]> git.p6c8.net - policy-templates.git/blob - docs/index.md
8fd1d592eeb06f77848083835706215311477b98
[policy-templates.git] / docs / index.md
1 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
2
3 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
4
5 ```
6 {
7 "policies": {
8 "Authentication": {
9 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
10 }
11 "Authentication_Comment": "These domains are required for us"
12 }
13 }
14 ```
15
16 | Policy Name | Description
17 | --- | --- |
18 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
19 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
20 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
21 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
22 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
23 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
24 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
25 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
26 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
27 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
28 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
29 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
30 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
31 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
32 | **[`Certificates`](#certificates)** |
33 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
34 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
35 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
36 | **[`Cookies`](#cookies)** | Configure cookie preferences.
37 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
38 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
39 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
40 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
41 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
42 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
43 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
44 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
45 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
46 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
47 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
48 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
49 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
50 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
51 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
52 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
53 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
54 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
55 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
56 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
57 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
58 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
59 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
60 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
61 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
62 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
63 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
64 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
65 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
66 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
67 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
68 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
69 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
70 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
71 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
72 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
73 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
74 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
75 | **[`Handlers`](#handlers)** | Configure default application handlers.
76 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
77 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
78 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
79 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
80 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
81 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
82 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
83 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
84 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
85 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
86 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
87 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
88 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
89 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
90 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
91 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
92 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
93 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
94 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
95 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
96 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
97 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
98 | **[`Preferences`](#preferences)** | Set and lock preferences.
99 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
100 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
101 | **[`Proxy`](#proxy)** | Configure proxy settings.
102 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
103 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
104 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
105 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
106 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
107 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
108 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
109 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
110 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
111 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
112 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
113 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
114 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
115 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
116 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
117 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
118 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
119 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
120 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
121 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
122
123 ### 3rdparty
124
125 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
126
127 For GPO and Intune, the extension developer should provide an ADMX file.
128
129 **Compatibility:** Firefox 68\
130 **CCK2 Equivalent:** N/A\
131 **Preferences Affected:** N/A
132
133 #### macOS
134 ```
135 <dict>
136 <key>3rdparty</key>
137 <dict>
138 <key>Extensions</key>
139 <dict>
140 <key>uBlock0@raymondhill.net</key>
141 <dict>
142 <key>adminSettings</key>
143 <dict>
144 <key>selectedFilterLists</key>
145 <array>
146 <string>ublock-privacy</string>
147 <string>ublock-badware</string>
148 <string>ublock-filters</string>
149 <string>user-filters</string>
150 </array>
151 </dict>
152 </dict>
153 </dict>
154 </dict>
155 </dict>
156 ```
157 #### policies.json
158 ```
159 {
160 "policies": {
161 "3rdparty": {
162 "Extensions": {
163 "uBlock0@raymondhill.net": {
164 "adminSettings": {
165 "selectedFilterLists": [
166 "ublock-privacy",
167 "ublock-badware",
168 "ublock-filters",
169 "user-filters"
170 ]
171 }
172 }
173 }
174 }
175 }
176 }
177 ```
178
179 ### AllowedDomainsForApps
180
181 Define domains allowed to access Google Workspace.
182
183 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
184
185 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
186
187 **Compatibility:** Firefox 89, Firefox ESR 78.11\
188 **CCK2 Equivalent:** N/A\
189 **Preferences Affected:** N/A
190
191 #### Windows (GPO)
192 ```
193 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
194 ```
195 #### Windows (Intune)
196 OMA-URI:
197 ```
198 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
199 ```
200 Value (string):
201 ```
202 <enabled/>
203 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
204 ```
205 #### macOS
206 ```
207 <dict>
208 <key>AllowedDomainsForApps</key>
209 <string>managedfirefox.com,example.com</string>
210 </dict>
211 ```
212 #### policies.json
213 ```
214 {
215 "policies": {
216 "AllowedDomainsForApps": "managedfirefox.com,example.com"
217 }
218 }
219 ```
220 ### AppAutoUpdate
221
222 Enable or disable **automatic** application update.
223
224 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
225
226 If set to false, application updates are downloaded but the user can choose when to install the update.
227
228 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
229
230 **Compatibility:** Firefox 75, Firefox ESR 68.7\
231 **CCK2 Equivalent:** N/A\
232 **Preferences Affected:** `app.update.auto`
233
234 #### Windows (GPO)
235 ```
236 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
237 ```
238 #### Windows (Intune)
239 OMA-URI:
240 ```
241 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
242 ```
243 Value (string):
244 ```
245 <enabled/> or <disabled/>
246 ```
247 #### macOS
248 ```
249 <dict>
250 <key>AppAutoUpdate</key>
251 <true/> | <false/>
252 </dict>
253 ```
254 #### policies.json
255 ```
256 {
257 "policies": {
258 "AppAutoUpdate": true | false
259 }
260 }
261 ```
262 ### AppUpdatePin
263
264 Prevent Firefox from being updated beyond the specified version.
265
266 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
267
268 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
269
270 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
271
272 **Compatibility:** Firefox 102,\
273 **CCK2 Equivalent:** N/A\
274 **Preferences Affected:** N/A
275
276 #### Windows (GPO)
277 ```
278 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
279 ```
280 #### Windows (Intune)
281 OMA-URI:
282 ```
283 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
284 ```
285 Value (string):
286 ```
287 <enabled/>
288 <data id="AppUpdatePin" value="106."/>
289 ```
290 #### macOS
291 ```
292 <dict>
293 <key>AppUpdatePin</key>
294 <string>106.</string>
295 </dict>
296 ```
297 #### policies.json
298 ```
299 {
300 "policies": {
301 "AppUpdatePin": "106."
302 }
303 }
304 ```
305 ### AppUpdateURL
306
307 Change the URL for application update if you are providing Firefox updates from a custom update server.
308
309 **Compatibility:** Firefox 62, Firefox ESR 60.2\
310 **CCK2 Equivalent:** N/A\
311 **Preferences Affected:** `app.update.url`
312
313 #### Windows (GPO)
314 ```
315 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
316 ```
317 #### Windows (Intune)
318 OMA-URI:
319 ```
320 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
321 ```
322 Value (string):
323 ```
324 <enabled/>
325 <data id="AppUpdateURL" value="https://yoursite.com"/>
326 ```
327 #### macOS
328 ```
329 <dict>
330 <key>AppUpdateURL</key>
331 <string>https://yoursite.com</string>
332 </dict>
333 ```
334 #### policies.json
335 ```
336 {
337 "policies": {
338 "AppUpdateURL": "https://yoursite.com"
339 }
340 }
341 ```
342 ### Authentication
343
344 Configure sites that support integrated authentication.
345
346 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
347
348 `PrivateBrowsing` enables integrated authentication in private browsing.
