json
1174 ```
1175 {
1176 "policies": {
1177 "Cookies": {
1178 "Allow": ["http://example.org/"],
1179 "AllowSession": ["http://example.edu/"],
1180 "Block": ["http://example.edu/"],
1181 "Default": true | false,
1182 "AcceptThirdParty": "always" | "never" | "from-visited",
1183 "ExpireAtSessionEnd": true | false,
1184 "RejectTracker": true | false,
1185 "Locked": true | false,
1186 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1187 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1188 }
1189 }
1190 }
1191 ```
1192 ### DefaultDownloadDirectory
1193 Set the default download directory.
1194
1195 You can use ${home} for the native home directory.
1196
1197 **Compatibility:** Firefox 68, Firefox ESR 68\
1198 **CCK2 Equivalent:** N/A\
1199 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1200
1201 #### Windows (GPO)
1202 ```
1203 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1204 ```
1205 #### Windows (Intune)
1206 OMA-URI:
1207 ```
1208 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1209 ```
1210 Value (string):
1211 ```
1212 <enabled/>
1213 <data id="Preferences_String" value="${home}\Downloads"/>
1214 ```
1215 #### macOS
1216 ```
1217 <dict>
1218 <key>DefaultDownloadDirectory</key>
1219 <string>${home}/Downloads</string>
1220 </dict>
1221 ```
1222 #### policies.json (macOS and Linux)
1223 ```
1224 {
1225 "policies": {
1226 "DefaultDownloadDirectory": "${home}/Downloads"
1227 }
1228 }
1229 ```
1230 #### policies.json (Windows)
1231 ```
1232 {
1233 "policies": {
1234 "DefaultDownloadDirectory": "${home}\\Downloads"
1235 }
1236 }
1237 ```
1238 ### DisableAppUpdate
1239 Turn off application updates within Firefox.
1240
1241 **Compatibility:** Firefox 60, Firefox ESR 60\
1242 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1243 **Preferences Affected:** N/A
1244
1245 #### Windows (GPO)
1246 ```
1247 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1248 ```
1249 #### Windows (Intune)
1250 OMA-URI:
1251 ```
1252 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1253 ```
1254 Value (string):
1255 ```
1256 <enabled/> or <disabled/>
1257 ```
1258 #### macOS
1259 ```
1260 <dict>
1261 <key>DisableAppUpdate</key>
1262 <true/> | <false/>
1263 </dict>
1264 ```
1265 #### policies.json
1266 ```
1267 {
1268 "policies": {
1269 "DisableAppUpdate": true | false
1270 }
1271 }
1272 ```
1273 ### DisableBuiltinPDFViewer
1274 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1275
1276 **Compatibility:** Firefox 60, Firefox ESR 60\
1277 **CCK2 Equivalent:** `disablePDFjs`\
1278 **Preferences Affected:** `pdfjs.disabled`
1279
1280 #### Windows (GPO)
1281 ```
1282 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1283 ```
1284 #### Windows (Intune)
1285 OMA-URI:
1286 ```
1287 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1288 ```
1289 Value (string):
1290 ```
1291 <enabled/> or <disabled/>
1292 ```
1293 #### macOS
1294 ```
1295 <dict>
1296 <key>DisableBuiltinPDFViewer</key>
1297 <true/> | <false/>
1298 </dict>
1299 ```
1300 #### policies.json
1301 ```
1302 {
1303 "policies": {
1304 "DisableBuiltinPDFViewer": true | false
1305 }
1306 }
1307 ```
1308 ### DisabledCiphers
1309 Disable specific cryptographic ciphers, listed below.
1310
1311 ```
1312 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1313 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1314 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1315 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1316 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1317 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1318 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1319 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1320 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1321 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1322 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1323 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1324 TLS_RSA_WITH_AES_128_GCM_SHA256
1325 TLS_RSA_WITH_AES_256_GCM_SHA384
1326 TLS_RSA_WITH_AES_128_CBC_SHA
1327 TLS_RSA_WITH_AES_256_CBC_SHA
1328 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1329 ```
1330
1331 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1332
1333 ---
1334 **Note:**
1335
1336 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1337
1338 ---
1339 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1340 **CCK2 Equivalent:** N/A\
1341 **Preferences Affected:** N/A
1342
1343 #### Windows (GPO)
1344 ```
1345 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1346 ```
1347 #### Windows (Intune)
1348 OMA-URI:
1349 ```
1350 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1351
1352 ```
1353 Value (string):
1354 ```
1355 <enabled/> or <disabled/>
1356 ```
1357 #### macOS
1358 ```
1359 <dict>
1360 <key>DisabledCiphers</key>
1361 <dict>
1362 <key>CIPHER_NAME</key>
1363 <true/> | <false/>
1364 </dict>
1365 </dict>
1366 ```
1367 #### policies.json
1368 ```
1369 {
1370 "policies": {
1371 "DisabledCiphers": {
1372 "CIPHER_NAME": true | false,
1373 }
1374 }
1375 }
1376 ```
1377 ### DisableDefaultBrowserAgent
1378 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1379
1380 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1381
1382 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1383 **CCK2 Equivalent:** N/A\
1384 **Preferences Affected:** N/A
1385
1386 #### Windows (GPO)
1387 ```
1388 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1389 ```
1390 #### Windows (Intune)
1391 OMA-URI:
1392 ```
1393 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1394 ```
1395 Value (string):
1396 ```
1397 <enabled/> or <disabled/>
1398 ```
1399 #### policies.json
1400 ```
1401 {
1402 "policies": {
1403 "DisableDefaultBrowserAgent": true | false
1404 }
1405 }
1406 ```
1407 ### DisableDeveloperTools
1408 Remove access to all developer tools.
1409
1410 **Compatibility:** Firefox 60, Firefox ESR 60\
1411 **CCK2 Equivalent:** `removeDeveloperTools`\
1412 **Preferences Affected:** `devtools.policy.disabled`
1413
1414 #### Windows (GPO)
1415 ```
1416 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1417 ```
1418 #### Windows (Intune)
1419 OMA-URI:
1420 ```
1421 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1422 ```
1423 Value (string):
1424 ```
1425 <enabled/> or <disabled/>
1426 ```
1427 #### macOS
1428 ```
1429 <dict>
1430 <key>DisableDeveloperTools</key>
1431 <true/> | <false/>
1432 </dict>
1433 ```
1434 #### policies.json
1435 ```
1436 {
1437 "policies": {
1438 "DisableDeveloperTools": true | false
1439 }
1440 }
1441 ```
1442 ### DisableFeedbackCommands
1443 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1444
1445 **Compatibility:** Firefox 60, Firefox ESR 60\
1446 **CCK2 Equivalent:** N/A\
1447 **Preferences Affected:** N/A
1448
1449 #### Windows (GPO)
1450 ```
1451 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1452 ```
1453 #### Windows (Intune)
1454 OMA-URI:
1455 ```
1456 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1457 ```
1458 Value (string):
1459 ```
1460 <enabled/> or <disabled/>
1461 ```
1462 #### macOS
1463 ```
1464 <dict>
1465 <key>DisableFeedbackCommands</key>
1466 <true/> | <false/>
1467 </dict>
1468 ```
1469 #### policies.json
1470 ```
1471 {
1472 "policies": {
1473 "DisableFeedbackCommands": true | false
1474 }
1475 }
1476 ```
1477 ### DisableFirefoxAccounts
1478 Disable Firefox Accounts integration (Sync).
1479
1480 **Compatibility:** Firefox 60, Firefox ESR 60\
1481 **CCK2 Equivalent:** `disableSync`\
1482 **Preferences Affected:** `identity.fxaccounts.enabled`
1483
1484 #### Windows (GPO)
1485 ```
1486 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1487 ```
1488 #### Windows (Intune)
1489 OMA-URI:
1490 ```
1491 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1492 ```
1493 Value (string):
1494 ```
1495 <enabled/> or <disabled/>
1496 ```
1497 #### macOS
1498 ```
1499 <dict>
1500 <key>DisableFirefoxAccounts</key>
1501 <true/> | <false/>
1502 </dict>
1503 ```
1504 #### policies.json
1505 ```
1506 {
1507 "policies": {
1508 "DisableFirefoxAccounts": true | false
1509 }
1510 }
1511 ```
1512 ### DisableFirefoxScreenshots
1513 Remove access to Firefox Screenshots.
1514
1515 **Compatibility:** Firefox 60, Firefox ESR 60\
1516 **CCK2 Equivalent:** N/A\
1517 **Preferences Affected:** `extensions.screenshots.disabled`
1518
1519 #### Windows (GPO)
1520 ```
1521 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1522 ```
1523 #### Windows (Intune)
1524 OMA-URI:
1525 ```
1526 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1527 ```
1528 Value (string):
1529 ```
1530 <enabled/> or <disabled/>
1531 ```
1532 #### macOS
1533 ```
1534 <dict>
1535 <key>DisableFirefoxScreenshots</key>
1536 <true/> | <false/>
1537 </dict>
1538 ```
1539 #### policies.json
1540 ```
1541 {
1542 "policies": {
1543 "DisableFirefoxScreenshots": true | false
1544 }
1545 }
1546 ```
1547 ### DisableFirefoxStudies
1548 Disable Firefox studies (Shield).
1549
1550 **Compatibility:** Firefox 60, Firefox ESR 60\
1551 **CCK2 Equivalent:** N/A\
1552 **Preferences Affected:** N/A
1553
1554 #### Windows (GPO)
1555 ```
1556 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1557 ```
1558 #### Windows (Intune)
1559 OMA-URI:
1560 ```
1561 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1562 ```
1563 Value (string):
1564 ```
1565 <enabled/> or <disabled/>
1566 ```
1567 #### macOS
1568 ```
1569 <dict>
1570 <key>DisableFirefoxStudies</key>
1571 <true/> | <false/>
1572 </dict>
1573 ```
1574 #### policies.json
1575 ```
1576 {
1577 "policies": {
1578 "DisableFirefoxStudies": true | false
1579 }
1580 }
1581 ```
1582 ### DisableForgetButton
1583 Disable the "Forget" button.
1584
1585 **Compatibility:** Firefox 60, Firefox ESR 60\
1586 **CCK2 Equivalent:** `disableForget`\
1587 **Preferences Affected:** N/A
1588
1589 #### Windows (GPO)
1590 ```
1591 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1592 ```
1593 #### Windows (Intune)
1594 OMA-URI:
1595 ```
1596 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1597 ```
1598 Value (string):
1599 ```
1600 <enabled/> or <disabled/>
1601 ```
1602 #### macOS
1603 ```
1604 <dict>
1605 <key>DisableForgetButton</key>
1606 <true/> | <false/>
1607 </dict>
1608 ```
1609 #### policies.json
1610 ```
1611 {
1612 "policies": {
1613 "DisableForgetButton": true | false
1614 }
1615 }
1616 ```
1617 ### DisableFormHistory
1618 Turn off saving information on web forms and the search bar.
1619
1620 **Compatibility:** Firefox 60, Firefox ESR 60\
1621 **CCK2 Equivalent:** `disableFormFill`\
1622 **Preferences Affected:** `browser.formfill.enable`
1623
1624 #### Windows (GPO)
1625 ```
1626 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1627 ```
1628 #### Windows (Intune)
1629 OMA-URI:
1630 ```
1631 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1632 ```
1633 Value (string):
1634 ```
1635 <enabled/> or <disabled/>
1636 ```
1637 #### macOS
1638 ```
1639 <dict>
1640 <key>DisableFormHistory</key>
1641 <true/> | <false/>
1642 </dict>
1643 ```
1644 #### policies.json
1645 ```
1646 {
1647 "policies": {
1648 "DisableFormHistory": true | false
1649 }
1650 }
1651 ```
1652 ### DisableMasterPasswordCreation
1653 Remove the master password functionality.
1654
1655 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1656
1657 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1658
1659 **Compatibility:** Firefox 60, Firefox ESR 60\
1660 **CCK2 Equivalent:** `noMasterPassword`\
1661 **Preferences Affected:** N/A
1662
1663 #### Windows (GPO)
1664 ```
1665 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1666 ```
1667 #### Windows (Intune)
1668 OMA-URI:
1669 ```
1670 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1671 ```
1672 Value (string):
1673 ```
1674 <enabled/> or <disabled/>
1675 ```
1676 #### macOS
1677 ```
1678 <dict>
1679 <key>DisableMasterPasswordCreation</key>
1680 <true/> | <false/>
1681 </dict>
1682 ```
1683 #### policies.json
1684 ```
1685 {
1686 "policies": {
1687 "DisableMasterPasswordCreation": true | false
1688 }
1689 }
1690 ```
1691 ### DisablePasswordReveal
1692 Do not allow passwords to be shown in saved logins
1693
1694 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1695 **CCK2 Equivalent:** N/A
1696 **Preferences Affected:** N/A
1697
1698 #### Windows (GPO)
1699 ```
1700 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1701 ```
1702 #### Windows (Intune)
1703 OMA-URI:
1704 ```
1705 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1706 ```
1707 Value (string):
1708 ```
1709 <enabled/> or <disabled/>
1710 ```
1711 #### macOS
1712 ```
1713 <dict>
1714 <key>DisablePasswordReveal</key>
1715 <true/> | <false/>
1716 </dict>
1717 ```
1718 #### policies.json
1719 ```
1720 {
1721 "policies": {
1722 "DisablePasswordReveal": true | false
1723 }
1724 }
1725 ```
1726 ### DisablePocket
1727 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1728
1729 **Compatibility:** Firefox 60, Firefox ESR 60\
1730 **CCK2 Equivalent:** `disablePocket`\
1731 **Preferences Affected:** `extensions.pocket.enabled`
1732
1733 #### Windows (GPO)
1734 ```
1735 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1736 ```
1737 #### Windows (Intune)
1738 OMA-URI:
1739 ```
1740 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1741 ```
1742 Value (string):
1743 ```
1744 <enabled/> or <disabled/>
1745 ```
1746 #### macOS
1747 ```
1748 <dict>
1749 <key>DisablePocket</key>
1750 <true/> | <false/>
1751 </dict>
1752 ```
1753 #### policies.json
1754 ```
1755 {
1756 "policies": {
1757 "DisablePocket": true | false
1758 }
1759 }
1760 ```
1761 ### DisablePrivateBrowsing
1762 Remove access to private browsing.
1763
1764 **Compatibility:** Firefox 60, Firefox ESR 60\
1765 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1766 **Preferences Affected:** N/A
1767
1768 #### Windows (GPO)
1769 ```
1770 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1771 ```
1772 #### Windows (Intune)