349
350 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
351 **CCK2 Equivalent:** N/A\
352 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
353
354 #### Windows (GPO)
355 ```
356 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
357 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
358 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
359 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
360 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
361 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
362 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
363 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
364 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
365 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
366 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
367 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
368 ```
369 #### Windows (Intune)
370 OMA-URI:
371 ```
372 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
373 ```
374 Value (string):
375 ```
376 <enabled/>
377 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
378 ```
379 OMA-URI:
380 ```
381 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
382 ```
383 Value (string):
384 ```
385 <enabled/>
386 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
387 ```
388 OMA-URI:
389 ```
390 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
391 ```
392 Value (string):
393 ```
394 <enabled/>
395 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
396 ```
397 OMA-URI:
398 ```
399 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
400 ```
401 Value (string):
402 ```
403 <enabled/>
404 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
405 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
406 ```
407 OMA-URI:
408 ```
409 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
410 ```
411 Value (string):
412 ```
413 <enabled/> or <disabled/>
414 ```
415 OMA-URI:
416 ```
417 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
418 ```
419 Value (string):
420 ```
421 <enabled/> or <disabled/>
422 ```
423 #### macOS
424 ```
425 <dict>
426 <key>Authentication</key>
427 <dict>
428 <key>SPNEGO</key>
429 <array>
430 <string>mydomain.com</string>
431 <string>https://myotherdomain.com</string>
432 </array>
433 <key>Delegated</key>
434 <array>
435 <string>mydomain.com</string>
436 <string>https://myotherdomain.com</string>
437 </array>
438 <key>NTLM</key>
439 <array>
440 <string>mydomain.com</string>
441 <string>https://myotherdomain.com</string>
442 </array>
443 <key>AllowNonFQDN</key>
444 <dict>
445 <key>SPNEGO</key>
446 <true/> | <false/>
447 <key>NTLM</key>
448 <true/> | <false/>
449 </dict>
450 <key>AllowProxies</key>
451 <dict>
452 <key>SPNEGO</key>
453 <true/> | <false/>
454 <key>NTLM</key>
455 <true/> | <false/>
456 </dict>
457 <key>Locked</key>
458 <true/> | <false/>
459 <key>PrivateBrowsing</key>
460 <true/> | <false/>
461 </dict>
462 </dict>
463 ```
464 #### policies.json
465 ```
466 {
467 "policies": {
468 "Authentication": {
469 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
470 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
471 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
472 "AllowNonFQDN": {
473 "SPNEGO": true | false,
474 "NTLM": true | false
475 },
476 "AllowProxies": {
477 "SPNEGO": true | false,
478 "NTLM": true | false
479 },
480 "Locked": true | false,
481 "PrivateBrowsing": true | false
482 }
483 }
484 }
485 ```
486 ### AutoLaunchProtocolsFromOrigins
487 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
488
489 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
490
491 The schema is:
492 ```
493 {
494 "items": {
495 "properties": {
496 "allowed_origins": {
497 "items": {
498 "type": "string"
499 },
500 "type": "array"
501 },
502 "protocol": {
503 "type": "string"
504 }
505 },
506 "required": [
507 "protocol",
508 "allowed_origins"
509 ],
510 "type": "object"
511 },
512 "type": "array"
513 }
514 ```
515 **Compatibility:** Firefox 90, Firefox ESR 78.12\
516 **CCK2 Equivalent:** N/A\
517 **Preferences Affected:** N/A
518
519 #### Windows (GPO)
520 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
521 ```
522 [
523 {
524 "protocol": "zoommtg",
525 "allowed_origins": [
526 "https://somesite.zoom.us"
527 ]
528 }
529 ]
530 ```
531 #### Windows (Intune)
532 OMA-URI:
533 ```
534 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
535 ```
536 Value (string):
537 ```
538 <enabled/>
539 <data id="JSON" value='
540 [
541 {
542 "protocol": "zoommtg",
543 "allowed_origins": [
544 "https://somesite.zoom.us"
545 ]
546 }
547 ]'/>
548 ```
549 #### macOS
550 ```
551 <dict>
552 <key>AutoLaunchProtocolsFromOrigins</key>
553 <array>
554 <dict>
555 <key>protocol</key>
556 <string>zoommtg</string>
557 <key>allowed_origins</key>
558 <array>
559 <string>https://somesite.zoom.us</string>
560 </array>
561 </dict>
562 </array>
563 </dict>
564 ```
565 #### policies.json
566 ```
567 {
568 "policies": {
569 "AutoLaunchProtocolsFromOrigins": [{
570 "protocol": "zoommtg",
571 "allowed_origins": [
572 "https://somesite.zoom.us"
573 ]
574 }]
575 }
576 }
577 ```
578 ### BackgroundAppUpdate
579
580 Enable or disable **automatic** application update **in the background**, when the application is not running.
581
582 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
583
584 If set to false, the application will not try to install updates when the application is not running.
585
586 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
587
588 **Compatibility:** Firefox 90 (Windows only)\
589 **CCK2 Equivalent:** N/A\
590 **Preferences Affected:** `app.update.background.enabled`
591
592 #### Windows (GPO)
593 ```
594 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
595 ```
596 #### Windows (Intune)
597 OMA-URI:
598 ```
599 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
600 ```
601 Value (string):
602 ```
603 <enabled/> or <disabled/>
604 ```
605 #### macOS
606 ```
607 <dict>
608 <key>BackgroundAppUpdate</key>
609 <true/> | <false/>
610 </dict>
611 ```
612 #### policies.json
613 ```
614 {
615 "policies": {
616 "BackgroundAppUpdate": true | false
617 }
618 }
619 ```
620 ### BlockAboutAddons
621
622 Block access to the Add-ons Manager (about:addons).
623
624 **Compatibility:** Firefox 60, Firefox ESR 60\
625 **CCK2 Equivalent:** `disableAddonsManager`\
626 **Preferences Affected:** N/A
627
628 #### Windows (GPO)
629 ```
630 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
631 ```
632 #### Windows (Intune)
633 OMA-URI:
634 ```
635 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
636 ```
637 Value (string):
638 ```
639 <enabled/> or <disabled/>
640 ```
641 #### macOS
642 ```
643 <dict>
644 <key>BlockAboutAddons</key>
645 <true/> | <false/>
646 </dict>
647 ```
648 #### policies.json
649 ```
650 {
651 "policies": {
652 "BlockAboutAddons": true | false
653 }
654 }
655 ```
656 ### BlockAboutConfig
657
658 Block access to about:config.
659
660 **Compatibility:** Firefox 60, Firefox ESR 60\
661 **CCK2 Equivalent:** `disableAboutConfig`\
662 **Preferences Affected:** N/A
663
664 #### Windows (GPO)
665 ```
666 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
667 ```
668 #### Windows (Intune)
669 OMA-URI:
670 ```
671 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
672 ```
673 Value (string):
674 ```
675 <enabled/> or <disabled/>
676 ```
677 #### macOS
678 ```
679 <dict>
680 <key>BlockAboutConfig</key>
681 <true/> | <false/>
682 </dict>
683 ```
684 #### policies.json
685 ```
686 {
687 "policies": {
688 "BlockAboutConfig": true | false
689 }
690 }
691 ```
692 ### BlockAboutProfiles
693
694 Block access to About Profiles (about:profiles).
695
696 **Compatibility:** Firefox 60, Firefox ESR 60\
697 **CCK2 Equivalent:** `disableAboutProfiles`\
698 **Preferences Affected:** N/A
699
700 #### Windows (GPO)
701 ```
702 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
703 ```
704 #### Windows (Intune)
705 OMA-URI:
706 ```
707 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
708 ```
709 Value (string):
710 ```
711 <enabled/> or <disabled/>
712 ```
713 #### macOS
714 ```
715 <dict>
716 <key>BlockAboutProfiles</key>
717 <true/> | <false/>
718 </dict>
719 ```
720 #### policies.json
721 ```
722 {
723 "policies": {
724 "BlockAboutProfiles": true | false
725 }
726 }
727 ```
728 ### BlockAboutSupport
729
730 Block access to Troubleshooting Information (about:support).
731
732 **Compatibility:** Firefox 60, Firefox ESR 60\
733 **CCK2 Equivalent:** `disableAboutSupport`\
734 **Preferences Affected:** N/A
735
736 #### Windows (GPO)
737 ```
738 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
739 ```
740 #### Windows (Intune)
741 OMA-URI:
742 ```
743 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
744 ```
745 Value (string):
746 ```
747 <enabled/> or <disabled/>
748 ```
749 #### macOS
750 ```
751 <dict>
752 <key>BlockAboutSupport</key>
753 <true/> | <false/>
754 </dict>
755 ```
756 #### policies.json
757 ```
758 {
759 "policies": {
760 "BlockAboutSupport": true | false
761 }
762 }
763 ```
764 ### Bookmarks
765
766 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
767
768 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
769
770 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
771
772 **Compatibility:** Firefox 60, Firefox ESR 60\
773 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
774 **Preferences Affected:** N/A
775
776 #### Windows (GPO)
777 ```
778 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
779 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
780 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
781 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
782 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
783
784 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
785 ```
786 []
787 ```
788
789 ```
790 #### Windows (Intune)
791 OMA-URI:
792 ```
793 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
794 ```
795 Value (string):
796 ```
797 <enabled/>
798 <data id="BookmarkTitle" value="Example"/>
799 <data id="BookmarkURL" value="https://example.com"/>
800 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
801 <data id="BookmarkPlacement" value="toolbar | menu"/>
802 <data id="BookmarkFolder" value="FolderName"/>
803 ```
804 OMA-URI:
805 ```
806 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
807 ```
808 Value (string):
809 ```
810 <enabled/>
811 <data id="JSON" value='[]'/>
812 ```
813 #### macOS
814 ```
815 <dict>
816 <key>Bookmarks</key>
817 <array>
818 <dict>
819 <key>Title</key>
820 <string>Example</string>
821 <key>URL</key>
822 <string>https://example.com</string>
823 <key>Favicon</key>
824 <string>https://example.com/favicon.ico</string>
825 <key>Placement</key>
826 <string>toolbar | menu</string>
827 <key>Folder</key>
828 <string>FolderName</string>
829 </dict>
830 </array>
831 </dict>
832 ```
833 #### policies.json
834 ```
835 {
836 "policies": {
837 "Bookmarks": [
838 {
839 "Title": "Example",
840 "URL": "https://example.com",
841 "Favicon": "https://example.com/favicon.ico",
842 "Placement": "toolbar" | "menu",
843 "Folder": "FolderName"
844 }
845 ]
846 }
847 }
848 ```
849 ### CaptivePortal
850 Enable or disable the detection of captive portals.
851
852 **Compatibility:** Firefox 67, Firefox ESR 60.7\
853 **CCK2 Equivalent:** N/A\
854 **Preferences Affected:** `network.captive-portal-service.enabled`
855
856 #### Windows (GPO)
857 ```
858 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
859 ```
860 #### Windows (Intune)
861 OMA-URI:
862 ```
863 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
864 ```
865 Value (string):
866 ```
867 <enabled/> or <disabled/>
868 ```
869 #### macOS
870 ```
871 <dict>
872 <key>CaptivePortal</key>
873 <true/> | <false/>
874 </dict>
875 ```
876 #### policies.json
877 ```
878 {
879 "policies": {
880 "CaptivePortal": true | false
881 }
882 }
883 ```
884 ### Certificates
885
886 ### Certificates | ImportEnterpriseRoots
887
888 Trust certificates that have been added to the operating system certificate store by a user or administrator.
889
890 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
891
892 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
893
894 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
895 **CCK2 Equivalent:** N/A\
896 **Preferences Affected:** `security.enterprise_roots.enabled`
897
898 #### Windows (GPO)
899 ```
900 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
901 ```
902 #### Windows (Intune)
903 OMA-URI:
904 ```
905 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
906 ```
907 Value (string):
908 ```
909 <enabled/> or <disabled/>
910 ```
911 #### macOS
912 ```
913 <dict>
914 <key>Certificates</key>
915 <dict>
916 <key>ImportEnterpriseRoots</key>
917 <true/> | <false/>
918 </dict>
919 </dict>
920 ```
921 #### policies.json
922 ```
923 {
924 "policies": {
925 "Certificates": {
926 "ImportEnterpriseRoots": true | false
927 }
928 }
929 }
930 ```
931 ### Certificates | Install
932
933 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
934
935 - Windows
936 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
937 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
938 - macOS
939 - /Library/Application Support/Mozilla/Certificates
940 - ~/Library/Application Support/Mozilla/Certificates
941 - Linux
942 - /usr/lib/mozilla/certificates
943 - /usr/lib64/mozilla/certificates
944 - ~/.mozilla/certificates
945
946 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
947
948 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
949
950 Certificates are installed using the trust string `CT,CT,`.
951
952 Binary (DER) and ASCII (PEM) certificates are both supported.
953
954 **Compatibility:** Firefox 64, Firefox ESR 64\
955 **CCK2 Equivalent:** `certs.ca`\
956 **Preferences Affected:** N/A
957
958 #### Windows (GPO)
959 ```
960 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
961 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
962 ```
963 #### Windows (Intune)
964 OMA-URI:
965 ```
966 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
967 ```
968 Value (string):
969 ```
970 <enabled/>
971 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
972 ```
973 #### macOS
974 ```
975 <dict>
976 <key>Certificates</key>
977 <dict>
978 <key>Install</key>
979 <array>
980 <string>cert1.der</string>
981 <string>/Users/username/cert2.pem</string>
982 </array>
983 </dict>
984 </dict>
985 ```
986 #### policies.json
987 ```
988 {
989 "policies": {
990 "Certificates": {
991 "Install": ["cert1.der", "/home/username/cert2.pem"]
992 }
993 }
994 }
995 ```
996 ### Containers
997 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
998
999 Currently you can set the initial set of containers.
1000
1001 For each container, you can specify the name, icon, and color.
1002
1003 | Name | Description |
1004 | --- | --- |
1005 | `name`| Name of container
1006 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1007 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1008
1009 **Compatibility:** Firefox 113\
1010 **CCK2 Equivalent:** N/A\
1011 **Preferences Affected:** N/A
1012
1013 #### Windows (GPO)
1014 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1015 ```
1016 {
1017 "Default": [
1018 {
1019 "name": "My container",
1020 "icon": "pet",
1021 "color": "turquoise"
1022 }
1023 ]
1024 }
1025 ```
1026 #### Windows (Intune)
1027 OMA-URI:
1028 ```
1029 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1030 ```
1031 Value (string):
1032 ```
1033 <enabled/>
1034 <data id="JSON" value='
1035 {
1036 "Default": [
1037 {
1038 "name": "My container",
1039 "icon": "pet",
1040 "color": "turquoise"
1041 }
1042 ]
1043 }
1044 '/>
1045 ```
1046 #### macOS
1047 ```
1048 <dict>
1049 <key>Default</key>
1050 <dict>
1051 <key>Containers</key>
1052 <array>
1053 <dict>
1054 <key>name</key>
1055 <string>My container</string>
1056 <key>icon</key>
1057 <string>pet</string>
1058 <key>color</key>
1059 <string>turquoise</string>
1060 </dict>
1061 </array>
1062 </dict>
1063 </dict>
1064 ```
1065 #### policies.json
1066 ```
1067 {
1068 "policies": {
1069 "Containers": {
1070 "Default": [
1071 {
1072 "name": "My container",
1073 "icon": "pet",
1074 "color": "turquoise"
1075 }
1076 ]
1077 }
1078 }
1079 }
1080 ```
1081 ### Cookies
1082 Configure cookie preferences.
1083
1084 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1085
1086 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1087
1088 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1089
1090 `Behavior` sets the default behavior for cookies based on the values below.