1773 OMA-URI:
1774 ```
1775 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1776 ```
1777 Value (string):
1778 ```
1779 <enabled/> or <disabled/>
1780 ```
1781 #### macOS
1782 ```
1783 <dict>
1784 <key>DisablePrivateBrowsing</key>
1785 <true/> | <false/>
1786 </dict>
1787 ```
1788 #### policies.json
1789 ```
1790 {
1791 "policies": {
1792 "DisablePrivateBrowsing": true | false
1793 }
1794 }
1795 ```
1796 ### DisableProfileImport
1797 Disables the "Import data from another browser" option in the bookmarks window.
1798
1799 **Compatibility:** Firefox 60, Firefox ESR 60\
1800 **CCK2 Equivalent:** N/A\
1801 **Preferences Affected:** N/A
1802
1803 #### Windows (GPO)
1804 ```
1805 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1806 ```
1807 #### Windows (Intune)
1808 OMA-URI:
1809 ```
1810 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1811 ```
1812 Value (string):
1813 ```
1814 <enabled/> or <disabled/>
1815 ```
1816 #### macOS
1817 ```
1818 <dict>
1819 <key>DisableProfileImport</key>
1820 <true/> | <false/>
1821 </dict>
1822 ```
1823 #### policies.json
1824 ```
1825 {
1826 "policies": {
1827 "DisableProfileImport": true | false
1828 }
1829 }
1830 ```
1831 ### DisableProfileRefresh
1832 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1833
1834 **Compatibility:** Firefox 60, Firefox ESR 60\
1835 **CCK2 Equivalent:** `disableResetFirefox`\
1836 **Preferences Affected:** `browser.disableResetPrompt`
1837
1838 #### Windows (GPO)
1839 ```
1840 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1841 ```
1842 #### Windows (Intune)
1843 OMA-URI:
1844 ```
1845 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1846 ```
1847 Value (string):
1848 ```
1849 <enabled/> or <disabled/>
1850 ```
1851 #### macOS
1852 ```
1853 <dict>
1854 <key>DisableProfileRefresh</key>
1855 <true/> | <false/>
1856 </dict>
1857 ```
1858 #### policies.json
1859 ```
1860 {
1861 "policies": {
1862 "DisableProfileRefresh": true | false
1863 }
1864 }
1865 ```
1866 ### DisableSafeMode
1867 Disable safe mode within the browser.
1868
1869 On Windows, this disables safe mode via the command line as well.
1870
1871 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1872 **CCK2 Equivalent:** `disableSafeMode`\
1873 **Preferences Affected:** N/A
1874
1875 #### Windows (GPO)
1876 ```
1877 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1878 ```
1879 #### Windows (Intune)
1880 OMA-URI:
1881 ```
1882 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1883 ```
1884 Value (string):
1885 ```
1886 <enabled/> or <disabled/>
1887 ```
1888 #### macOS
1889 ```
1890 <dict>
1891 <key>DisableSafeMode</key>
1892 <true/> | <false/>
1893 </dict>
1894 ```
1895 #### policies.json
1896 ```
1897 {
1898 "policies": {
1899 "DisableSafeMode": true | false
1900 }
1901 }
1902 ```
1903 ### DisableSecurityBypass
1904 Prevent the user from bypassing security in certain cases.
1905
1906 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1907
1908 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1909
1910 **Compatibility:** Firefox 60, Firefox ESR 60\
1911 **CCK2 Equivalent:** N/A\
1912 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
1913
1914 #### Windows (GPO)
1915 ```
1916 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
1917 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
1918 ```
1919 #### Windows (Intune)
1920 OMA-URI:
1921 ```
1922 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
1923 ```
1924 Value (string):
1925 ```
1926 <enabled/> or <disabled/>
1927 ```
1928 OMA-URI:
1929 ```
1930 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
1931 ```
1932 Value (string):
1933 ```
1934 <enabled/> or <disabled/>
1935 ```
1936
1937 #### macOS
1938 ```
1939 <dict>
1940 <key>DisableSecurityBypass</key>
1941 <dict>
1942 <key>InvalidCertificate</key>
1943 <true/> | <false/>
1944 <key>SafeBrowsing</key>
1945 <true/> | <false/>
1946 </dict>
1947 </dict>
1948 ```
1949 #### policies.json
1950 ```
1951 {
1952 "policies": {
1953 "DisableSecurityBypass": {
1954 "InvalidCertificate": true | false,
1955 "SafeBrowsing": true | false
1956 }
1957 }
1958 }
1959 ```
1960 ### DisableSetDesktopBackground
1961 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
1962
1963 **Compatibility:** Firefox 60, Firefox ESR 60\
1964 **CCK2 Equivalent:** `removeSetDesktopBackground`\
1965 **Preferences Affected:** N/A
1966
1967 #### Windows (GPO)
1968 ```
1969 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
1970 ```
1971 #### Windows (Intune)
1972 OMA-URI:
1973 ```
1974 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
1975 ```
1976 Value (string):
1977 ```
1978 <enabled/> or <disabled/>
1979 ```
1980 #### macOS
1981 ```
1982 <dict>
1983 <key>DisableSetDesktopBackground</key>
1984 <true/> | <false/>
1985 </dict>
1986 ```
1987 #### policies.json
1988 ```
1989 {
1990 "policies": {
1991 "DisableSetDesktopBackground": true | false
1992 }
1993 }
1994 ```
1995 ### DisableSystemAddonUpdate
1996 Prevent system add-ons from being installed or updated.
1997
1998 **Compatibility:** Firefox 60, Firefox ESR 60\
1999 **CCK2 Equivalent:** N/A\
2000 **Preferences Affected:** N/A
2001
2002 #### Windows (GPO)
2003 ```
2004 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2005 ```
2006 #### Windows (Intune)
2007 OMA-URI:
2008 ```
2009 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2010 ```
2011 Value (string):
2012 ```
2013 <enabled/> or <disabled/>
2014 ```
2015 #### macOS
2016 ```
2017 <dict>
2018 <key>DisableSystemAddonUpdate</key>
2019 <true/> | <false/>
2020 </dict>
2021 ```
2022 #### policies.json
2023 ```
2024 {
2025 "policies": {
2026 "DisableSystemAddonUpdate": true | false
2027 }
2028 }
2029 ```
2030 ### DisableTelemetry
2031 Prevent the upload of telemetry data.
2032
2033 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2034
2035 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2036
2037 **Compatibility:** Firefox 60, Firefox ESR 60\
2038 **CCK2 Equivalent:** `disableTelemetry`\
2039 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2040
2041 #### Windows (GPO)
2042 ```
2043 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2044 ```
2045 #### Windows (Intune)
2046 OMA-URI:
2047 ```
2048 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2049 ```
2050 Value (string):
2051 ```
2052 <enabled/> or <disabled/>
2053 ```
2054 #### macOS
2055 ```
2056 <dict>
2057 <key>DisableTelemetry</key>
2058 <true/> | <false/>
2059 </dict>
2060 ```
2061 #### policies.json
2062 ```
2063 {
2064 "policies": {
2065 "DisableTelemetry": true | false
2066 }
2067 }
2068 ```
2069 ### DisableThirdPartyModuleBlocking
2070 Do not allow blocking third-party modules from the `about:third-party` page.
2071
2072 This policy only works on Windows through GPO (not policies.json).
2073
2074 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2075 **CCK2 Equivalent:** N/A\
2076 **Preferences Affected:** N/A
2077
2078 #### Windows (GPO)
2079 ```
2080 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2081 ```
2082 #### Windows (Intune)
2083 OMA-URI:
2084 ```
2085 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2086 ```
2087 Value (string):
2088 ```
2089 <enabled/> or <disabled/>
2090 ```
2091 ### DisplayBookmarksToolbar
2092 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2093
2094 `always` means the bookmarks toolbar is always shown.
2095
2096 `never` means the bookmarks toolbar is not shown.
2097
2098 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2099
2100 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2101 **CCK2 Equivalent:** N/A\
2102 **Preferences Affected:** N/A
2103
2104 #### Windows (GPO)
2105 ```
2106 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2107 ```
2108 #### Windows (Intune)
2109 OMA-URI:
2110 ```
2111 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2112 ```
2113 Value (string):
2114 ```
2115 <enabled/>
2116 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2117 ```
2118 #### macOS
2119 ```
2120 <dict>
2121 <key>DisplayBookmarksToolbar</key>
2122 <string>always | never | newtab</string>
2123 </dict>
2124 ```
2125 #### policies.json
2126 ```
2127 {
2128 "policies": {
2129 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2130 }
2131 }
2132 ```
2133 ### DisplayBookmarksToolbar (Deprecated)
2134 Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden.
2135
2136 **Compatibility:** Firefox 60, Firefox ESR 60\
2137 **CCK2 Equivalent:** `displayBookmarksToolbar`\
2138 **Preferences Affected:** N/A
2139
2140 #### Windows (GPO)
2141 ```
2142 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
2143 ```
2144 #### Windows (Intune)
2145 OMA-URI:
2146 ```
2147 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar
2148 ```
2149 Value (string):
2150 ```
2151 <enabled/> or <disabled/>
2152 ```
2153 #### macOS
2154 ```
2155 <dict>
2156 <key>DisplayBookmarksToolbar</key>
2157 <true/> | <false/>
2158 </dict>
2159 ```
2160 #### policies.json
2161 ```
2162 {
2163 "policies": {
2164 "DisplayBookmarksToolbar": true | false
2165 }
2166 }
2167 ```
2168 ### DisplayMenuBar
2169 Set the state of the menubar.
2170
2171 `always` means the menubar is shown and cannot be hidden.
2172
2173 `never` means the menubar is hidden and cannot be shown.
2174
2175 `default-on` means the menubar is on by default but can be hidden.
2176
2177 `default-off` means the menubar is off by default but can be shown.
2178
2179 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2180 **CCK2 Equivalent:** `displayMenuBar`\
2181 **Preferences Affected:** N/A
2182
2183 #### Windows (GPO)
2184 ```
2185 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2186 ```
2187 #### Windows (Intune)
2188 OMA-URI:
2189 ```
2190 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2191 ```
2192 Value (string):
2193 ```
2194 <enabled/>
2195 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2196 ```
2197 #### macOS
2198 ```
2199 <dict>
2200 <key>DisplayMenuBar</key>
2201 <string>always | never | default-on | default-off</string>
2202 </dict>
2203 ```
2204 #### policies.json
2205 ```
2206 {
2207 "policies": {
2208 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2209 }
2210 }
2211 ```
2212 ### DisplayMenuBar (Deprecated)
2213 Set the initial state of the menubar. A user can still hide it and it will stay hidden.
2214
2215 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
2216 **CCK2 Equivalent:** `displayMenuBar`\
2217 **Preferences Affected:** N/A
2218
2219 #### Windows (GPO)
2220 ```
2221 Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
2222 ```
2223 #### macOS
2224 ```
2225 <dict>
2226 <key>DisplayMenuBar</key>
2227 <true/> | <false/>
2228 </dict>
2229 ```
2230 #### policies.json
2231 ```
2232 {
2233 "policies": {
2234 "DisplayMenuBar": true | false
2235 }
2236 }
2237 ```
2238 ### DNSOverHTTPS
2239 Configure DNS over HTTPS.
2240
2241 `Enabled` determines whether DNS over HTTPS is enabled
2242
2243 `ProviderURL` is a URL to another provider.
2244
2245 `Locked` prevents the user from changing DNS over HTTPS preferences.
2246
2247 `ExcludedDomains` excludes domains from DNS over HTTPS.
2248
2249 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
2250 **CCK2 Equivalent:** N/A\
2251 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2252
2253 #### Windows (GPO)
2254 ```
2255 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2256 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2257 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2258 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2259 ```
2260 #### Windows (Intune)
2261 OMA-URI:
2262 ```
2263 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2264 ```
2265 Value (string):
2266 ```
2267 <enabled/> or <disabled/>
2268 ```
2269 OMA-URI:
2270 ```
2271 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2272 ```
2273 Value (string):
2274 ```
2275 <enabled/>
2276 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2277 ```
2278 OMA-URI:
2279 ```
2280 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2281 ```
2282 Value (string):
2283 ```
2284 <enabled/> or <disabled/>
2285 ```
2286 OMA-URI:
2287 ```
2288 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2289 ```
2290 Value (string):
2291 ```
2292 <enabled/>
2293 <data id="List" value="1&#xF000;example.com"/>
2294 ```
2295 #### macOS
2296 ```
2297 <dict>
2298 <key>DNSOverHTTPS</key>
2299 <dict>
2300 <key>Enabled</key>
2301 <true/> | <false/>
2302 <key>ProviderURL</key>
2303 <string>URL_TO_ALTERNATE_PROVIDER</string>
2304 <key>Locked</key>
2305 <true/> | <false/>
2306 <key>ExcludedDomains</key>
2307 <array>
2308 <string>example.com</string>
2309 </array>
2310 </dict>
2311 </dict>
2312 ```
2313 #### policies.json
2314 ```
2315 {
2316 "policies": {
2317 "DNSOverHTTPS": {
2318 "Enabled": true | false,
2319 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2320 "Locked": true | false,
2321 "ExcludedDomains": ["example.com"]
2322 }
2323 }
2324 }
2325 ```
2326 ### DontCheckDefaultBrowser
2327 Don't check if Firefox is the default browser at startup.
2328
2329 **Compatibility:** Firefox 60, Firefox ESR 60\
2330 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2331 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2332
2333 #### Windows (GPO)
2334 ```
2335 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2336 ```
2337 #### Windows (Intune)
2338 OMA-URI:
2339 ```
2340 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2341 ```
2342 Value (string):
2343 ```
2344 <enabled/> or <disabled/>
2345 ```
2346 #### macOS
2347 ```
2348 <dict>
2349 <key>DontCheckDefaultBrowser</key>
2350 <true/> | <false/>
2351 </dict>
2352 ```
2353 #### policies.json
2354 ```
2355 {
2356 "policies": {
2357 "DontCheckDefaultBrowser": true | false
2358 }
2359 }
2360 ```
2361 ### DownloadDirectory
2362 Set and lock the download directory.
2363
2364 You can use ${home} for the native home directory.
2365
2366 **Compatibility:** Firefox 68, Firefox ESR 68\
2367 **CCK2 Equivalent:** N/A\
2368 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2369
2370 #### Windows (GPO)
2371 ```
2372 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2373 ```
2374 #### Windows (Intune)
2375 OMA-URI:
2376 ```
2377 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2378 ```
2379 Value (string):
2380 ```
2381 <enabled/>
2382 <data id="Preferences_String" value="${home}\Downloads"/>
2383 ```
2384 #### macOS
2385 ```
2386 <dict>
2387 <key>DownloadDirectory</key>
2388 <string>${home}/Downloads</string>
2389 </dict>
2390 ```
2391 #### policies.json (macOS and Linux)
2392 ```
2393 {
2394 "policies": {
2395 "DownloadDirectory": "${home}/Downloads"
2396 }
2397 ```
2398 #### policies.json (Windows)
2399 ```
2400 {
2401 "policies": {
2402 "DownloadDirectory": "${home}\\Downloads"
2403 }
2404 ```
2405 ### EnableTrackingProtection
2406 Configure tracking protection.
2407
2408 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2409
2410 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2411
2412 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2413
2414 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2415
2416 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2417
2418 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2419
2420 `Exceptions` are origins for which tracking protection is not enabled.