1091
1092 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1093
1094 | Value | Description
1095 | --- | --- |
1096 | accept | Accept all cookies
1097 | reject-foreign | Reject third party cookies
1098 | reject | Reject all cookies
1099 | limit-foreign | Reject third party cookies for sites you haven't visited
1100 | reject-tracker | Reject cookies for known trackers (default)
1101 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1102
1103 `Locked` prevents the user from changing cookie preferences.
1104
1105 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1106 **CCK2 Equivalent:** N/A\
1107 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1108
1109 #### Windows (GPO)
1110 ```
1111 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1112 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1113 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1114 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1115 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1116 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1117 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1118 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1119 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1120 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1121 ```
1122 #### Windows (Intune)
1123 OMA-URI:
1124 ```
1125 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1126 ```
1127 Value (string):
1128 ```
1129 <enabled/>
1130 <data id="Permissions" value="1&#xF000;https://example.com"/>
1131 ```
1132 OMA-URI:
1133 ```
1134 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1135 ```
1136 Value (string):
1137 ```
1138 <enabled/>
1139 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1140 ```
1141 OMA-URI:
1142 ```
1143 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1144 ```
1145 Value (string):
1146 ```
1147 <enabled/>
1148 <data id="Permissions" value="1&#xF000;https://example.org"/>
1149 ```
1150 OMA-URI:
1151 ```
1152 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1153 ```
1154 Value (string):
1155 ```
1156 <enabled/> or <disabled/>
1157 ```
1158 OMA-URI:
1159 ```
1160 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1161 ```
1162 Value (string):
1163 ```
1164 <enabled/>
1165 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1166 ```
1167 OMA-URI:
1168 ```
1169 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1170 ```
1171 Value (string):
1172 ```
1173 <enabled/> or <disabled/>
1174 ```
1175 OMA-URI:
1176 ```
1177 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1178 ```
1179 Value (string):
1180 ```
1181 <enabled/> or <disabled/>
1182 ```
1183 OMA-URI:
1184 ```
1185 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1186 ```
1187 Value (string):
1188 ```
1189 <enabled/> or <disabled/>
1190 ```
1191 OMA-URI:
1192 ```
1193 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1194 ```
1195 Value (string):
1196 ```
1197 <enabled/>
1198 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1199 ```
1200 OMA-URI:
1201 ```
1202 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1203 ```
1204 Value (string):
1205 ```
1206 <enabled/>
1207 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1208 ```
1209 #### macOS
1210 ```
1211 <dict>
1212 <key>Cookies</key>
1213 <dict>
1214 <key>Allow</key>
1215 <array>
1216 <string>http://example.com</string>
1217 </array>
1218 <key>AllowSession</key>
1219 <array>
1220 <string>http://example.edu</string>
1221 </array>
1222 <key>Block</key>
1223 <array>
1224 <string>http://example.org</string>
1225 </array>
1226 <key>Default</key>
1227 <true/> | <false/>
1228 <key>AcceptThirdParty</key>
1229 <string>always | never | from-visited</string>
1230 <key>ExpireAtSessionEnd</key>
1231 <true/> | <false/>
1232 <key>RejectTracker</key>
1233 <true/> | <false/>
1234 <key>Locked</key>
1235 <true/> | <false/>
1236 <key>Behavior</key>
1237 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1238 <key>BehaviorPrivateBrowsing</key>
1239 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1240 </dict>
1241 </dict>
1242 ```
1243 #### policies.json
1244 ```
1245 {
1246 "policies": {
1247 "Cookies": {
1248 "Allow": ["http://example.org/"],
1249 "AllowSession": ["http://example.edu/"],
1250 "Block": ["http://example.edu/"],
1251 "Default": true | false,
1252 "AcceptThirdParty": "always" | "never" | "from-visited",
1253 "ExpireAtSessionEnd": true | false,
1254 "RejectTracker": true | false,
1255 "Locked": true | false,
1256 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1257 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1258 }
1259 }
1260 }
1261 ```
1262 ### DefaultDownloadDirectory
1263 Set the default download directory.
1264
1265 You can use ${home} for the native home directory.
1266
1267 **Compatibility:** Firefox 68, Firefox ESR 68\
1268 **CCK2 Equivalent:** N/A\
1269 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1270
1271 #### Windows (GPO)
1272 ```
1273 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1274 ```
1275 #### Windows (Intune)
1276 OMA-URI:
1277 ```
1278 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1279 ```
1280 Value (string):
1281 ```
1282 <enabled/>
1283 <data id="Preferences_String" value="${home}\Downloads"/>
1284 ```
1285 #### macOS
1286 ```
1287 <dict>
1288 <key>DefaultDownloadDirectory</key>
1289 <string>${home}/Downloads</string>
1290 </dict>
1291 ```
1292 #### policies.json (macOS and Linux)
1293 ```
1294 {
1295 "policies": {
1296 "DefaultDownloadDirectory": "${home}/Downloads"
1297 }
1298 }
1299 ```
1300 #### policies.json (Windows)
1301 ```
1302 {
1303 "policies": {
1304 "DefaultDownloadDirectory": "${home}\\Downloads"
1305 }
1306 }
1307 ```
1308 ### DisableAppUpdate
1309 Turn off application updates within Firefox.
1310
1311 **Compatibility:** Firefox 60, Firefox ESR 60\
1312 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1313 **Preferences Affected:** N/A
1314
1315 #### Windows (GPO)
1316 ```
1317 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1318 ```
1319 #### Windows (Intune)
1320 OMA-URI:
1321 ```
1322 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1323 ```
1324 Value (string):
1325 ```
1326 <enabled/> or <disabled/>
1327 ```
1328 #### macOS
1329 ```
1330 <dict>
1331 <key>DisableAppUpdate</key>
1332 <true/> | <false/>
1333 </dict>
1334 ```
1335 #### policies.json
1336 ```
1337 {
1338 "policies": {
1339 "DisableAppUpdate": true | false
1340 }
1341 }
1342 ```
1343 ### DisableBuiltinPDFViewer
1344 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1345
1346 **Compatibility:** Firefox 60, Firefox ESR 60\
1347 **CCK2 Equivalent:** `disablePDFjs`\
1348 **Preferences Affected:** `pdfjs.disabled`
1349
1350 #### Windows (GPO)
1351 ```
1352 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1353 ```
1354 #### Windows (Intune)
1355 OMA-URI:
1356 ```
1357 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1358 ```
1359 Value (string):
1360 ```
1361 <enabled/> or <disabled/>
1362 ```
1363 #### macOS
1364 ```
1365 <dict>
1366 <key>DisableBuiltinPDFViewer</key>
1367 <true/> | <false/>
1368 </dict>
1369 ```
1370 #### policies.json
1371 ```
1372 {
1373 "policies": {
1374 "DisableBuiltinPDFViewer": true | false
1375 }
1376 }
1377 ```
1378 ### DisabledCiphers
1379 Disable specific cryptographic ciphers, listed below.
1380
1381 ```
1382 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1383 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1385 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1386 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1387 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1388 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1389 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1390 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1391 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1392 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1393 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1394 TLS_RSA_WITH_AES_128_GCM_SHA256
1395 TLS_RSA_WITH_AES_256_GCM_SHA384
1396 TLS_RSA_WITH_AES_128_CBC_SHA
1397 TLS_RSA_WITH_AES_256_CBC_SHA
1398 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1399 ```
1400
1401 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1402
1403 ---
1404 **Note:**
1405
1406 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1407
1408 ---
1409 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1410 **CCK2 Equivalent:** N/A\
1411 **Preferences Affected:** N/A
1412
1413 #### Windows (GPO)
1414 ```
1415 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1416 ```
1417 #### Windows (Intune)
1418 OMA-URI:
1419 ```
1420 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1421
1422 ```
1423 Value (string):
1424 ```
1425 <enabled/> or <disabled/>
1426 ```
1427 #### macOS
1428 ```
1429 <dict>
1430 <key>DisabledCiphers</key>
1431 <dict>
1432 <key>CIPHER_NAME</key>
1433 <true/> | <false/>
1434 </dict>
1435 </dict>
1436 ```
1437 #### policies.json
1438 ```
1439 {
1440 "policies": {
1441 "DisabledCiphers": {
1442 "CIPHER_NAME": true | false,
1443 }
1444 }
1445 }
1446 ```
1447 ### DisableDefaultBrowserAgent
1448 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1449
1450 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1451
1452 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1453 **CCK2 Equivalent:** N/A\
1454 **Preferences Affected:** N/A
1455
1456 #### Windows (GPO)
1457 ```
1458 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1459 ```
1460 #### Windows (Intune)
1461 OMA-URI:
1462 ```
1463 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1464 ```
1465 Value (string):
1466 ```
1467 <enabled/> or <disabled/>
1468 ```
1469 #### policies.json
1470 ```
1471 {
1472 "policies": {
1473 "DisableDefaultBrowserAgent": true | false
1474 }
1475 }
1476 ```
1477 ### DisableDeveloperTools
1478 Remove access to all developer tools.
1479
1480 **Compatibility:** Firefox 60, Firefox ESR 60\
1481 **CCK2 Equivalent:** `removeDeveloperTools`\
1482 **Preferences Affected:** `devtools.policy.disabled`
1483
1484 #### Windows (GPO)
1485 ```
1486 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1487 ```
1488 #### Windows (Intune)
1489 OMA-URI:
1490 ```
1491 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1492 ```
1493 Value (string):
1494 ```
1495 <enabled/> or <disabled/>
1496 ```
1497 #### macOS
1498 ```
1499 <dict>
1500 <key>DisableDeveloperTools</key>
1501 <true/> | <false/>
1502 </dict>
1503 ```
1504 #### policies.json
1505 ```
1506 {
1507 "policies": {
1508 "DisableDeveloperTools": true | false
1509 }
1510 }
1511 ```
1512 ### DisableFeedbackCommands
1513 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1514
1515 **Compatibility:** Firefox 60, Firefox ESR 60\
1516 **CCK2 Equivalent:** N/A\
1517 **Preferences Affected:** N/A
1518
1519 #### Windows (GPO)
1520 ```
1521 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1522 ```
1523 #### Windows (Intune)
1524 OMA-URI:
1525 ```
1526 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1527 ```
1528 Value (string):
1529 ```
1530 <enabled/> or <disabled/>
1531 ```
1532 #### macOS
1533 ```
1534 <dict>
1535 <key>DisableFeedbackCommands</key>
1536 <true/> | <false/>
1537 </dict>
1538 ```
1539 #### policies.json
1540 ```
1541 {
1542 "policies": {
1543 "DisableFeedbackCommands": true | false
1544 }
1545 }
1546 ```
1547 ### DisableFirefoxAccounts
1548 Disable Firefox Accounts integration (Sync).
1549
1550 **Compatibility:** Firefox 60, Firefox ESR 60\
1551 **CCK2 Equivalent:** `disableSync`\
1552 **Preferences Affected:** `identity.fxaccounts.enabled`
1553
1554 #### Windows (GPO)
1555 ```
1556 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1557 ```
1558 #### Windows (Intune)
1559 OMA-URI:
1560 ```
1561 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1562 ```
1563 Value (string):
1564 ```
1565 <enabled/> or <disabled/>
1566 ```
1567 #### macOS
1568 ```
1569 <dict>
1570 <key>DisableFirefoxAccounts</key>
1571 <true/> | <false/>
1572 </dict>
1573 ```
1574 #### policies.json
1575 ```
1576 {
1577 "policies": {
1578 "DisableFirefoxAccounts": true | false
1579 }
1580 }
1581 ```
1582 ### DisableFirefoxScreenshots
1583 Remove access to Firefox Screenshots.
1584
1585 **Compatibility:** Firefox 60, Firefox ESR 60\
1586 **CCK2 Equivalent:** N/A\
1587 **Preferences Affected:** `extensions.screenshots.disabled`
1588
1589 #### Windows (GPO)
1590 ```
1591 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1592 ```
1593 #### Windows (Intune)
1594 OMA-URI:
1595 ```
1596 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1597 ```
1598 Value (string):
1599 ```
1600 <enabled/> or <disabled/>
1601 ```
1602 #### macOS
1603 ```
1604 <dict>
1605 <key>DisableFirefoxScreenshots</key>
1606 <true/> | <false/>
1607 </dict>
1608 ```
1609 #### policies.json
1610 ```
1611 {
1612 "policies": {
1613 "DisableFirefoxScreenshots": true | false
1614 }
1615 }
1616 ```
1617 ### DisableFirefoxStudies
1618 Disable Firefox studies (Shield).
1619
1620 **Compatibility:** Firefox 60, Firefox ESR 60\
1621 **CCK2 Equivalent:** N/A\
1622 **Preferences Affected:** N/A
1623
1624 #### Windows (GPO)
1625 ```
1626 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1627 ```
1628 #### Windows (Intune)
1629 OMA-URI:
1630 ```
1631 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1632 ```
1633 Value (string):
1634 ```
1635 <enabled/> or <disabled/>
1636 ```
1637 #### macOS
1638 ```
1639 <dict>
1640 <key>DisableFirefoxStudies</key>
1641 <true/> | <false/>
1642 </dict>
1643 ```
1644 #### policies.json
1645 ```
1646 {
1647 "policies": {
1648 "DisableFirefoxStudies": true | false
1649 }
1650 }
1651 ```
1652 ### DisableForgetButton
1653 Disable the "Forget" button.
1654
1655 **Compatibility:** Firefox 60, Firefox ESR 60\
1656 **CCK2 Equivalent:** `disableForget`\
1657 **Preferences Affected:** N/A
1658
1659 #### Windows (GPO)
1660 ```
1661 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1662 ```
1663 #### Windows (Intune)