2421
2422 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2423 **CCK2 Equivalent:** N/A\
2424 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2425
2426 #### Windows (GPO)
2427 ```
2428 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2429 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2430 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2431 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2432 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2433 ```
2434 #### Windows (Intune)
2435 OMA-URI:
2436 ```
2437 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2438 ```
2439 Value (string):
2440 ```
2441 <enabled/> or <disabled/>
2442 ```
2443 OMA-URI:
2444 ```
2445 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2446 ```
2447 Value (string):
2448 ```
2449 <enabled/> or <disabled/>
2450 ```
2451 OMA-URI:
2452 ```
2453 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2454 ```
2455 Value (string):
2456 ```
2457 <enabled/> or <disabled/>
2458 ```
2459 OMA-URI:
2460 ```
2461 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2462 ```
2463 Value (string):
2464 ```
2465 <enabled/>
2466 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2467 ```
2468 OMA-URI:
2469 ```
2470 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2471 ```
2472 Value (string):
2473 ```
2474 <enabled/> or <disabled/>
2475 ```
2476 #### macOS
2477 ```
2478 <dict>
2479 <key>EnableTrackingProtection</key>
2480 <dict>
2481 <key>Value</key>
2482 <true/> | <false/>
2483 <key>Locked</key>
2484 <true/> | <false/>
2485 <key>Cryptomining</key>
2486 <true/> | <false/>
2487 <key>Fingerprinting</key>
2488 <true/> | <false/>
2489 <key>Exceptions</key>
2490 <array>
2491 <string>https://example.com</string>
2492 </array>
2493 </dict>
2494 </dict>
2495 ```
2496 #### policies.json
2497 ```
2498 {
2499 "policies": {
2500 "EnableTrackingProtection": {
2501 "Value": true | false,
2502 "Locked": true | false,
2503 "Cryptomining": true | false,
2504 "Fingerprinting": true | false,
2505 "Exceptions": ["https://example.com"]
2506 }
2507 }
2508 }
2509 ```
2510 ### EncryptedMediaExtensions
2511 Enable or disable Encrypted Media Extensions and optionally lock it.
2512
2513 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2514
2515 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2516
2517 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2518 **CCK2 Equivalent:** N/A\
2519 **Preferences Affected:** `media.eme.enabled`
2520
2521 #### Windows (GPO)
2522 ```
2523 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2524 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2525 ```
2526 #### Windows (Intune)
2527 OMA-URI:
2528 ```
2529 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2530 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2531 ```
2532 Value (string):
2533 ```
2534 <enabled/>or <disabled/>
2535 ```
2536 #### macOS
2537 ```
2538 <dict>
2539 <key>EncryptedMediaExtensions</key>
2540 <dict>
2541 <key>Enabled</key>
2542 <true/> | <false/>
2543 <key>Locked</key>
2544 <true/> | <false/>
2545 </dict>
2546 </dict>
2547 ```
2548 #### policies.json
2549 ```
2550 {
2551 "policies": {
2552 "EncryptedMediaExtensions": {
2553 "Enabled": true | false,
2554 "Locked": true | false
2555 }
2556 }
2557 }
2558 ```
2559 ### EnterprisePoliciesEnabled
2560 Enable policy support on macOS.
2561
2562 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2563 **CCK2 Equivalent:** N/A\
2564 **Preferences Affected:** N/A
2565
2566 #### macOS
2567 ```
2568 <dict>
2569 <key>EnterprisePoliciesEnabled</key>
2570 <true/>
2571 </dict>
2572 ```
2573 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2574
2575 Disable warnings based on file extension for specific file types on domains.
2576
2577 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2578
2579 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2580
2581 **Compatibility:** Firefox 102\
2582 **CCK2 Equivalent:** N/A\
2583 **Preferences Affected:** N/A
2584
2585 #### Windows (GPO)
2586 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2587 ```
2588 [
2589 {
2590 "file_extension": "jnlp",
2591 "domains": ["example.com"]
2592 }
2593 ]
2594 ```
2595 #### Windows (Intune)
2596 OMA-URI:
2597 ```
2598 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2599 ```
2600 Value (string):
2601 ```
2602 <enabled/>
2603 <data id="JSON" value='
2604 [
2605 {
2606 "file_extension": "jnlp",
2607 "domains": ["example.com"]
2608 }
2609 ]
2610 '/>
2611 ```
2612 #### macOS
2613 ```
2614 <dict>
2615 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2616 <array>
2617 <dict>
2618 <key>file_extension</key>
2619 <string>jnlp</string>
2620 <key>domains</key>
2621 <array>
2622 <string>example.com</string>
2623 </array>
2624 </dict>
2625 </array>
2626 </dict>
2627 ```
2628 #### policies.json
2629 ```
2630 {
2631 "policies": {
2632 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2633 "file_extension": "jnlp",
2634 "domains": ["example.com"]
2635 }]
2636 }
2637 }
2638 ```
2639 ### Extensions
2640 Control the installation, uninstallation and locking of extensions.
2641
2642 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2643
2644 `Install` is a list of URLs or native paths for extensions to be installed.
2645
2646 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2647
2648 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2649
2650 **Compatibility:** Firefox 60, Firefox ESR 60\
2651 **CCK2 Equivalent:** `addons`\
2652 **Preferences Affected:** N/A
2653
2654 #### Windows (GPO)
2655 ```
2656 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2657 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2658 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2659 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2660 ```
2661 #### Windows (Intune)
2662 OMA-URI:
2663 ```
2664 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2665 ```
2666 Value (string):
2667 ```
2668 <enabled/>
2669 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2670 ```
2671 OMA-URI:
2672 ```
2673 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2674 ```
2675 Value (string):
2676 ```
2677 <enabled/>
2678 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2679 ```
2680 OMA-URI:
2681 ```
2682 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2683 ```
2684 Value (string):
2685 ```
2686 <enabled/>
2687 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2688 ```
2689 #### macOS
2690 ```
2691 <dict>
2692 <key>Extensions</key>
2693 <dict>
2694 <key>Install</key>
2695 <array>
2696 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2697 <string>//path/to/xpi</string>
2698 </array>
2699 <key>Uninstall</key>
2700 <array>
2701 <string>bad_addon_id@mozilla.org</string>
2702 </array>
2703 <key>Locked</key>
2704 <array>
2705 <string>addon_id@mozilla.org</string>
2706 </array>
2707 </dict>
2708 </dict>
2709 ```
2710 #### policies.json
2711 ```
2712 {
2713 "policies": {
2714 "Extensions": {
2715 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2716 "Uninstall": ["bad_addon_id@mozilla.org"],
2717 "Locked": ["addon_id@mozilla.org"]
2718 }
2719 }
2720 }
2721 ```
2722 ### ExtensionSettings
2723 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2724
2725 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2726
2727 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2728
2729 The configuration for each extension is another dictionary that can contain the fields documented below.
2730
2731 | Name | Description |
2732 | --- | --- |
2733 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2734 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2735 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2736 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2737 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2738 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2739 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2740 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2741 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2742 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2743 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2744
2745 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2746 **CCK2 Equivalent:** N/A\
2747 **Preferences Affected:** N/A
2748
2749 #### Windows (GPO)
2750 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2751 ```
2752 {
2753 "*": {
2754 "blocked_install_message": "Custom error message.",
2755 "install_sources": ["https://yourwebsite.com/*"],
2756 "installation_mode": "blocked",
2757 "allowed_types": ["extension"]
2758 },
2759 "uBlock0@raymondhill.net": {
2760 "installation_mode": "force_installed",
2761 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2762 },
2763 "https-everywhere@eff.org": {
2764 "installation_mode": "allowed"
2765 }
2766 }
2767 ```
2768 #### Windows (Intune)
2769 OMA-URI:
2770 ```
2771 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2772 ```
2773 Value (string):
2774 ```
2775 <enabled/>
2776 <data id="ExtensionSettings" value='
2777 {
2778 "*": {
2779 "blocked_install_message": "Custom error message.",
2780 "install_sources": ["https://yourwebsite.com/*"],
2781 "installation_mode": "blocked",
2782 "allowed_types": ["extension"]
2783 },
2784 "uBlock0@raymondhill.net": {
2785 "installation_mode": "force_installed",
2786 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2787 },
2788 "https-everywhere@eff.org": {
2789 "installation_mode": "allowed"
2790 }
2791 }'/>
2792 ```
2793 #### macOS
2794 ```
2795 <dict>
2796 <key>ExtensionSettings</key>
2797 <dict>
2798 <key>*</key>
2799 <dict>
2800 <key>blocked_install_message</key>
2801 <string>Custom error message.</string>
2802 <key>install_sources</key>
2803 <array>
2804 <string>"https://yourwebsite.com/*"</string>
2805 </array>
2806 <key>installation_mode</key>
2807 <string>blocked</string>
2808 <key>allowed_types</key>
2809 <array>
2810 <string>extension</string>
2811 </array>
2812 </dict>
2813 <key>uBlock0@raymondhill.net</key>
2814 <dict>
2815 <key>installation_mode</key>
2816 <string>force_installed</string>
2817 <key>install_url</key>
2818 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2819 </dict>
2820 <key>https-everywhere@eff.org</key>
2821 <dict>
2822 <key>installation_mode</key>
2823 <string>allowed</string>
2824 </dict>
2825 </dict>
2826 </dict>
2827 ```
2828 #### policies.json
2829 ```
2830 {
2831 "policies": {
2832 "ExtensionSettings": {
2833 "*": {
2834 "blocked_install_message": "Custom error message.",
2835 "install_sources": ["https://yourwebsite.com/*"],
2836 "installation_mode": "blocked",
2837 "allowed_types": ["extension"]
2838 },
2839 "uBlock0@raymondhill.net": {
2840 "installation_mode": "force_installed",
2841 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2842 },
2843 "https-everywhere@eff.org": {
2844 "installation_mode": "allowed"
2845 }
2846 }
2847 }
2848 }
2849 ```
2850 ### ExtensionUpdate
2851 Control extension updates.
2852
2853 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2854 **CCK2 Equivalent:** N/A\
2855 **Preferences Affected:** `extensions.update.enabled`
2856
2857 #### Windows (GPO)
2858 ```
2859 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2860 ```
2861 #### Windows (Intune)
2862 OMA-URI:
2863 ```
2864 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2865 ```
2866 Value (string):
2867 ```
2868 <enabled/> or <disabled/>
2869 ```
2870 #### macOS
2871 ```
2872 <dict>
2873 <key>ExtensionUpdate</key>
2874 <true/> | <false/>
2875 </dict>
2876 ```
2877 #### policies.json
2878 ```
2879 {
2880 "policies": {
2881 "ExtensionUpdate": true | false
2882 }
2883 }
2884 ```
2885 ### FirefoxHome
2886 Customize the Firefox Home page.
2887
2888 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
2889 **CCK2 Equivalent:** N/A\
2890 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
2891
2892 #### Windows (GPO)
2893 ```
2894 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2895 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2896 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
2897 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2898 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2899 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
2900 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2901 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2902 ```
2903 #### Windows (Intune)
2904 OMA-URI:
2905 ```
2906 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2907 ```
2908 Value (string):
2909 ```
2910 <enabled/>
2911 <data id="FirefoxHome_Search" value="true | false"/>
2912 <data id="FirefoxHome_TopSites" value="true | false"/>
2913 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
2914 <data id="FirefoxHome_Highlights" value="true | false"/>
2915 <data id="FirefoxHome_Pocket" value="true | false"/>
2916 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
2917 <data id="FirefoxHome_Snippets" value="true | false"/>
2918 <data id="FirefoxHome_Locked" value="true | false"/>
2919 ```
2920 #### macOS
2921 ```
2922 <dict>
2923 <key>FirefoxHome</key>
2924 <dict>
2925 <key>Search</key>
2926 <true/> | <false/>
2927 <key>TopSites</key>
2928 <true/> | <false/>
2929 <key>SponsoredTopSites</key>
2930 <true/> | <false/>
2931 <key>Highlights</key>
2932 <true/> | <false/>
2933 <key>Pocket</key>
2934 <true/> | <false/>
2935 <key>SponsoredPocket</key>
2936 <true/> | <false/>
2937 <key>Snippets</key>
2938 <true/> | <false/>
2939 <key>Locked</key>
2940 <true/> | <false/>
2941 </dict>
2942 </dict>
2943 ```
2944 #### policies.json
2945 ```
2946 {
2947 "policies": {
2948 "FirefoxHome": {
2949 "Search": true | false,
2950 "TopSites": true | false,
2951 "SponsoredTopSites": true | false,
2952 "Highlights": true | false,
2953 "Pocket": true | false,
2954 "SponsoredPocket": true | false,
2955 "Snippets": true | false,
2956 "Locked": true | false
2957 }
2958 }
2959 }
2960 ```
2961 ### FlashPlugin (Deprecated)
2962 Configure the default Flash plugin policy as well as origins for which Flash is allowed.
2963
2964 `Allow` is a list of origins where Flash are allowed.
2965
2966 `Block` is a list of origins where Flash is not allowed.
2967
2968 `Default` determines whether or not Flash is allowed by default.
2969
2970 `Locked` prevents the user from changing Flash preferences.
2971
2972 **Compatibility:** Firefox 60, Firefox ESR 60\
2973 **CCK2 Equivalent:** `permissions.plugin`\
2974 **Preferences Affected:** `plugin.state.flash`
2975
2976 #### Windows (GPO)
2977 ```
2978 Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org"
2979 Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu"
2980 Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
2981 Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
2982 ```
2983 #### Windows (Intune)
2984 OMA-URI:
2985 ```
2986 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow
2987 ```
2988 Value (string):
2989 ```
2990 <enabled/>
2991 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
2992 ```
2993 OMA-URI:
2994 ```
2995 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked
2996 ```
2997 Value (string):
2998 ```
2999 <enabled/> or <disabled/>
3000 ```
3001 OMA-URI:
3002 ```
3003 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default
3004 ```
3005 Value (string):
3006 ```
3007 <enabled/> or <disabled/>
3008 ```
3009 #### macOS
3010 ```
3011 <dict>
3012 <key>FlashPlugin</key>
3013 <dict>
3014 <key>Allow</key>
3015 <array>
3016 <string>http://example.org</string>
3017 </array>
3018 <key>Block</key>
3019 <array>
3020 <string>http://example.edu</string>
3021 </array>
3022 <key>Default</key>
3023 <true/> | <false/>
3024 <key>Locked</key>
3025 <true/> | <false/>
3026 </dict>
3027 </dict>
3028 ```
3029 #### policies.json
3030 ```
3031 {
3032 "policies": {
3033 "FlashPlugin": {
3034 "Allow": ["http://example.org/"],
3035 "Block": ["http://example.edu/"],
3036 "Default": true | false,
3037 "Locked": true | false
3038 }
3039 }
3040 }
3041 ```
3042 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3043 Whether to always go through the DNS server before sending a single word search string to a search engine.