1664 OMA-URI:
1665 ```
1666 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1667 ```
1668 Value (string):
1669 ```
1670 <enabled/> or <disabled/>
1671 ```
1672 #### macOS
1673 ```
1674 <dict>
1675 <key>DisableForgetButton</key>
1676 <true/> | <false/>
1677 </dict>
1678 ```
1679 #### policies.json
1680 ```
1681 {
1682 "policies": {
1683 "DisableForgetButton": true | false
1684 }
1685 }
1686 ```
1687 ### DisableFormHistory
1688 Turn off saving information on web forms and the search bar.
1689
1690 **Compatibility:** Firefox 60, Firefox ESR 60\
1691 **CCK2 Equivalent:** `disableFormFill`\
1692 **Preferences Affected:** `browser.formfill.enable`
1693
1694 #### Windows (GPO)
1695 ```
1696 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1697 ```
1698 #### Windows (Intune)
1699 OMA-URI:
1700 ```
1701 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1702 ```
1703 Value (string):
1704 ```
1705 <enabled/> or <disabled/>
1706 ```
1707 #### macOS
1708 ```
1709 <dict>
1710 <key>DisableFormHistory</key>
1711 <true/> | <false/>
1712 </dict>
1713 ```
1714 #### policies.json
1715 ```
1716 {
1717 "policies": {
1718 "DisableFormHistory": true | false
1719 }
1720 }
1721 ```
1722 ### DisableMasterPasswordCreation
1723 Remove the master password functionality.
1724
1725 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1726
1727 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1728
1729 **Compatibility:** Firefox 60, Firefox ESR 60\
1730 **CCK2 Equivalent:** `noMasterPassword`\
1731 **Preferences Affected:** N/A
1732
1733 #### Windows (GPO)
1734 ```
1735 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1736 ```
1737 #### Windows (Intune)
1738 OMA-URI:
1739 ```
1740 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1741 ```
1742 Value (string):
1743 ```
1744 <enabled/> or <disabled/>
1745 ```
1746 #### macOS
1747 ```
1748 <dict>
1749 <key>DisableMasterPasswordCreation</key>
1750 <true/> | <false/>
1751 </dict>
1752 ```
1753 #### policies.json
1754 ```
1755 {
1756 "policies": {
1757 "DisableMasterPasswordCreation": true | false
1758 }
1759 }
1760 ```
1761 ### DisablePasswordReveal
1762 Do not allow passwords to be shown in saved logins
1763
1764 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1765 **CCK2 Equivalent:** N/A
1766 **Preferences Affected:** N/A
1767
1768 #### Windows (GPO)
1769 ```
1770 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1771 ```
1772 #### Windows (Intune)
1773 OMA-URI:
1774 ```
1775 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1776 ```
1777 Value (string):
1778 ```
1779 <enabled/> or <disabled/>
1780 ```
1781 #### macOS
1782 ```
1783 <dict>
1784 <key>DisablePasswordReveal</key>
1785 <true/> | <false/>
1786 </dict>
1787 ```
1788 #### policies.json
1789 ```
1790 {
1791 "policies": {
1792 "DisablePasswordReveal": true | false
1793 }
1794 }
1795 ```
1796 ### DisablePocket
1797 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1798
1799 **Compatibility:** Firefox 60, Firefox ESR 60\
1800 **CCK2 Equivalent:** `disablePocket`\
1801 **Preferences Affected:** `extensions.pocket.enabled`
1802
1803 #### Windows (GPO)
1804 ```
1805 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1806 ```
1807 #### Windows (Intune)
1808 OMA-URI:
1809 ```
1810 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1811 ```
1812 Value (string):
1813 ```
1814 <enabled/> or <disabled/>
1815 ```
1816 #### macOS
1817 ```
1818 <dict>
1819 <key>DisablePocket</key>
1820 <true/> | <false/>
1821 </dict>
1822 ```
1823 #### policies.json
1824 ```
1825 {
1826 "policies": {
1827 "DisablePocket": true | false
1828 }
1829 }
1830 ```
1831 ### DisablePrivateBrowsing
1832 Remove access to private browsing.
1833
1834 **Compatibility:** Firefox 60, Firefox ESR 60\
1835 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1836 **Preferences Affected:** N/A
1837
1838 #### Windows (GPO)
1839 ```
1840 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1841 ```
1842 #### Windows (Intune)
1843 OMA-URI:
1844 ```
1845 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1846 ```
1847 Value (string):
1848 ```
1849 <enabled/> or <disabled/>
1850 ```
1851 #### macOS
1852 ```
1853 <dict>
1854 <key>DisablePrivateBrowsing</key>
1855 <true/> | <false/>
1856 </dict>
1857 ```
1858 #### policies.json
1859 ```
1860 {
1861 "policies": {
1862 "DisablePrivateBrowsing": true | false
1863 }
1864 }
1865 ```
1866 ### DisableProfileImport
1867 Disables the "Import data from another browser" option in the bookmarks window.
1868
1869 **Compatibility:** Firefox 60, Firefox ESR 60\
1870 **CCK2 Equivalent:** N/A\
1871 **Preferences Affected:** N/A
1872
1873 #### Windows (GPO)
1874 ```
1875 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1876 ```
1877 #### Windows (Intune)
1878 OMA-URI:
1879 ```
1880 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1881 ```
1882 Value (string):
1883 ```
1884 <enabled/> or <disabled/>
1885 ```
1886 #### macOS
1887 ```
1888 <dict>
1889 <key>DisableProfileImport</key>
1890 <true/> | <false/>
1891 </dict>
1892 ```
1893 #### policies.json
1894 ```
1895 {
1896 "policies": {
1897 "DisableProfileImport": true | false
1898 }
1899 }
1900 ```
1901 ### DisableProfileRefresh
1902 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1903
1904 **Compatibility:** Firefox 60, Firefox ESR 60\
1905 **CCK2 Equivalent:** `disableResetFirefox`\
1906 **Preferences Affected:** `browser.disableResetPrompt`
1907
1908 #### Windows (GPO)
1909 ```
1910 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1911 ```
1912 #### Windows (Intune)
1913 OMA-URI:
1914 ```
1915 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1916 ```
1917 Value (string):
1918 ```
1919 <enabled/> or <disabled/>
1920 ```
1921 #### macOS
1922 ```
1923 <dict>
1924 <key>DisableProfileRefresh</key>
1925 <true/> | <false/>
1926 </dict>
1927 ```
1928 #### policies.json
1929 ```
1930 {
1931 "policies": {
1932 "DisableProfileRefresh": true | false
1933 }
1934 }
1935 ```
1936 ### DisableSafeMode
1937 Disable safe mode within the browser.
1938
1939 On Windows, this disables safe mode via the command line as well.
1940
1941 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1942 **CCK2 Equivalent:** `disableSafeMode`\
1943 **Preferences Affected:** N/A
1944
1945 #### Windows (GPO)
1946 ```
1947 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1948 ```
1949 #### Windows (Intune)
1950 OMA-URI:
1951 ```
1952 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1953 ```
1954 Value (string):
1955 ```
1956 <enabled/> or <disabled/>
1957 ```
1958 #### macOS
1959 ```
1960 <dict>
1961 <key>DisableSafeMode</key>
1962 <true/> | <false/>
1963 </dict>
1964 ```
1965 #### policies.json
1966 ```
1967 {
1968 "policies": {
1969 "DisableSafeMode": true | false
1970 }
1971 }
1972 ```
1973 ### DisableSecurityBypass
1974 Prevent the user from bypassing security in certain cases.
1975
1976 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1977
1978 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1979
1980 **Compatibility:** Firefox 60, Firefox ESR 60\
1981 **CCK2 Equivalent:** N/A\
1982 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
1983
1984 #### Windows (GPO)
1985 ```
1986 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
1987 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
1988 ```
1989 #### Windows (Intune)
1990 OMA-URI:
1991 ```
1992 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
1993 ```
1994 Value (string):
1995 ```
1996 <enabled/> or <disabled/>
1997 ```
1998 OMA-URI:
1999 ```
2000 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2001 ```
2002 Value (string):
2003 ```
2004 <enabled/> or <disabled/>
2005 ```
2006
2007 #### macOS
2008 ```
2009 <dict>
2010 <key>DisableSecurityBypass</key>
2011 <dict>
2012 <key>InvalidCertificate</key>
2013 <true/> | <false/>
2014 <key>SafeBrowsing</key>
2015 <true/> | <false/>
2016 </dict>
2017 </dict>
2018 ```
2019 #### policies.json
2020 ```
2021 {
2022 "policies": {
2023 "DisableSecurityBypass": {
2024 "InvalidCertificate": true | false,
2025 "SafeBrowsing": true | false
2026 }
2027 }
2028 }
2029 ```
2030 ### DisableSetDesktopBackground
2031 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2032
2033 **Compatibility:** Firefox 60, Firefox ESR 60\
2034 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2035 **Preferences Affected:** N/A
2036
2037 #### Windows (GPO)
2038 ```
2039 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2040 ```
2041 #### Windows (Intune)
2042 OMA-URI:
2043 ```
2044 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2045 ```
2046 Value (string):
2047 ```
2048 <enabled/> or <disabled/>
2049 ```
2050 #### macOS
2051 ```
2052 <dict>
2053 <key>DisableSetDesktopBackground</key>
2054 <true/> | <false/>
2055 </dict>
2056 ```
2057 #### policies.json
2058 ```
2059 {
2060 "policies": {
2061 "DisableSetDesktopBackground": true | false
2062 }
2063 }
2064 ```
2065 ### DisableSystemAddonUpdate
2066 Prevent system add-ons from being installed or updated.
2067
2068 **Compatibility:** Firefox 60, Firefox ESR 60\
2069 **CCK2 Equivalent:** N/A\
2070 **Preferences Affected:** N/A
2071
2072 #### Windows (GPO)
2073 ```
2074 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2075 ```
2076 #### Windows (Intune)
2077 OMA-URI:
2078 ```
2079 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2080 ```
2081 Value (string):
2082 ```
2083 <enabled/> or <disabled/>
2084 ```
2085 #### macOS
2086 ```
2087 <dict>
2088 <key>DisableSystemAddonUpdate</key>
2089 <true/> | <false/>
2090 </dict>
2091 ```
2092 #### policies.json
2093 ```
2094 {
2095 "policies": {
2096 "DisableSystemAddonUpdate": true | false
2097 }
2098 }
2099 ```
2100 ### DisableTelemetry
2101 Prevent the upload of telemetry data.
2102
2103 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2104
2105 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2106
2107 **Compatibility:** Firefox 60, Firefox ESR 60\
2108 **CCK2 Equivalent:** `disableTelemetry`\
2109 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2110
2111 #### Windows (GPO)
2112 ```
2113 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2114 ```
2115 #### Windows (Intune)
2116 OMA-URI:
2117 ```
2118 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2119 ```
2120 Value (string):
2121 ```
2122 <enabled/> or <disabled/>
2123 ```
2124 #### macOS
2125 ```
2126 <dict>
2127 <key>DisableTelemetry</key>
2128 <true/> | <false/>
2129 </dict>
2130 ```
2131 #### policies.json
2132 ```
2133 {
2134 "policies": {
2135 "DisableTelemetry": true | false
2136 }
2137 }
2138 ```
2139 ### DisableThirdPartyModuleBlocking
2140 Do not allow blocking third-party modules from the `about:third-party` page.
2141
2142 This policy only works on Windows through GPO (not policies.json).
2143
2144 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2145 **CCK2 Equivalent:** N/A\
2146 **Preferences Affected:** N/A
2147
2148 #### Windows (GPO)
2149 ```
2150 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2151 ```
2152 #### Windows (Intune)
2153 OMA-URI:
2154 ```
2155 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2156 ```
2157 Value (string):
2158 ```
2159 <enabled/> or <disabled/>
2160 ```
2161 ### DisplayBookmarksToolbar
2162 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2163
2164 `always` means the bookmarks toolbar is always shown.
2165
2166 `never` means the bookmarks toolbar is not shown.
2167
2168 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2169
2170 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2171 **CCK2 Equivalent:** N/A\
2172 **Preferences Affected:** N/A
2173
2174 #### Windows (GPO)
2175 ```
2176 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2177 ```
2178 #### Windows (Intune)
2179 OMA-URI:
2180 ```
2181 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2182 ```
2183 Value (string):
2184 ```
2185 <enabled/>
2186 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2187 ```
2188 #### macOS
2189 ```
2190 <dict>
2191 <key>DisplayBookmarksToolbar</key>
2192 <string>always | never | newtab</string>
2193 </dict>
2194 ```
2195 #### policies.json
2196 ```
2197 {
2198 "policies": {
2199 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2200 }
2201 }
2202 ```
2203 ### DisplayMenuBar
2204 Set the state of the menubar.
2205
2206 `always` means the menubar is shown and cannot be hidden.
2207
2208 `never` means the menubar is hidden and cannot be shown.
2209
2210 `default-on` means the menubar is on by default but can be hidden.
2211
2212 `default-off` means the menubar is off by default but can be shown.
2213
2214 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2215 **CCK2 Equivalent:** `displayMenuBar`\
2216 **Preferences Affected:** N/A
2217
2218 #### Windows (GPO)
2219 ```
2220 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2221 ```
2222 #### Windows (Intune)
2223 OMA-URI:
2224 ```
2225 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2226 ```
2227 Value (string):
2228 ```
2229 <enabled/>
2230 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2231 ```
2232 #### macOS
2233 ```
2234 <dict>
2235 <key>DisplayMenuBar</key>
2236 <string>always | never | default-on | default-off</string>
2237 </dict>
2238 ```
2239 #### policies.json
2240 ```
2241 {
2242 "policies": {
2243 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2244 }
2245 }
2246 ```
2247 ### DNSOverHTTPS
2248 Configure DNS over HTTPS.
2249
2250 `Enabled` determines whether DNS over HTTPS is enabled
2251
2252 `ProviderURL` is a URL to another provider.
2253
2254 `Locked` prevents the user from changing DNS over HTTPS preferences.
2255
2256 `ExcludedDomains` excludes domains from DNS over HTTPS.
2257
2258 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
2259 **CCK2 Equivalent:** N/A\
2260 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2261
2262 #### Windows (GPO)
2263 ```
2264 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2265 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2266 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2267 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2268 ```
2269 #### Windows (Intune)
2270 OMA-URI:
2271 ```
2272 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2273 ```
2274 Value (string):
2275 ```
2276 <enabled/> or <disabled/>
2277 ```
2278 OMA-URI:
2279 ```
2280 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2281 ```
2282 Value (string):
2283 ```
2284 <enabled/>
2285 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2286 ```
2287 OMA-URI:
2288 ```
2289 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2290 ```
2291 Value (string):
2292 ```
2293 <enabled/> or <disabled/>
2294 ```
2295 OMA-URI:
2296 ```
2297 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2298 ```
2299 Value (string):
2300 ```
2301 <enabled/>
2302 <data id="List" value="1&#xF000;example.com"/>
2303 ```
2304 #### macOS
2305 ```
2306 <dict>
2307 <key>DNSOverHTTPS</key>
2308 <dict>
2309 <key>Enabled</key>
2310 <true/> | <false/>
2311 <key>ProviderURL</key>
2312 <string>URL_TO_ALTERNATE_PROVIDER</string>
2313 <key>Locked</key>
2314 <true/> | <false/>
2315 <key>ExcludedDomains</key>
2316 <array>
2317 <string>example.com</string>
2318 </array>
2319 </dict>
2320 </dict>
2321 ```
2322 #### policies.json
2323 ```
2324 {
2325 "policies": {
2326 "DNSOverHTTPS": {
2327 "Enabled": true | false,
2328 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2329 "Locked": true | false,
2330 "ExcludedDomains": ["example.com"]