3044
3045 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3046
3047 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3048
3049 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3050
3051 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3052
3053 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3054
3055 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3056 **CCK2 Equivalent:** `N/A`\
3057 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3058
3059 #### Windows (GPO)
3060 ```
3061 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3062 ```
3063 #### Windows (Intune)
3064 OMA-URI:
3065 ```
3066 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3067 ```
3068 Value (string):
3069 ```
3070 <enabled/> or <disabled/>
3071 ```
3072 #### macOS
3073 ```
3074 <dict>
3075 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3076 <true/> | <false/>
3077 </dict>
3078 ```
3079 #### policies.json
3080 ```
3081 {
3082 "policies": {
3083 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3084 }
3085 }
3086 ```
3087 ### Handlers
3088 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3089
3090 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3091
3092 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3093
3094 | Name | Description |
3095 | --- | --- |
3096 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3097 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3098 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3099 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3100 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3101 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3102
3103 **Compatibility:** Firefox 78, Firefox ESR 78\
3104 **CCK2 Equivalent:** N/A\
3105 **Preferences Affected:** N/A
3106
3107 #### Windows (GPO)
3108 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3109 ```
3110 {
3111 "mimeTypes": {
3112 "application/msword": {
3113 "action": "useSystemDefault",
3114 "ask": true | false
3115 }
3116 },
3117 "schemes": {
3118 "mailto": {
3119 "action": "useHelperApp",
3120 "ask": true | false,
3121 "handlers": [{
3122 "name": "Gmail",
3123 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3124 }]
3125 }
3126 },
3127 "extensions": {
3128 "pdf": {
3129 "action": "useHelperApp",
3130 "ask": true | false,
3131 "handlers": [{
3132 "name": "Adobe Acrobat",
3133 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3134 }]
3135 }
3136 }
3137 }
3138 ```
3139 #### Windows (Intune)
3140 OMA-URI:
3141 ```
3142 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3143 ```
3144 Value (string):
3145 ```
3146 <enabled/>
3147 <data id="Handlers" value='
3148 {
3149 "mimeTypes": {
3150 "application/msword": {
3151 "action": "useSystemDefault",
3152 "ask": true | false
3153 }
3154 },
3155 "schemes": {
3156 "mailto": {
3157 "action": "useHelperApp",
3158 "ask": true | false,
3159 "handlers": [{
3160 "name": "Gmail",
3161 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3162 }]
3163 }
3164 },
3165 "extensions": {
3166 "pdf": {
3167 "action": "useHelperApp",
3168 "ask": true | false,
3169 "handlers": [{
3170 "name": "Adobe Acrobat",
3171 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3172 }]
3173 }
3174 }
3175 }
3176 '/>
3177 ```
3178 #### macOS
3179 ```
3180 <dict>
3181 <key>Handlers</key>
3182 <dict>
3183 <key>mimeTypes</key>
3184 <dict>
3185 <key>application/msword</key>
3186 <dict>
3187 <key>action</key>
3188 <string>useSystemDefault</string>
3189 <key>ask</key>
3190 <true/> | <false/>
3191 </dict>
3192 </dict>
3193 <key>schemes</key>
3194 <dict>
3195 <key>mailto</key>
3196 <dict>
3197 <key>action</key>
3198 <string>useHelperApp</string>
3199 <key>ask</key>
3200 <true/> | <false/>
3201 <key>handlers</key>
3202 <array>
3203 <dict>
3204 <key>name</key>
3205 <string>Gmail</string>
3206 <key>uriTemplate</key>
3207 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3208 </dict>
3209 </array>
3210 </dict>
3211 </dict>
3212 <key>extensions</key>
3213 <dict>
3214 <key>pdf</key>
3215 <dict>
3216 <key>action</key>
3217 <string>useHelperApp</string>
3218 <key>ask</key>
3219 <true/> | <false/>
3220 <key>handlers</key>
3221 <array>
3222 <dict>
3223 <key>name</key>
3224 <string>Adobe Acrobat</string>
3225 <key>path</key>
3226 <string>/System/Applications/Preview.app</string>
3227 </dict>
3228 </array>
3229 </dict>
3230 </dict>
3231 </dict>
3232 </dict>
3233 ```
3234 #### policies.json
3235 ```
3236 {
3237 "policies": {
3238 "Handlers": {
3239 "mimeTypes": {
3240 "application/msword": {
3241 "action": "useSystemDefault",
3242 "ask": false
3243 }
3244 },
3245 "schemes": {
3246 "mailto": {
3247 "action": "useHelperApp",
3248 "ask": true | false,
3249 "handlers": [{
3250 "name": "Gmail",
3251 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3252 }]
3253 }
3254 },
3255 "extensions": {
3256 "pdf": {
3257 "action": "useHelperApp",
3258 "ask": true | false,
3259 "handlers": [{
3260 "name": "Adobe Acrobat",
3261 "path": "/usr/bin/acroread"
3262 }]
3263 }
3264 }
3265 }
3266 }
3267 }
3268 ```
3269 ### HardwareAcceleration
3270 Control hardware acceleration.
3271
3272 **Compatibility:** Firefox 60, Firefox ESR 60\
3273 **CCK2 Equivalent:** N/A\
3274 **Preferences Affected:** `layers.acceleration.disabled`
3275
3276 #### Windows (GPO)
3277 ```
3278 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3279 ```
3280 #### Windows (Intune)
3281 OMA-URI:
3282 ```
3283 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3284 ```
3285 Value (string):
3286 ```
3287 <enabled/> or <disabled/>
3288 ```
3289 #### macOS
3290 ```
3291 <dict>
3292 <key>HardwareAcceleration</key>
3293 <true/> | <false/>
3294 </dict>
3295 ```
3296 #### policies.json
3297 ```
3298 {
3299 "policies": {
3300 "HardwareAcceleration": true | false
3301 }
3302 }
3303 ```
3304 ### Homepage
3305 Configure the default homepage and how Firefox starts.
3306
3307 `URL` is the default homepage.
3308
3309 `Locked` prevents the user from changing homepage preferences.
3310
3311 `Additional` allows for more than one homepage.
3312
3313 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3314
3315 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3316
3317 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3318 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3319 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3320
3321 #### Windows (GPO)
3322 ```
3323 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3324 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3325 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3326 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3327 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3328 ```
3329 #### Windows (Intune)
3330 OMA-URI:
3331 ```
3332 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3333 ```
3334 Value (string):
3335 ```
3336 <enabled/>
3337
3338 <data id="HomepageURL" value="https://example.com"/>
3339 <data id="HomepageLocked" value="true | false"/>
3340 ```
3341 OMA-URI:
3342 ```
3343 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3344 ```
3345 Value (string):
3346 ```
3347 <enabled/>
3348
3349 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3350 ```
3351 OMA-URI:
3352 ```
3353 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3354 ```
3355 Value (string):
3356 ```
3357 <enabled/>
3358
3359 <data id="StartPage" value="none | homepage | previous-session"/>
3360 ```
3361 #### macOS
3362 ```
3363 <dict>
3364 <key>Homepage</key>
3365 <dict>
3366 <key>URL</key>
3367 <string>http://example.com</string>
3368 <key>Locked</key>
3369 <true/> | <false/>
3370 <key>Additional</key>
3371 <array>
3372 <string>http://example.org</string>
3373 <string>http://example.edu</string>
3374 </array>
3375 <key>StartPage</key>
3376 <string>none | homepage | previous-session | homepage-locked</string>
3377 </dict>
3378 </dict>
3379 ```
3380 #### policies.json
3381 ```
3382 {
3383 "policies": {
3384 "Homepage": {
3385 "URL": "http://example.com/",
3386 "Locked": true | false,
3387 "Additional": ["http://example.org/",
3388 "http://example.edu/"],
3389 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3390 }
3391 }
3392 }
3393 ```
3394 ### InstallAddonsPermission
3395 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3396
3397 `Allow` is a list of origins where extension installs are allowed.
3398
3399 `Default` determines whether or not extension installs are allowed by default.
3400
3401 **Compatibility:** Firefox 60, Firefox ESR 60\
3402 **CCK2 Equivalent:** `permissions.install`\
3403 **Preferences Affected:** `xpinstall.enabled`
3404
3405 #### Windows (GPO)
3406 ```
3407 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3408 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3409 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3410 ```
3411 #### Windows (Intune)
3412 OMA-URI:
3413 ```
3414 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3415 ```
3416 Value (string):
3417 ```
3418 <enabled/>
3419 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3420 ```
3421 OMA-URI:
3422 ```
3423 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3424 ```
3425 Value (string):
3426 ```
3427 <enabled/>
3428 ```
3429 #### macOS
3430 ```
3431 <dict>
3432 <key>InstallAddonsPermission</key>
3433 <dict>
3434 <key>Allow</key>
3435 <array>
3436 <string>http://example.org</string>
3437 <string>http://example.edu</string>
3438 </array>
3439 <key>Default</key>
3440 <true/> | <false/>
3441 </dict>
3442 </dict>
3443 ```
3444 #### policies.json
3445 ```
3446 {
3447 "policies": {
3448 "InstallAddonsPermission": {
3449 "Allow": ["http://example.org/",
3450 "http://example.edu/"],
3451 "Default": true | false
3452 }
3453 }
3454 }
3455 ```
3456 ### LegacyProfiles
3457 Disable the feature enforcing a separate profile for each installation.
3458
3459 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3460
3461 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3462
3463 This policy only work on Windows via GPO (not policies.json).
3464
3465 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3466 **CCK2 Equivalent:** N/A\
3467 **Preferences Affected:** N/A
3468
3469 #### Windows (GPO)
3470 ```
3471 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3472 ```
3473 #### Windows (Intune)
3474 OMA-URI:
3475 ```
3476 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3477 ```
3478 Value (string):
3479 ```
3480 <enabled/> or <disabled/>
3481 ```
3482 ### LegacySameSiteCookieBehaviorEnabled
3483 Enable default legacy SameSite cookie behavior setting.
3484
3485 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3486
3487 **Compatibility:** Firefox 96\
3488 **CCK2 Equivalent:** N/A\
3489 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3490
3491 #### Windows (GPO)
3492 ```
3493 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3494 ```
3495 #### Windows (Intune)
3496 OMA-URI:
3497 ```
3498 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3499 ```
3500 Value (string):
3501 ```
3502 <enabled/> or <disabled/>
3503 ```
3504 #### macOS
3505 ```
3506 <dict>
3507 <key>LegacySameSiteCookieBehaviorEnabled</key>
3508 <true/> | <false/>
3509 </dict>
3510 ```
3511 #### policies.json
3512 ```
3513 {
3514 "policies": {
3515 "LegacySameSiteCookieBehaviorEnabled": true | false
3516 }
3517 ```
3518 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3519 Revert to legacy SameSite behavior for cookies on specified sites.
3520
3521 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3522
3523 **Compatibility:** Firefox 96\
3524 **CCK2 Equivalent:** N/A\
3525 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3526
3527 #### Windows (GPO)
3528 ```
3529 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3530 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3531 ```
3532 #### Windows (Intune)
3533 OMA-URI:
3534 ```
3535 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3536 ```
3537 Value (string):
3538 ```
3539 <enabled/>
3540 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3541 ```
3542 #### macOS
3543 ```
3544 <dict>
3545 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3546 <array>
3547 <string>example.org</string>
3548 <string>example.edu</string>
3549 </array>
3550 </dict>
3551 ```
3552 #### policies.json
3553 ```
3554 {
3555 "policies": {
3556 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3557 "example.edu"]
3558 }
3559 }
3560 ```
3561 ### LocalFileLinks
3562 Enable linking to local files by origin.
3563
3564 **Compatibility:** Firefox 68, Firefox ESR 68\
3565 **CCK2 Equivalent:** N/A\
3566 **Preferences Affected:** `capability.policy.localfilelinks.*`
3567
3568 #### Windows (GPO)
3569 ```
3570 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3571 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3572 ```
3573 #### Windows (Intune)
3574 OMA-URI:
3575 ```
3576 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3577 ```
3578 Value (string):
3579 ```
3580 <enabled/>
3581 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3582 ```
3583 #### macOS
3584 ```
3585 <dict>
3586 <key>LocalFileLinks</key>
3587 <array>
3588 <string>http://example.org</string>
3589 <string>http://example.edu</string>
3590 </array>
3591 </dict>
3592 ```
3593 #### policies.json
3594 ```
3595 {
3596 "policies": {
3597 "LocalFileLinks": ["http://example.org/",
3598 "http://example.edu/"]
3599 }
3600 }
3601 ```
3602 ### ManagedBookmarks
3603 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3604
3605 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3606
3607 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3608 ```
3609 {
3610 "items": {
3611 "id": "BookmarkType",
3612 "properties": {
3613 "children": {
3614 "items": {
3615 "$ref": "BookmarkType"
3616 },
3617 "type": "array"
3618 },
3619 "name": {
3620 "type": "string"
3621 },
3622 "toplevel_name": {
3623 "type": "string"
3624 },
3625 "url": {
3626 "type": "string"
3627 }
3628 },
3629 "type": "object"
3630 },
3631 "type": "array"
3632 }
3633 ```
3634 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3635 **CCK2 Equivalent:** N/A\
3636 **Preferences Affected:** N/A
3637
3638 #### Windows (GPO)
3639 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3640 ```
3641 [
3642 {
3643 "toplevel_name": "My managed bookmarks folder"
3644 },
3645 {
3646 "url": "example.com",
3647 "name": "Example"
3648 },
3649 {
3650 "name": "Mozilla links",
3651 "children": [
3652 {
3653 "url": "https://mozilla.org",
3654 "name": "Mozilla.org"
3655 },
3656 {
3657 "url": "https://support.mozilla.org/",
3658 "name": "SUMO"
3659 }
3660 ]
3661 }
3662 ]
3663 ```
3664 #### Windows (Intune)
3665 OMA-URI:
3666 ```
3667 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3668 ```
3669 Value (string):
3670 ```
3671 <enabled/>
3672 <data id="JSON" value='
3673 [
3674 {
3675 "toplevel_name": "My managed bookmarks folder"
3676 },
3677 {
3678 "url": "example.com",
3679 "name": "Example"
3680 },
3681 {
3682 "name": "Mozilla links",
3683 "children": [
3684 {
3685 "url": "https://mozilla.org",
3686 "name": "Mozilla.org"
3687 },
3688 {
3689 "url": "https://support.mozilla.org/",
3690 "name": "SUMO"
3691 }
3692 ]
3693 }
3694 ]'/>
3695 ```
3696 #### macOS
3697 ```
3698 <dict>
3699 <key>ManagedBookmarks</key>
3700 <array>
3701 <dict>
3702 <key>toplevel_name</key>
3703 <string>My managed bookmarks folder</string>
3704 <dict>
3705 <key>url</key>
3706 <string>example.com</string>
3707 <key>name</key>
3708 <string>Example</string>
3709 </dict>
3710 <dict>
3711 <key>name</key>
3712 <string>Mozilla links</string>
3713 <key>children</key>
3714 <array>
3715 <dict>
3716 <key>url</key>
3717 <string>https://mozilla.org</string>
3718 <key>name</key>
3719 <string>Mozilla</string>
3720 </dict>
3721 <dict>
3722 <key>url</key>
3723 <string>https://support.mozilla.org/</string>
3724 <key>name</key>
3725 <string>SUMO</string>
3726 </dict>
3727 </array>
3728 </dict>
3729 </array>
3730 </dict>
3731 ```
3732 #### policies.json
3733 ```
3734 {
3735 "policies": {
3736 "ManagedBookmarks": [
3737 {
3738 "toplevel_name": "My managed bookmarks folder"
3739 },
3740 {
3741 "url": "example.com",
3742 "name": "Example"
3743 },
3744 {
3745 "name": "Mozilla links",
3746 "children": [
3747 {
3748 "url": "https://mozilla.org",
3749 "name": "Mozilla.org"
3750 },
3751 {
3752 "url": "https://support.mozilla.org/",
3753 "name": "SUMO"
3754 }
3755 ]
3756 }
3757 ]
3758 }
3759 }
3760 ```
3761 ### ManualAppUpdateOnly
3762
3763 Switch to manual updates only.
3764
3765 If this policy is enabled:
3766 1. The user will never be prompted to install updates
3767 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3768 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3769
3770 This policy is primarily intended for advanced end users, not for enterprises.
3771
3772 **Compatibility:** Firefox 87\
3773 **CCK2 Equivalent:** N/A\
3774 **Preferences Affected:** N/A
3775
3776 #### policies.json
3777 ```
3778 {
3779 "policies": {
3780 "ManualAppUpdateOnly": true | false
3781 }
3782 }
3783 ```
3784 ### NetworkPrediction
3785 Enable or disable network prediction (DNS prefetching).
3786
3787 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3788 **CCK2 Equivalent:** N/A\
3789 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3790
3791 #### Windows (GPO)
3792 ```
3793 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3794 ```
3795 #### Windows (Intune)
3796 OMA-URI:
3797 ```
3798 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3799 ```
3800 Value (string):
3801 ```
3802 <enabled/> or <disabled/>
3803 ```
3804 #### macOS
3805 ```
3806 <dict>
3807 <key>NetworkPrediction</key>
3808 <true/> | <false/>
3809 </dict>
3810 ```
3811 #### policies.json
3812 ```
3813 {
3814 "policies": {
3815 "NetworkPrediction": true | false
3816 }
3817 ```
3818 ### NewTabPage
3819 Enable or disable the New Tab page.
3820
3821 **Compatibility:** Firefox 68, Firefox ESR 68\
3822 **CCK2 Equivalent:** N/A\
3823 **Preferences Affected:** `browser.newtabpage.enabled`
3824
3825 #### Windows (GPO)
3826 ```
3827 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3828 ```
3829 #### Windows (Intune)
3830 OMA-URI:
3831 ```
3832 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3833 ```
3834 Value (string):
3835 ```
3836 <enabled/> or <disabled/>
3837 ```
3838 #### macOS
3839 ```
3840 <dict>
3841 <key>NewTabPage</key>
3842 <true/> | <false/>
3843 </dict>
3844 ```
3845 #### policies.json
3846 ```
3847 {
3848 "policies": {
3849 "NewTabPage": true | false
3850 }
3851 ```
3852 ### NoDefaultBookmarks
3853 Disable the creation of default bookmarks.
3854
3855 This policy is only effective if the user profile has not been created yet.
3856
3857 **Compatibility:** Firefox 60, Firefox ESR 60\
3858 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3859 **Preferences Affected:** N/A
3860
3861 #### Windows (GPO)
3862 ```
3863 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3864 ```
3865 #### Windows (Intune)
3866 OMA-URI:
3867 ```
3868 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3869 ```
3870 Value (string):
3871 ```
3872 <enabled/> or <disabled/>
3873 ```
3874 #### macOS
3875 ```
3876 <dict>
3877 <key>NoDefaultBookmarks</key>
3878 <true/> | <false/>
3879 </dict>
3880 ```
3881 #### policies.json
3882 ```
3883 {
3884 "policies": {
3885 "NoDefaultBookmarks": true | false
3886 }
3887 }
3888 ```
3889 ### OfferToSaveLogins
3890 Control whether or not Firefox offers to save passwords.
3891
3892 **Compatibility:** Firefox 60, Firefox ESR 60\
3893 **CCK2 Equivalent:** `dontRememberPasswords`\
3894 **Preferences Affected:** `signon.rememberSignons`
3895
3896 #### Windows (GPO)
3897 ```
3898 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3899 ```
3900 #### Windows (Intune)
3901 OMA-URI:
3902 ```
3903 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3904 ```
3905 Value (string):
3906 ```
3907 <enabled/> or <disabled/>
3908 ```
3909 #### macOS
3910 ```
3911 <dict>
3912 <key>OfferToSaveLogins</key>
3913 <true/> | <false/>
3914 </dict>
3915 ```
3916 #### policies.json
3917 ```
3918 {
3919 "policies": {
3920 "OfferToSaveLogins": true | false
3921 }
3922 }
3923 ```
3924 ### OfferToSaveLoginsDefault
3925 Sets the default value of signon.rememberSignons without locking it.
3926
3927 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3928 **CCK2 Equivalent:** `dontRememberPasswords`\
3929 **Preferences Affected:** `signon.rememberSignons`
3930
3931 #### Windows (GPO)
3932 ```
3933 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
3934 ```
3935 #### Windows (Intune)
3936 OMA-URI:
3937 ```
3938 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
3939 ```
3940 Value (string):
3941 ```
3942 <enabled/> or <disabled/>
3943 ```
3944 #### macOS
3945 ```
3946 <dict>
3947 <key>OfferToSaveLoginsDefault</key>
3948 <true/> | <false/>
3949 </dict>
3950 ```
3951 #### policies.json
3952 ```
3953 {
3954 "policies": {
3955 "OfferToSaveLoginsDefault": true | false
3956 }
3957 }
3958 ```
3959 ### OverrideFirstRunPage
3960 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
3961
3962 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
3963
3964 **Compatibility:** Firefox 60, Firefox ESR 60\
3965 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
3966 **Preferences Affected:** `startup.homepage_welcome_url`
3967
3968 #### Windows (GPO)
3969 ```
3970 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
3971 ```
3972 #### Windows (Intune)
3973 OMA-URI:
3974 ```
3975 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
3976 ```
3977 Value (string):
3978 ```
3979 <enabled/>
3980 <data id="OverridePage" value="https://example.com"/>
3981 ```
3982 #### macOS
3983 ```
3984 <dict>
3985 <key>OverrideFirstRunPage</key>
3986 <string>http://example.org</string>
3987 </dict>
3988 ```
3989 #### policies.json
3990 ```
3991 {
3992 "policies": {
3993 "OverrideFirstRunPage": "http://example.org"
3994 }
3995 }
3996 ```
3997 ### OverridePostUpdatePage
3998 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
3999
4000 **Compatibility:** Firefox 60, Firefox ESR 60\
4001 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4002 **Preferences Affected:** `startup.homepage_override_url`
4003
4004 #### Windows (GPO)
4005 ```
4006 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4007 ```
4008 #### Windows (Intune)
4009 OMA-URI:
4010 ```
4011 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4012 ```
4013 Value (string):
4014 ```
4015 <enabled/>
4016 <data id="OverridePage" value="https://example.com"/>
4017 ```
4018 #### macOS
4019 ```
4020 <dict>
4021 <key>OverridePostUpdatePage</key>
4022 <string>http://example.org</string>
4023 </dict>
4024 ```
4025 #### policies.json
4026 ```
4027 {
4028 "policies": {
4029 "OverridePostUpdatePage": "http://example.org"
4030 }
4031 }
4032 ```
4033 ### PasswordManagerEnabled
4034 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4035
4036 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4037 **CCK2 Equivalent:** N/A\
4038 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4039
4040 #### Windows (GPO)
4041 ```
4042 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4043 ```
4044 #### Windows (Intune)
4045 OMA-URI:
4046 ```
4047 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4048 ```
4049 Value (string):
4050 ```
4051 <enabled/> or <disabled/>
4052 ```
4053 #### macOS
4054 ```
4055 <dict>
4056 <key>PasswordManagerEnabled</key>
4057 <true/> | <false/>
4058 </dict>
4059 ```
4060 #### policies.json
4061 ```
4062 {
4063 "policies": {
4064 "PasswordManagerEnabled": true | false
4065 }
4066 }
4067 ```
4068 ### PasswordManagerExceptions
4069 Prevent Firefox from saving passwords for specific sites.
4070
4071 The sites are specified as a list of origins.
4072
4073 **Compatibility:** Firefox 101\
4074 **CCK2 Equivalent:** N/A\
4075 **Preferences Affected:** N/A
4076
4077 #### Windows (GPO)
4078 ```
4079 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4080 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4081 ```
4082 #### Windows (Intune)
4083 OMA-URI:
4084 ```
4085 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4086 ```
4087 Value (string):
4088 ```
4089 <enabled/>
4090 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4091 ```
4092 #### macOS
4093 ```
4094 <dict>
4095 <key>PasswordManagerExceptions</key>
4096 <array>
4097 <string>https://example.org</string>
4098 <string>https://example.edu</string>
4099 </array>
4100 </dict>
4101 ```
4102 #### policies.json
4103 ```
4104 {
4105 "policies": {
4106 "PasswordManagerExceptions": ["https://example.org",
4107 "https://example.edu"]
4108 }
4109 }
4110 ```
4111
4112 ### PDFjs
4113 Disable or configure PDF.js, the built-in PDF viewer.
4114
4115 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4116
4117 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4118
4119 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4120
4121 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4122 **CCK2 Equivalent:** N/A\
4123 **Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
4124
4125 #### Windows (GPO)
4126 ```
4127 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4128 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4129 ```
4130 #### Windows (Intune)
4131 OMA-URI:
4132 ```
4133 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4134 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4135 ```
4136 Value (string):
4137 ```
4138 <enabled/>or <disabled/>
4139 ```
4140 #### macOS
4141 ```
4142 <dict>
4143 <key>PDFjs</key>
4144 <dict>
4145 <key>Enabled</key>
4146 <true/> | <false/>
4147 <key>EnablePermissions</key>
4148 <true/> | <false/>
4149 </dict>
4150 </dict>
4151 ```
4152 #### policies.json
4153 ```
4154 {
4155 "policies": {
4156 "PDFjs": {
4157 "Enabled": true | false,
4158 "EnablePermissions": true | false
4159 }
4160 }
4161 }
4162 ```
4163 ### Permissions
4164 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4165
4166 `Allow` is a list of origins where the feature is allowed.
4167
4168 `Block` is a list of origins where the feature is not allowed.
4169
4170 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4171
4172 `Locked` prevents the user from changing preferences for the feature.
4173
4174 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4175
4176 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4177 **CCK2 Equivalent:** N/A\
4178 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4179
4180 #### Windows (GPO)
4181 ```
4182 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4183 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4184 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4185 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4186 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4187 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4188 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4189 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4190 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4191 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4192 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4193 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4194 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4195 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4196 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4197 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4198 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4199 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4200 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4201 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4202 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4203 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4204 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4205 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4206 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4207 ```
4208 #### Windows (Intune)
4209 OMA-URI:
4210 ```
4211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4212 ```
4213 Value (string):
4214 ```
4215 <enabled/> or <disabled/>
4216 ```
4217 OMA-URI:
4218 ```
4219 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4220 ```
4221 Value (string):
4222 ```
4223 <enabled/> or <disabled/>
4224 ```
4225 OMA-URI:
4226 ```
4227 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4228 ```
4229 Value (string):
4230 ```
4231 <enabled/>
4232 <data id="Permissions" value="1&#xF000;https://example.org"/>
4233 ```
4234 OMA-URI:
4235 ```
4236 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4237 ```
4238 Value (string):
4239 ```
4240 <enabled/> or <disabled/>
4241 ```
4242 OMA-URI:
4243 ```
4244 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4245 ```
4246 Value (string):
4247 ```
4248 <enabled/> or <disabled/>
4249 ```
4250 OMA-URI:
4251 ```
4252 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4253 ```
4254 Value (string):
4255 ```
4256 <enabled/>
4257 <data id="Permissions" value="1&#xF000;https://example.org"/>
4258 ```
4259 OMA-URI:
4260 ```
4261 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4262 ```
4263 Value (string):
4264 ```
4265 <enabled/>
4266 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4267 ```
4268 OMA-URI:
4269 ```
4270 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4271 ```
4272 Value (string):
4273 ```
4274 <enabled/>
4275 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4276 ```
4277 OMA-URI:
4278 ```
4279 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4280 ```
4281 Value (string):
4282 ```
4283 <enabled/> or <disabled/>
4284 ```
4285 OMA-URI:
4286 ```
4287 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4288 ```
4289 Value (string):
4290 ```
4291 <enabled/>
4292 <data id="Permissions" value="1&#xF000;https://example.org"/>
4293 ```
4294 OMA-URI:
4295 ```
4296 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4297 ```
4298 Value (string):
4299 ```
4300 <enabled/>
4301 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4302 ```
4303 OMA-URI:
4304 ```
4305 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4306 ```
4307 Value (string):
4308 ```
4309 <enabled/> or <disabled/>
4310 ```
4311 OMA-URI:
4312 ```
4313 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4314 ```
4315 Value (string):
4316 ```
4317 <enabled/> or <disabled/>
4318 ```
4319 #### macOS
4320 ```
4321 <dict>
4322 <key>Permissions</key>
4323 <dict>
4324 <key>Camera</key>
4325 <dict>
4326 <key>Allow</key>
4327 <array>
4328 <string>https://example.org</string>
4329 <string>https://example.org:1234</string>
4330 </array>
4331 <key>Block</key>
4332 <array>
4333 <string>https://example.edu</string>
4334 </array>
4335 <key>BlockNewRequests</key>
4336 <true/> | <false/>
4337 <key>Locked</key>
4338 <true/> | <false/>
4339 </dict>
4340 <key>Microphone</key>
4341 <dict>
4342 <key>Allow</key>
4343 <array>
4344 <string>https://example.org</string>
4345 </array>
4346 <key>Block</key>
4347 <array>
4348 <string>https://example.edu</string>
4349 </array>
4350 <key>BlockNewRequests</key>
4351 <true/> | <false/>
4352 <key>Locked</key>
4353 <true/> | <false/>
4354 </dict>
4355 <key>Location</key>
4356 <dict>
4357 <key>Allow</key>
4358 <array>
4359 <string>https://example.org</string>
4360 </array>
4361 <key>Block</key>
4362 <array>
4363 <string>https://example.edu</string>
4364 </array>
4365 <key>BlockNewRequests</key>
4366 <true/> | <false/>
4367 <key>Locked</key>
4368 <true/> | <false/>
4369 </dict>
4370 <key>Notifications</key>
4371 <dict>
4372 <key>Allow</key>
4373 <array>
4374 <string>https://example.org</string>
4375 </array>
4376 <key>Block</key>
4377 <array>
4378 <string>https://example.edu</string>
4379 </array>
4380 <key>BlockNewRequests</key>
4381 <true/>
4382 <key>Locked</key>
4383 <true/>
4384 </dict>
4385 <key>Autoplay</key>
4386 <dict>
4387 <key>Allow</key>
4388 <array>
4389 <string>https://example.org</string>
4390 </array>
4391 <key>Block</key>
4392 <array>
4393 <string>https://example.edu</string>
4394 </array>
4395 <key>Default</key>
4396 <string>allow-audio-video | block-audio | block-audio-video</string>
4397 <key>Locked</key>
4398 <true/> | <false/>
4399 </dict>
4400 </dict>
4401 </dict>
4402 ```
4403 #### policies.json
4404 ```
4405 {
4406 "policies": {
4407 "Permissions": {
4408 "Camera": {
4409 "Allow": ["https://example.org","https://example.org:1234"],
4410 "Block": ["https://example.edu"],
4411 "BlockNewRequests": true | false,
4412 "Locked": true | false
4413 },
4414 "Microphone": {
4415 "Allow": ["https://example.org"],
4416 "Block": ["https://example.edu"],
4417 "BlockNewRequests": true | false,
4418 "Locked": true | false
4419 },
4420 "Location": {
4421 "Allow": ["https://example.org"],
4422 "Block": ["https://example.edu"],
4423 "BlockNewRequests": true | false,
4424 "Locked": true | false
4425 },
4426 "Notifications": {
4427 "Allow": ["https://example.org"],
4428 "Block": ["https://example.edu"],
4429 "BlockNewRequests": true | false,
4430 "Locked": true | false
4431 },
4432 "Autoplay": {
4433 "Allow": ["https://example.org"],
4434 "Block": ["https://example.edu"],
4435 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4436 "Locked": true | false
4437 }
4438 }
4439 }
4440 }
4441 ```
4442 ### PictureInPicture
4443
4444 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4445
4446 **Compatibility:** Firefox 78, Firefox ESR 78\
4447 **CCK2 Equivalent:** N/A\
4448 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4449
4450 #### Windows (GPO)
4451 ```
4452 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4453 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4454
4455 ```
4456 #### Windows (Intune)
4457 OMA-URI:
4458 ```
4459 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4460 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4461 ```
4462 Value (string):
4463 ```
4464 <enabled/> or <disabled/>
4465 ```
4466 #### macOS
4467 ```
4468 <dict>
4469 <key>PictureInPicture</key>
4470 <dict>
4471 <key>Enabled</key>
4472 <true/> | <false/>
4473 <key>Locked</key>
4474 <true/> | <false/>
4475 </dict>
4476 </dict>
4477 ```
4478 #### policies.json
4479 ```
4480 {
4481 "policies": {
4482 "PictureInPicture": {
4483 "Enabled": true | false,
4484 "Locked": true | false
4485 }
4486 }
4487 }
4488 ```
4489 ### PopupBlocking
4490 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4491
4492 `Allow` is a list of origins where popup-windows are allowed.
4493
4494 `Default` determines whether or not pop-up windows are allowed by default.
4495
4496 `Locked` prevents the user from changing pop-up preferences.
4497
4498 **Compatibility:** Firefox 60, Firefox ESR 60\
4499 **CCK2 Equivalent:** `permissions.popup`\
4500 **Preferences Affected:** `dom.disable_open_during_load`
4501
4502 #### Windows (GPO)
4503 ```
4504 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4505 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4506 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4507 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4508 ```
4509 #### Windows (Intune)
4510 OMA-URI:
4511 ```
4512 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4513 ```
4514 Value (string):
4515 ```
4516 <enabled/>
4517 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4518 ```
4519 OMA-URI:
4520 ```
4521 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4522 ```
4523 Value (string):
4524 ```
4525 <enabled/> or <disabled/>
4526 ```
4527 OMA-URI:
4528 ```
4529 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4530 ```
4531 Value (string):
4532 ```
4533 <enabled/> or <disabled/>
4534 ```
4535 #### macOS
4536 ```
4537 <dict>
4538 <key>PopupBlocking</key>
4539 <dict>
4540 <key>Allow</key>
4541 <array>
4542 <string>http://example.org</string>
4543 <string>http://example.edu</string>
4544 </array>
4545 <key>Default</key>
4546 <true/> | <false/>
4547 <key>Locked</key>
4548 <true/> | <false/>
4549 </dict>
4550 </dict>
4551 ```
4552 #### policies.json
4553 ```
4554 {
4555 "policies": {
4556 "PopupBlocking": {
4557 "Allow": ["http://example.org/",
4558 "http://example.edu/"],
4559 "Default": true | false,
4560 "Locked": true | false
4561 }
4562 }
4563 }
4564 ```
4565 ### Preferences
4566 Set and lock preferences.
4567
4568 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section.
4569
4570 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4571
4572 Preferences that start with the following prefixes are supported:
4573 ```
4574 accessibility.
4575 app.update.* (Firefox 86, Firefox 78.8)
4576 browser.
4577 datareporting.policy.
4578 dom.
4579 extensions.
4580 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4581 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4582 geo.
4583 gfx.
4584 intl.
4585 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4586 layers.
4587 layout.
4588 media.
4589 network.
4590 pdfjs. (Firefox 84, Firefox ESR 78.6)
4591 places.
4592 print.
4593 signon. (Firefox 83, Firefox ESR 78.5)
4594 spellchecker. (Firefox 84, Firefox ESR 78.6)
4595 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4596 ui.
4597 widget.
4598 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4599 ```
4600 as well as the following security preferences:
4601 | Preference | Type | Default
4602 | --- | --- | ---
4603 | security.default_personal_cert | string | Ask Every Time
4604 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4605 | security.insecure_connection_text.enabled | bool | false
4606 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4607 | security.insecure_connection_text.pbmode.enabled | bool | false
4608 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4609 | security.insecure_field_warning.contextual.enabled | bool | true
4610 | &nbsp;&nbsp;&nbsp;&nbsp;If set to false, remove the warning for inscure login fields.
4611 | security.mixed_content.block_active_content | boolean | true
4612 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4613 | security.osclientcerts.autoload | boolean | false
4614 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4615 | security.ssl.errorReporting.enabled | boolean | true
4616 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4617 | security.tls.enable_0rtt_data | boolean | true
4618 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
4619 | security.tls.hello_downgrade_check | boolean | true
4620 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4621 | security.tls.version.enable-deprecated | boolean | false
4622 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
4623 | security.warn_submit_secure_to_insecure | boolean | true
4624 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4625 &nbsp;
4626
4627 Using the preference as the key, set the `Value` to the corresponding preference value.
4628
4629 `Status` can be "default", "locked", "user" or "clear"
4630
4631 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4632 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4633 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4634 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4635
4636 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4637
4638 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4639
4640 See the examples below for more detail.
4641
4642 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4643
4644 Status
4645 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4646 **CCK2 Equivalent:** `preferences`\
4647 **Preferences Affected:** Many
4648
4649 #### Windows (GPO)
4650 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4651 ```
4652 {
4653 "accessibility.force_disabled": {
4654 "Value": 1,
4655 "Status": "default"
4656 },
4657 "browser.cache.disk.parent_directory": {
4658 "Value": "SOME_NATIVE_PATH",
4659 "Status": "user"
4660 },
4661 "browser.tabs.warnOnClose": {
4662 "Value": false,
4663 "Status": "locked"
4664 }
4665 }
4666 ```
4667 #### Windows (Intune)
4668 OMA-URI:
4669 ```
4670 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4671 ```
4672 Value (string):
4673 ```
4674 <enabled/>
4675 <data id="JSON" value='
4676 {
4677 "accessibility.force_disabled": {
4678 "Value": 1,
4679 "Status": "default"
4680 },
4681 "browser.cache.disk.parent_directory": {
4682 "Value": "SOME_NATIVE_PATH",
4683 "Status": "user"
4684 },
4685 "browser.tabs.warnOnClose": {
4686 "Value": false,
4687 "Status": "locked"
4688 }
4689 }'/>
4690 ```
4691 #### macOS
4692 ```
4693 <dict>
4694 <key>Preferences</key>
4695 <dict>
4696 <key>accessibility.force_disabled</key>
4697 <dict>
4698 <key>Value</key>
4699 <integer>1</integer>
4700 <key>Status</key>
4701 <string>default</string>
4702 </dict>
4703 <key>browser.cache.disk.parent_directory</key>
4704 <dict>
4705 <key>Value</key>
4706 <string>SOME_NATIVE_PATH</string>
4707 <key>Status</key>
4708 <string>user</string>
4709 </dict>
4710 <key>browser.tabs.warnOnClose</key>
4711 <dict>
4712 <key>Value</key>
4713 <false/>
4714 <key>Status</key>
4715 <string>locked</string>
4716 </dict>
4717 </dict>
4718 </dict>
4719 ```
4720 #### policies.json
4721 ```
4722 {
4723 "policies": {
4724 "Preferences": {
4725 "accessibility.force_disabled": {
4726 "Value": 1,
4727 "Status": "default"
4728 },
4729 "browser.cache.disk.parent_directory": {
4730 "Value": "SOME_NATIVE_PATH",
4731 "Status": "user"
4732 },
4733 "browser.tabs.warnOnClose": {
4734 "Value": false,
4735 "Status": "locked"
4736 }
4737 }
4738 }
4739 }
4740 ```
4741 ### Preferences (Deprecated)
4742 Set and lock certain preferences.
4743
4744 **Compatibility:** See below\
4745 **CCK2 Equivalent:** `preferences`\
4746 **Preferences Affected:** See below
4747
4748 | Preference | Type | Compatibility | Default
4749 | --- | --- | --- | ---
4750 | accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
4751 | &nbsp;&nbsp;&nbsp;&nbsp;If set to 1, platform accessibility is disabled.
4752 | app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
4753 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Firefox doesn't automatically install update.
4754 | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false
4755 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are exported on shutdown.
4756 | browser.bookmarks.file | string | Firefox 70, Firefox ESR 68.2 | N/A
4757 | &nbsp;&nbsp;&nbsp;&nbsp;If set, the name of the file where bookmarks are exported and imported.
4758 | browser.bookmarks.restore_default_bookmarks | boolean | Firefox 70, Firefox ESR 68.2 | N/A
4759 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are restored to their defaults.
4760 | browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true
4761 | &nbsp;&nbsp;&nbsp;&nbsp;If false, don't store cache on the hard drive.
4762 | ~browser.cache.disk.parent_directory~ | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
4763 | &nbsp;&nbsp;&nbsp;&nbsp;~If set, changes the location of the disk cache.~ This policy doesn't work. It's being worked on.
4764 | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
4765 | &nbsp;&nbsp;&nbsp;&nbsp;If true, single words are sent to DNS, not directly to search.
4766 | browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent
4767 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page. Due to Firefox limitations, search sites can't be added. In addition, sites with the same name but different TLDs (example.org/example.com) will not display properly.
4768 | browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
4769 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are always imported on startup.
4770 | browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4771 | &nbsp;&nbsp;&nbsp;&nbsp;If false, phishing protection is not enabled (Not recommended)
4772 | browser.safebrowsing.malware.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4773 | &nbsp;&nbsp;&nbsp;&nbsp;If false, malware protection is not enabled (Not recommended)
4774 | browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true
4775 | &nbsp;&nbsp;&nbsp;&nbsp;If false, updates for search engines are not checked.
4776 | browser.slowStartup.notificationDisabled | boolean | Firefox 70, Firefox ESR 68.2 | false
4777 | &nbsp;&nbsp;&nbsp;&nbsp;If true, a notification isn't shown if startup is slow.
4778 | browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true
4779 | &nbsp;&nbsp;&nbsp;&nbsp;If false, there is no warning when the browser is closed.
4780 | browser.taskbar.previews.enable | boolean | Firefox 70, Firefox ESR 68.2 (Windows only) | false
4781 | &nbsp;&nbsp;&nbsp;&nbsp;If true, tab previews are shown in the Windows taskbar.
4782 | browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true
4783 | &nbsp;&nbsp;&nbsp;&nbsp;If false, bookmarks aren't suggested when typing in the URL bar.
4784 | browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true
4785 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history isn't suggested when typing in the URL bar.
4786 | browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true
4787 | &nbsp;&nbsp;&nbsp;&nbsp;If false, open tabs aren't suggested when typing in the URL bar.
4788 | datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false
4789 | &nbsp;&nbsp;&nbsp;&nbsp;If true, don't show the privacy policy tab on first run.
4790 | dom.allow_scripts_to_close_windows | boolean | Firefox 70, Firefox ESR 68.2 | false
4791 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web page can close windows.
4792 | dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true
4793 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can focus and activate windows.
4794 | dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false
4795 | &nbsp;&nbsp;&nbsp;&nbsp;If true, web pages can't move or resize windows.
4796 | dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4797 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can't override context menus.
4798 | dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A
4799 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4800 | dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
4801 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4802 | dom.xmldocument.load.enabled | boolean | Firefox ESR 68.5 | true.
4803 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.load is not available.
4804 | dom.xmldocument.async.enabled | boolean | Firefox ESR 68.5 | true
4805 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.async is not available.
4806 | extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4807 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the extensions blocklist is not used (Not recommended)
4808 | extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
4809 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Recommendations tab is not displayed in the Add-ons Manager.
4810 | extensions.htmlaboutaddons.recommendations.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4811 | &nbsp;&nbsp;&nbsp;&nbsp;If false, recommendations are not shown on the Extensions tab in the Add-ons Manager.
4812 | geo.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4813 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the geolocation API is disabled. | Language dependent
4814 | intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
4815 | &nbsp;&nbsp;&nbsp;&nbsp;If set, preferred language for web pages.
4816 | media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true
4817 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Encrypted Media Extensions are not enabled.
4818 | media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4819 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the OpenH264 plugin is not downloaded.
4820 | media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4821 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Widevine plugin is not downloaded.
4822 | media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4823 | &nbsp;&nbsp;&nbsp;&nbsp;If false, WebRTC is disabled
4824 | media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) | string | Firefox 72, Firefox ESR 68.4 | N/A
4825 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4826 disabled
4827 | media.peerconnection.ice.obfuscate_host_addresses.blocklist | string | Firefox 79, Firefox ESR 78.1 | N/A
4828 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4829 disabled
4830 | network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
4831 | &nbsp;&nbsp;&nbsp;&nbsp;If true, IPv6 DNS lokoups are disabled.
4832 | network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false
4833 | &nbsp;&nbsp;&nbsp;&nbsp;If true, display the punycode version of internationalized domain names.
4834 | places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4835 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history is not enabled.
4836 | print.save_print_settings | boolean | Firefox 70, Firefox ESR 68.2 | true
4837 | &nbsp;&nbsp;&nbsp;&nbsp;If false, print settings are not saved between jobs.
4838 | security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time
4839 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4840 | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
4841 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4842 | security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false
4843 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4844 | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4845 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4846 | security.tls.hello_downgrade_check | boolean | Firefox 72, Firefox ESR 68.4 | true
4847 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4848 | ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true
4849 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Alt key doesn't show the menubar on Windows.
4850 | widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A
4851 | &nbsp;&nbsp;&nbsp;&nbsp;If set, overrides the GTK theme for widgets.
4852 #### Windows (GPO)
4853 ```
4854 Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
4855 Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value"
4856 ```
4857 #### Windows (Intune)
4858 OMA-URI: (periods are replaced by underscores)
4859 ```
4860 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name
4861 ```
4862 Value (string):
4863 ```
4864 <enabled/> or <disabled/>
4865 ```
4866 OMA-URI: (periods are replaced by underscores)
4867 ```
4868 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/string_preference_name
4869 ```
4870 Value (string):
4871 ```
4872 <enabled/>
4873 <data id="Preferences_String" value="string_value"/>
4874 ```
4875 #### macOS
4876 ```
4877 <dict>
4878 <key>Preferences</key>
4879 <dict>
4880 <key>boolean_preference_name</key>
4881 <true/> | <false/>
4882 <key>string_preference_name</key>
4883 <string>string_value</string>
4884 </dict>
4885 </dict>
4886 ```
4887 #### policies.json
4888 ```
4889 {
4890 "policies": {
4891 "Preferences": {
4892 "boolean_preference_name": true | false,
4893 "string_preference_name": "string_value"
4894 }
4895 }
4896 }
4897 ```
4898 ### PrimaryPassword
4899 Require or prevent using a primary (formerly master) password.
4900
4901 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4902
4903 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4904
4905 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4906 **CCK2 Equivalent:** `noMasterPassword`\
4907 **Preferences Affected:** N/A
4908
4909 #### Windows (GPO)
4910 ```
4911 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4912 ```
4913 #### Windows (Intune)
4914 OMA-URI:
4915 ```
4916 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4917 ```
4918 Value (string):
4919 ```
4920 <enabled/> or <disabled/>
4921 ```
4922 #### macOS
4923 ```
4924 <dict>
4925 <key>PrimaryPassword</key>
4926 <true/> | <false/>
4927 </dict>
4928 ```
4929 #### policies.json
4930 ```
4931 {
4932 "policies": {
4933 "PrimaryPassword": true | false
4934 }
4935 }
4936 ```
4937 ### PromptForDownloadLocation
4938 Ask where to save each file before downloading.
4939
4940 **Compatibility:** Firefox 68, Firefox ESR 68\
4941 **CCK2 Equivalent:** N/A\
4942 **Preferences Affected:** `browser.download.useDownloadDir`
4943
4944 #### Windows (GPO)
4945 ```
4946 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4947 ```
4948 #### Windows (Intune)
4949 OMA-URI:
4950 ```
4951 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4952 ```
4953 Value (string):
4954 ```
4955 <enabled/> or <disabled/>
4956 ```
4957 #### macOS
4958 ```
4959 <dict>
4960 <key>PromptForDownloadLocation</key>
4961 <true/> | <false/>
4962 </dict>
4963 ```
4964 #### policies.json
4965 ```
4966 {
4967 "policies": {
4968 "PromptForDownloadLocation": true | false
4969 }
4970 }
4971 ```
4972 ### Proxy
4973 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
4974 To specify ports, append them to the hostnames with a colon (:).
4975
4976 Unless you lock this policy, changes the user already has in place will take effect.
4977
4978 `Mode` is the proxy method being used.
4979
4980 `Locked` is whether or not proxy settings can be changed.
4981
4982 `HTTPProxy` is the HTTP proxy server.
4983
4984 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
4985
4986 `SSLProxy` is the SSL proxy server.
4987
4988 `FTPProxy` is the FTP proxy server.
4989
4990 `SOCKSProxy` is the SOCKS proxy server
4991
4992 `SOCKSVersion` is the SOCKS version (4 or 5)
4993
4994 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
4995
4996 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
4997
4998 `AutoLogin` means do not prompt for authentication if password is saved.
4999
5000 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5001
5002 **Compatibility:** Firefox 60, Firefox ESR 60\
5003 **CCK2 Equivalent:** `networkProxy*`\
5004 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5005
5006 #### Windows (GPO)
5007 ```
5008 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5009 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5010 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
5011 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5012 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5013 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5014 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5015 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5016 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5017 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5018 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5019 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5020 ```
5021 #### Windows (Intune)
5022 **Note**
5023 These setttings were moved to a category to make them easier to configure via Intune.
5024
5025 OMA-URI:
5026 ```
5027 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5028 ```
5029 Value (string):
5030 ```
5031 <enabled/> or <disabled/>
5032 ```
5033 OMA-URI:
5034 ```
5035 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5036 ```
5037 Value (string):
5038 ```
5039 <enabled/>
5040 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5041 ```
5042 OMA-URI:
5043 ```
5044 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5045 ```
5046 Value (string):
5047 ```
5048 <enabled/>
5049 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5050 ```
5051 OMA-URI:
5052 ```
5053 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5054 ```
5055 Value (string):
5056 ```
5057 <enabled/> or <disabled/>
5058 ```
5059 OMA-URI:
5060 ```
5061 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5062 ```
5063 Value (string):
5064 ```
5065 <enabled/>
5066 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5067 ```
5068 OMA-URI:
5069 ```
5070 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5071 ```
5072 Value (string):
5073 ```
5074 <enabled/>
5075 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5076 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5077 ```
5078 OMA-URI:
5079 ```
5080 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5081 ```
5082 Value (string):
5083 ```
5084 <enabled/>
5085 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5086 ```
5087 OMA-URI:
5088 ```
5089 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5090 ```
5091 Value (string):
5092 ```
5093 <enabled/>
5094 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5095 ```
5096 OMA-URI:
5097 ```
5098 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5099 ```
5100 Value (string):
5101 ```
5102 <enabled/> or <disabled/>
5103 ```
5104 OMA-URI:
5105 ```
5106 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5107 ```
5108 Value (string):
5109 ```
5110 <enabled/> or <disabled/>
5111 ```
5112 OMA-URI (Old way):
5113 ```
5114 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5115 ```
5116 Value (string):
5117 ```
5118 <enabled/>
5119 <data id="ProxyLocked" value="true | false"/>
5120 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5121 <data id="HTTPProxy" value="httpproxy.example.com"/>
5122 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5123 <data id="SSLProxy" value="sslproxy.example.com"/>
5124 <data id="FTPProxy" value="ftpproxy.example.com"/>
5125 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5126 <data id="SOCKSVersion" value="4 | 5"/>
5127 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5128 <data id="Passthrough" value="<local>"/>
5129 <data id="AutoLogin" value="true | false"/>
5130 <data id="UseProxyForDNS" value="true | false"/>
5131 ```
5132 #### macOS
5133 ```
5134 <dict>
5135 <key>Proxy</key>
5136 <dict>
5137 <key>Mode</key>
5138 <string>none | system | manual | autoDetect | autoConfig</string>
5139 <key>Locked</key>
5140 <true> | </false>
5141 <key>HTTPProxy</key>
5142 <string>https://httpproxy.example.com</string>
5143 <key>UseHTTPProxyForAllProtocols</key>
5144 <true> | </false>
5145 <key>SSLProxy</key>
5146 <string>https://sslproxy.example.com</string>
5147 <key>FTPProxy</key>
5148 <string>https://ftpproxy.example.com</string>
5149 <key>SOCKSProxy</key>
5150 <string>https://socksproxy.example.com</string>
5151 <key>SOCKSVersion</key>
5152 <string>4 | 5</string>
5153 <key>Passthrough</key>
5154 <string>&lt;local>&gt;</string>
5155 <key>AutoConfigURL</key>
5156 <string>URL_TO_AUTOCONFIG</string>
5157 <key>AutoLogin</key>
5158 <true> | </false>
5159 <key>UseProxyForDNS</key>
5160 <true> | </false>
5161 </dict>
5162 </dict>
5163 ```
5164 #### policies.json
5165 ```
5166 {
5167 "policies": {
5168 "Proxy": {
5169 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5170 "Locked": true | false,
5171 "HTTPProxy": "hostname",
5172 "UseHTTPProxyForAllProtocols": true | false,
5173 "SSLProxy": "hostname",
5174 "FTPProxy": "hostname",
5175 "SOCKSProxy": "hostname",
5176 "SOCKSVersion": 4 | 5,
5177 "Passthrough": "<local>",
5178 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5179 "AutoLogin": true | false,
5180 "UseProxyForDNS": true | false
5181 }
5182 }
5183 }
5184 ```
5185 ### RequestedLocales
5186 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5187
5188 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5189
5190 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5191 **CCK2 Equivalent:** N/A\
5192 **Preferences Affected:** N/A
5193 #### Windows (GPO)
5194 ```
5195 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5196 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5197
5198 or
5199
5200 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5201 ```
5202 #### Windows (Intune)
5203 OMA-URI:
5204 ```
5205 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5206 ```
5207 Value (string):
5208 ```
5209 <enabled/>
5210 <data id="Preferences_String" value="de,en-US"/>
5211 ```
5212 #### macOS
5213 ```
5214 <dict>
5215 <key>RequestedLocales</key>
5216 <array>
5217 <string>de</string>
5218 <string>en-US</string>
5219 </array>
5220 </dict>
5221
5222 or
5223
5224 <dict>
5225 <key>RequestedLocales</key>
5226 <string>de,en-US</string>
5227 </dict>
5228
5229 ```
5230 #### policies.json
5231 ```
5232 {
5233 "policies": {
5234 "RequestedLocales": ["de", "en-US"]
5235 }
5236 }
5237
5238 or
5239
5240 {
5241 "policies": {
5242 "RequestedLocales": "de,en-US"
5243 }
5244 }
5245 ```
5246 <a name="SanitizeOnShutdown"></a>
5247
5248 ### SanitizeOnShutdown (Selective)
5249 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5250
5251 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5252
5253 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5254 **CCK2 Equivalent:** N/A\
5255 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5256 #### Windows (GPO)
5257 ```
5258 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5259 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5260 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5261 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5262 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5263 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5264 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5265 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5266 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5267 ```
5268 #### Windows (Intune)
5269 OMA-URI:
5270 ```
5271 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5272 ```
5273 Value (string):
5274 ```
5275 <enabled/> or <disabled/>
5276 ```
5277 OMA-URI:
5278 ```
5279 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5280 ```
5281 Value (string):
5282 ```
5283 <enabled/> or <disabled/>
5284 ```
5285 OMA-URI:
5286 ```
5287 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5288 ```
5289 Value (string):
5290 ```
5291 <enabled/> or <disabled/>
5292 ```
5293 OMA-URI:
5294 ```
5295 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5296 ```
5297 Value (string):
5298 ```
5299 <enabled/> or <disabled/>
5300 ```
5301 OMA-URI:
5302 ```
5303 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5304 ```
5305 Value (string):
5306 ```
5307 <enabled/> or <disabled/>
5308 ```
5309 OMA-URI:
5310 ```
5311 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5312 ```
5313 Value (string):
5314 ```
5315 <enabled/> or <disabled/>
5316 ```
5317 OMA-URI:
5318 ```
5319 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5320 ```
5321 Value (string):
5322 ```
5323 <enabled/> or <disabled/>
5324 ```
5325 OMA-URI:
5326 ```
5327 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5328 ```
5329 Value (string):
5330 ```
5331 <enabled/> or <disabled/>
5332 ```
5333 OMA-URI:
5334 ```
5335 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5336 ```
5337 Value (string):
5338 ```
5339 <enabled/> or <disabled/>
5340 ```
5341 #### macOS
5342 ```
5343 <dict>
5344 <key>SanitizeOnShutdown</key>
5345 <dict>
5346 <key>Cache</key>
5347 <true/> | <false/>
5348 <key>Cookies</key>
5349 <true/> | <false/>
5350 <key>Downloads</key>
5351 <true/> | <false/>
5352 <key>FormData</key>
5353 <true/> | <false/>
5354 <key>History</key>
5355 <true/> | <false/>
5356 <key>Sessions</key>
5357 <true/> | <false/>
5358 <key>SiteSettings</key>
5359 <true/> | <false/>
5360 <key>OfflineApps</key>
5361 <true/> | <false/>
5362 <key>Locked</key>
5363 <true/> | <false/>
5364 </dict>
5365 </dict>
5366 ```
5367 #### policies.json
5368 ```
5369 {
5370 "policies": {
5371 "SanitizeOnShutdown": {
5372 "Cache": true | false,
5373 "Cookies": true | false,
5374 "Downloads": true | false,
5375 "FormData": true | false,
5376 "History": true | false,
5377 "Sessions": true | false,
5378 "SiteSettings": true | false,
5379 "OfflineApps": true | false,
5380 "Locked": true | false
5381 }
5382 }
5383 }
5384 ```
5385 ### SanitizeOnShutdown (All)
5386 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5387
5388 **Compatibility:** Firefox 60, Firefox ESR 60\
5389 **CCK2 Equivalent:** N/A\
5390 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5391 #### Windows (GPO)
5392 ```
5393 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5394 ```
5395 #### Windows (Intune)
5396 OMA-URI:
5397 ```
5398 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5399 ```
5400 Value (string):
5401 ```
5402 <enabled/> or <disabled/>
5403 ```
5404 #### macOS
5405 ```
5406 <dict>
5407 <key>SanitizeOnShutdown</key>
5408 <true/> | <false/>
5409 </dict>
5410 ```
5411 #### policies.json
5412 ```
5413 {
5414 "policies": {
5415 "SanitizeOnShutdown": true | false
5416 }
5417 }
5418 ```
5419 ### SearchBar
5420 Set whether or not search bar is displayed.
5421
5422 **Compatibility:** Firefox 60, Firefox ESR 60\
5423 **CCK2 Equivalent:** `showSearchBar`\
5424 **Preferences Affected:** N/A
5425
5426 #### Windows (GPO)
5427 ```
5428 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5429 ```
5430
5431 #### Windows (Intune)
5432 OMA-URI:
5433 ```
5434 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5435 ```
5436 Value (string):
5437 ```
5438 <enabled/>
5439 <data id="SearchBar" value="unified | separate"/>
5440 ```
5441 #### macOS
5442 ```
5443 <dict>
5444 <key>SearchBar</key>
5445 <string>unified | separate</string>
5446 </dict>
5447 ```
5448 #### policies.json
5449 ```
5450 {
5451 "policies": {
5452 "SearchBar": "unified" | "separate"
5453 }
5454 }
5455 ```
5456 <a name="SearchEngines"></a>
5457
5458 ### SearchEngines (This policy is only available on the ESR.)
5459
5460 ### SearchEngines | Add
5461
5462 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5463
5464 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5465
5466 `Name` is the name of the search engine.
5467
5468 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5469
5470 `Method` is either GET or POST
5471
5472 `IconURL` is a URL for the icon to use.
5473
5474 `Alias` is a keyword to use for the engine.
5475
5476 `Description` is a description of the search engine.
5477
5478 `PostData` is the POST data as name value pairs separated by &.
5479
5480 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5481
5482 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5483
5484 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5485 **CCK2 Equivalent:** `searchplugins`\
5486 **Preferences Affected:** N/A
5487
5488 #### Windows (GPO)
5489 ```
5490 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5491 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5492 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5493 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5494 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5495 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5496 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5497 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5498 ```
5499 #### Windows (Intune)
5500 OMA-URI:
5501 ```
5502 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5503 ```
5504 Value (string):
5505 ```
5506 <enabled/>
5507 <data id="SearchEngine_Name" value="Example1"/>
5508 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5509 <data id="SearchEngine_Method" value="GET | POST"/>
5510 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5511 <data id="SearchEngine_Alias" value="example"/>
5512 <data id="SearchEngine_Description" value="Example Description"/>
5513 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5514 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5515 ```
5516 #### macOS
5517 ```
5518 <dict>
5519 <key>SearchEngines</key>
5520 <dict>
5521 <key>Add</key>
5522 <array>
5523 <dict>
5524 <key>Name</key>
5525 <string>Example1</string>
5526 <key>URLTemplate</key>
5527 <string>https://www.example.org/q={searchTerms}</string>
5528 <key>Method</key>
5529 <string>GET | POST </string>
5530 <key>IconURL</key>
5531 <string>https://www.example.org/favicon.ico</string>
5532 <key>Alias</key>
5533 <string>example</string>
5534 <key>Description</key>
5535 <string>Example Description</string>
5536 <key>SuggestURLTemplate</key>
5537 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5538 <key>PostData</key>
5539 <string>name=value&q={searchTerms}</string>
5540 </dict>
5541 <array>
5542 </dict>
5543 </dict>
5544 ```
5545 #### policies.json
5546 ```
5547 {
5548 "policies": {
5549 "SearchEngines": {
5550 "Add": [
5551 {
5552 "Name": "Example1",
5553 "URLTemplate": "https://www.example.org/q={searchTerms}",
5554 "Method": "GET" | "POST",
5555 "IconURL": "https://www.example.org/favicon.ico",
5556 "Alias": "example",
5557 "Description": "Description",
5558 "PostData": "name=value&q={searchTerms}",
5559 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5560 }
5561 ]
5562 }
5563 }
5564 }
5565 ```
5566 ### SearchEngines | Default
5567
5568 Set the default search engine. This policy is only available on the ESR.
5569
5570 **Compatibility:** Firefox ESR 60\
5571 **CCK2 Equivalent:** `defaultSearchEngine`\
5572 **Preferences Affected:** N/A
5573
5574 #### Windows (GPO)
5575 ```
5576 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5577 ```
5578 #### Windows (Intune)
5579 OMA-URI:
5580 ```
5581 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5582 ```
5583 Value (string):
5584 ```
5585 <enabled/>
5586 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5587 ```
5588 #### macOS
5589 ```
5590 <dict>
5591 <key>SearchEngines</key>
5592 <dict>
5593 <key>Default</key>
5594 <string>NAME_OF_SEARCH_ENGINE</string>
5595 </dict>
5596 </dict>
5597 ```
5598 #### policies.json
5599 ```
5600 {
5601 "policies": {
5602 "SearchEngines": {
5603 "Default": "NAME_OF_SEARCH_ENGINE"
5604 }
5605 }
5606 }
5607 ```
5608 ### SearchEngines | PreventInstalls
5609
5610 Prevent installing search engines from webpages.
5611
5612 **Compatibility:** Firefox ESR 60\
5613 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5614 **Preferences Affected:** N/A
5615
5616 #### Windows (GPO)
5617 ```
5618 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5619 ```
5620 #### Windows (Intune)
5621 OMA-URI:
5622 ```
5623 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5624 ```
5625 Value (string):
5626 ```
5627 <enabled/> or <disabled/>
5628 ```
5629 #### macOS
5630 ```
5631 <dict>
5632 <key>SearchEngines</key>
5633 <dict>
5634 <key>PreventInstalls</key>
5635 <true/> | <false/>
5636 </dict>
5637 </dict>
5638 ```
5639 #### policies.json
5640 ```
5641 {
5642 "policies": {
5643 "SearchEngines": {
5644 "PreventInstalls": true | false
5645 }
5646 }
5647 }
5648 ```
5649 ### SearchEngines | Remove
5650
5651 Hide built-in search engines. This policy is only available on the ESR.
5652
5653 **Compatibility:** Firefox ESR 60.2\
5654 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5655 **Preferences Affected:** N/A
5656
5657 #### Windows (GPO)
5658 ```
5659 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5660 ```
5661 #### Windows (Intune)
5662 OMA-URI:
5663 ```
5664 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5665 ```
5666 Value (string):
5667 ```
5668 <enabled/>
5669 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5670 ```
5671 #### macOS
5672 ```
5673 <dict>
5674 <key>SearchEngines</key>
5675 <dict>
5676 <key>Remove</key>
5677 <array>
5678 <string>NAME_OF_SEARCH_ENGINE</string>
5679 </array>
5680 </dict>
5681 </dict>
5682 ```
5683 #### policies.json
5684 ```
5685 {
5686 "policies": {
5687 "SearchEngines": {
5688 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5689 }
5690 }
5691 }
5692 ```
5693 ### SearchSuggestEnabled
5694
5695 Enable search suggestions.
5696
5697 **Compatibility:** Firefox 68, Firefox ESR 68\
5698 **CCK2 Equivalent:** N/A\
5699 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5700
5701 #### Windows (GPO)
5702 ```
5703 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5704 ```
5705 #### Windows (Intune)
5706 OMA-URI:
5707 ```
5708 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5709 ```
5710 Value (string):
5711 ```
5712 <enabled/> or <disabled/>
5713 ```
5714 #### macOS
5715 ```
5716 <dict>
5717 <key>SearchSuggestEnabled</key>
5718 <true/> | <false/>
5719 </dict>
5720 ```
5721 #### policies.json
5722 ```
5723 {
5724 "policies": {
5725 "SearchSuggestEnabled": true | false
5726 }
5727 }
5728 ```
5729 ### SecurityDevices
5730
5731 Install PKCS #11 modules.
5732
5733 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5734 **CCK2 Equivalent:** `certs.devices`\
5735 **Preferences Affected:** N/A
5736
5737 #### Windows (GPO)
5738 ```
5739 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5740 ```
5741 #### Windows (Intune)
5742 OMA-URI:
5743 ```
5744 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5745 ```
5746 Value (string):
5747 ```
5748 <enabled/>
5749 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5750 ```
5751 #### macOS
5752 ```
5753 <dict>
5754 <key>SecurityDevices</key>
5755 <dict>
5756 <key>NAME_OF_DEVICE</key>
5757 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5758 </dict>
5759 </dict>
5760 ```
5761
5762 #### policies.json
5763 ```
5764 {
5765 "policies": {
5766 "SecurityDevices": {
5767 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5768 }
5769 }
5770 }
5771 ```
5772 ### ShowHomeButton
5773 Show the home button on the toolbar.
5774
5775 Future versions of Firefox will not show the home button by default.
5776
5777 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5778 **CCK2 Equivalent:** N/A\
5779 **Preferences Affected:** N/A
5780
5781 #### Windows (GPO)
5782 ```
5783 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5784 ```
5785 #### Windows (Intune)
5786 OMA-URI:
5787 ```
5788 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5789 ```
5790 Value (string):
5791 ```
5792 <enabled/> or <disabled/>
5793 ```
5794 #### macOS
5795 ```
5796 <dict>
5797 <key>ShowHomeButton</key>
5798 <true/> | <false/>
5799 </dict>
5800 ```
5801 #### policies.json
5802 ```
5803 {
5804 "policies": {
5805 "ShowHomeButton": true | false
5806 }
5807 }
5808 ```
5809 ### SSLVersionMax
5810
5811 Set and lock the maximum version of TLS.
5812
5813 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5814 **CCK2 Equivalent:** N/A\
5815 **Preferences Affected:** `security.tls.version.max`
5816
5817 #### Windows (GPO)
5818 ```
5819 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5820 ```
5821 #### Windows (Intune)
5822 OMA-URI:
5823 ```
5824 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5825 ```
5826 Value (string):
5827 ```
5828 <enabled/>
5829 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5830 ```
5831 #### macOS
5832 ```
5833 <dict>
5834 <key>SSLVersionMax</key>
5835 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5836 </dict>
5837 ```
5838
5839 #### policies.json
5840 ```
5841 {
5842 "policies": {
5843 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5844 }
5845 }
5846 ```
5847 ### SSLVersionMin
5848
5849 Set and lock the minimum version of TLS.
5850
5851 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5852 **CCK2 Equivalent:** N/A\
5853 **Preferences Affected:** `security.tls.version.min`
5854
5855 #### Windows (GPO)
5856 ```
5857 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5858 ```
5859 #### Windows (Intune)
5860 OMA-URI:
5861 ```
5862 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5863 ```
5864 Value (string):
5865 ```
5866 <enabled/>
5867 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5868 ```
5869 #### macOS
5870 ```
5871 <dict>
5872 <key>SSLVersionMin</key>
5873 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5874 </dict>
5875 ```
5876
5877 #### policies.json
5878 ```
5879 {
5880 "policies": {
5881 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5882 }
5883 }
5884 ```
5885 ### SupportMenu
5886 Add a menuitem to the help menu for specifying support information.
5887
5888 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5889 **CCK2 Equivalent:** helpMenu\
5890 **Preferences Affected:** N/A
5891
5892 #### Windows (GPO)
5893 ```
5894 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5895 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5896 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5897 ```
5898 #### Windows (Intune)
5899 OMA-URI:
5900 ```
5901 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5902 ```
5903 Value (string):
5904 ```
5905 <enabled/>
5906 <data id="SupportMenuTitle" value="Support Menu"/>
5907 <data id="SupportMenuURL" value="http://example.com/support"/>
5908 <data id="SupportMenuAccessKey" value="S"/>
5909 ```
5910 #### macOS
5911 ```
5912 <dict>
5913 <key>SupportMenu</key>
5914 <dict>
5915 <key>Title</key>
5916 <string>SupportMenu</string>
5917 <key>URL</key>
5918 <string>http://example.com/support</string>
5919 <key>AccessKey</key>
5920 <string>S</string>
5921 </dict>
5922 </dict>
5923 ```
5924 #### policies.json
5925 ```
5926 {
5927 "policies": {
5928 "SupportMenu": {
5929 "Title": "Support Menu",
5930 "URL": "http://example.com/support",
5931 "AccessKey": "S"
5932 }
5933 }
5934 }
5935 ```
5936 ### StartDownloadsInTempDirectory
5937 Force downloads to start off in a local, temporary location rather than the default download directory.
5938
5939 **Compatibility:** Firefox 102\
5940 **CCK2 Equivalent:** N/A\
5941 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
5942
5943 #### Windows (GPO)
5944 ```
5945 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
5946 ```
5947 #### Windows (Intune)
5948 OMA-URI:
5949 ```
5950 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
5951 ```
5952 Value (string):
5953 ```
5954 <enabled/> or <disabled/>
5955 ```
5956 #### macOS
5957 ```
5958 <dict>
5959 <key>StartDownloadsInTempDirectory</key>
5960 <true/> | <false/>
5961 </dict>
5962 ```
5963 #### policies.json
5964 ```
5965 {
5966 "policies": {
5967 "StartDownloadsInTempDirectory": true | false
5968 }
5969 ```
5970 ### UserMessaging
5971
5972 Prevent Firefox from messaging the user in certain situations.
5973
5974 `WhatsNew` Remove the "What's New" icon and menuitem.
5975
5976 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
5977
5978 `FeatureRecommendations` If false, don't recommend browser features.
5979
5980 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
5981
5982 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
5983
5984 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
5985
5986 **Compatibility:** Firefox 75, Firefox ESR 68.7\
5987 **CCK2 Equivalent:** N/A\
5988 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
5989
5990 #### Windows (GPO)
5991 ```
5992 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
5993 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
5994 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
5995 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
5996 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
5997 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
5998 ```
5999 #### Windows (Intune)
6000 OMA-URI:
6001 ```
6002 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6003 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6004 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6005 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6006 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6007 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6008 ```
6009 Value (string):
6010 ```
6011 <enabled/> or <disabled/>
6012 ```
6013 #### macOS
6014 ```
6015 <dict>
6016 <key>UserMessaging</key>
6017 <dict>
6018 <key>WhatsNew</key>
6019 <true/> | <false/>
6020 <key>ExtensionRecommendations</key>
6021 <true/> | <false/>
6022 <key>FeatureRecommendations</key>
6023 <true/> | <false/>
6024 <key>UrlbarInterventions</key>
6025 <true/> | <false/>
6026 <key>SkipOnboarding</key>
6027 <true/> | <false/>
6028 <key>MoreFromMozilla</key>
6029 <true/> | <false/>
6030 </dict>
6031 </dict>
6032 ```
6033 #### policies.json
6034 ```
6035 {
6036 "policies": {
6037 "UserMessaging": {
6038 "WhatsNew": true | false,
6039 "ExtensionRecommendations": true | false,
6040 "FeatureRecommendations": true | false,
6041 "UrlbarInterventions": true | false,
6042 "SkipOnboarding": true | false,
6043 "MoreFromMozilla": true | false
6044 }
6045 }
6046 }
6047 ```
6048 ### UseSystemPrintDialog
6049 Use the system print dialog instead of the print preview window.
6050
6051 **Compatibility:** Firefox 102\
6052 **CCK2 Equivalent:** N/A\
6053 **Preferences Affected:** `print.prefer_system_dialog`
6054
6055 #### Windows (GPO)
6056 ```
6057 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6058 ```
6059 #### Windows (Intune)
6060 OMA-URI:
6061 ```
6062 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6063 ```
6064 Value (string):
6065 ```
6066 <enabled/> or <disabled/>
6067 ```
6068 #### macOS
6069 ```
6070 <dict>
6071 <key>UseSystemPrintDialog</key>
6072 <true/> | <false/>
6073 </dict>
6074 ```
6075 #### policies.json
6076 ```
6077 {
6078 "policies": {
6079 "UseSystemPrintDialog": true | false
6080 }
6081 }
6082 ```
6083 ### WebsiteFilter
6084 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6085 The arrays are limited to 1000 entries each.
6086
6087 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6088
6089 For specific protocols, use `https://*/*` or `http://*/*`.
6090
6091 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6092
6093 **Compatibility:** Firefox 60, Firefox ESR 60\
6094 **CCK2 Equivalent:** N/A\
6095 **Preferences Affected:** N/A
6096
6097 #### Windows (GPO)
6098 ```
6099 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6100 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6101 ```
6102 #### Windows (Intune)
6103 OMA-URI:
6104 ```
6105 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6106 ```
6107 Value (string):
6108 ```
6109 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6110 ```
6111 OMA-URI:
6112 ```
6113 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6114 ```
6115 Value (string):
6116 ```
6117 <enabled/>
6118 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6119 ```
6120 #### macOS
6121 ```
6122 <dict>
6123 <key>WebsiteFilter</key>
6124 <dict>
6125 <key>Block</key>
6126 <array>
6127 <string><all_urls></string>
6128 </array>
6129 <key>Exceptions</key>
6130 <array>
6131 <string>http://example.org/*</string>
6132 </array>
6133 </dict>
6134
6135 </dict>
6136 ```
6137 #### policies.json
6138 ```
6139 {
6140 "policies": {
6141 "WebsiteFilter": {
6142 "Block": ["<all_urls>"],
6143 "Exceptions": ["http://example.org/*"]
6144 }
6145 }
6146 }
6147 ```
6148 ### WindowsSSO
6149 Allow Windows single sign-on for Microsoft, work, and school accounts.
6150
6151 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6152
6153 **Compatibility:** Firefox 91\
6154 **CCK2 Equivalent:** N/A\
6155 **Preferences Affected:** `network.http.windows-sso.enabled`
6156
6157 #### Windows (GPO)
6158 ```
6159 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6160 ```
6161 #### Windows (Intune)
6162 OMA-URI:
6163 ```
6164 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6165 ```
6166 Value (string):
6167 ```
6168 <enabled/> or <disabled/>
6169 ```
6170 #### policies.json
6171 ```
6172 {
6173 "policies": {
6174 "WindowsSSO": true | false
6175 }
6176 }
6177 ```

patrick-canterino.de