2331 }
2332 }
2333 }
2334 ```
2335 ### DontCheckDefaultBrowser
2336 Don't check if Firefox is the default browser at startup.
2337
2338 **Compatibility:** Firefox 60, Firefox ESR 60\
2339 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2340 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2341
2342 #### Windows (GPO)
2343 ```
2344 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2345 ```
2346 #### Windows (Intune)
2347 OMA-URI:
2348 ```
2349 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2350 ```
2351 Value (string):
2352 ```
2353 <enabled/> or <disabled/>
2354 ```
2355 #### macOS
2356 ```
2357 <dict>
2358 <key>DontCheckDefaultBrowser</key>
2359 <true/> | <false/>
2360 </dict>
2361 ```
2362 #### policies.json
2363 ```
2364 {
2365 "policies": {
2366 "DontCheckDefaultBrowser": true | false
2367 }
2368 }
2369 ```
2370 ### DownloadDirectory
2371 Set and lock the download directory.
2372
2373 You can use ${home} for the native home directory.
2374
2375 **Compatibility:** Firefox 68, Firefox ESR 68\
2376 **CCK2 Equivalent:** N/A\
2377 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2378
2379 #### Windows (GPO)
2380 ```
2381 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2382 ```
2383 #### Windows (Intune)
2384 OMA-URI:
2385 ```
2386 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2387 ```
2388 Value (string):
2389 ```
2390 <enabled/>
2391 <data id="Preferences_String" value="${home}\Downloads"/>
2392 ```
2393 #### macOS
2394 ```
2395 <dict>
2396 <key>DownloadDirectory</key>
2397 <string>${home}/Downloads</string>
2398 </dict>
2399 ```
2400 #### policies.json (macOS and Linux)
2401 ```
2402 {
2403 "policies": {
2404 "DownloadDirectory": "${home}/Downloads"
2405 }
2406 ```
2407 #### policies.json (Windows)
2408 ```
2409 {
2410 "policies": {
2411 "DownloadDirectory": "${home}\\Downloads"
2412 }
2413 ```
2414 ### EnableTrackingProtection
2415 Configure tracking protection.
2416
2417 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2418
2419 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2420
2421 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2422
2423 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2424
2425 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2426
2427 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2428
2429 `Exceptions` are origins for which tracking protection is not enabled.
2430
2431 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2432 **CCK2 Equivalent:** N/A\
2433 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2434
2435 #### Windows (GPO)
2436 ```
2437 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2438 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2439 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2440 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2441 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2442 ```
2443 #### Windows (Intune)
2444 OMA-URI:
2445 ```
2446 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2447 ```
2448 Value (string):
2449 ```
2450 <enabled/> or <disabled/>
2451 ```
2452 OMA-URI:
2453 ```
2454 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2455 ```
2456 Value (string):
2457 ```
2458 <enabled/> or <disabled/>
2459 ```
2460 OMA-URI:
2461 ```
2462 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2463 ```
2464 Value (string):
2465 ```
2466 <enabled/> or <disabled/>
2467 ```
2468 OMA-URI:
2469 ```
2470 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2471 ```
2472 Value (string):
2473 ```
2474 <enabled/>
2475 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2476 ```
2477 OMA-URI:
2478 ```
2479 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2480 ```
2481 Value (string):
2482 ```
2483 <enabled/> or <disabled/>
2484 ```
2485 #### macOS
2486 ```
2487 <dict>
2488 <key>EnableTrackingProtection</key>
2489 <dict>
2490 <key>Value</key>
2491 <true/> | <false/>
2492 <key>Locked</key>
2493 <true/> | <false/>
2494 <key>Cryptomining</key>
2495 <true/> | <false/>
2496 <key>Fingerprinting</key>
2497 <true/> | <false/>
2498 <key>Exceptions</key>
2499 <array>
2500 <string>https://example.com</string>
2501 </array>
2502 </dict>
2503 </dict>
2504 ```
2505 #### policies.json
2506 ```
2507 {
2508 "policies": {
2509 "EnableTrackingProtection": {
2510 "Value": true | false,
2511 "Locked": true | false,
2512 "Cryptomining": true | false,
2513 "Fingerprinting": true | false,
2514 "Exceptions": ["https://example.com"]
2515 }
2516 }
2517 }
2518 ```
2519 ### EncryptedMediaExtensions
2520 Enable or disable Encrypted Media Extensions and optionally lock it.
2521
2522 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2523
2524 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2525
2526 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2527 **CCK2 Equivalent:** N/A\
2528 **Preferences Affected:** `media.eme.enabled`
2529
2530 #### Windows (GPO)
2531 ```
2532 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2533 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2534 ```
2535 #### Windows (Intune)
2536 OMA-URI:
2537 ```
2538 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2539 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2540 ```
2541 Value (string):
2542 ```
2543 <enabled/>or <disabled/>
2544 ```
2545 #### macOS
2546 ```
2547 <dict>
2548 <key>EncryptedMediaExtensions</key>
2549 <dict>
2550 <key>Enabled</key>
2551 <true/> | <false/>
2552 <key>Locked</key>
2553 <true/> | <false/>
2554 </dict>
2555 </dict>
2556 ```
2557 #### policies.json
2558 ```
2559 {
2560 "policies": {
2561 "EncryptedMediaExtensions": {
2562 "Enabled": true | false,
2563 "Locked": true | false
2564 }
2565 }
2566 }
2567 ```
2568 ### EnterprisePoliciesEnabled
2569 Enable policy support on macOS.
2570
2571 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2572 **CCK2 Equivalent:** N/A\
2573 **Preferences Affected:** N/A
2574
2575 #### macOS
2576 ```
2577 <dict>
2578 <key>EnterprisePoliciesEnabled</key>
2579 <true/>
2580 </dict>
2581 ```
2582 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2583
2584 Disable warnings based on file extension for specific file types on domains.
2585
2586 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2587
2588 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2589
2590 **Compatibility:** Firefox 102\
2591 **CCK2 Equivalent:** N/A\
2592 **Preferences Affected:** N/A
2593
2594 #### Windows (GPO)
2595 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2596 ```
2597 [
2598 {
2599 "file_extension": "jnlp",
2600 "domains": ["example.com"]
2601 }
2602 ]
2603 ```
2604 #### Windows (Intune)
2605 OMA-URI:
2606 ```
2607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2608 ```
2609 Value (string):
2610 ```
2611 <enabled/>
2612 <data id="JSON" value='
2613 [
2614 {
2615 "file_extension": "jnlp",
2616 "domains": ["example.com"]
2617 }
2618 ]
2619 '/>
2620 ```
2621 #### macOS
2622 ```
2623 <dict>
2624 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2625 <array>
2626 <dict>
2627 <key>file_extension</key>
2628 <string>jnlp</string>
2629 <key>domains</key>
2630 <array>
2631 <string>example.com</string>
2632 </array>
2633 </dict>
2634 </array>
2635 </dict>
2636 ```
2637 #### policies.json
2638 ```
2639 {
2640 "policies": {
2641 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2642 "file_extension": "jnlp",
2643 "domains": ["example.com"]
2644 }]
2645 }
2646 }
2647 ```
2648 ### Extensions
2649 Control the installation, uninstallation and locking of extensions.
2650
2651 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2652
2653 `Install` is a list of URLs or native paths for extensions to be installed.
2654
2655 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2656
2657 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2658
2659 **Compatibility:** Firefox 60, Firefox ESR 60\
2660 **CCK2 Equivalent:** `addons`\
2661 **Preferences Affected:** N/A
2662
2663 #### Windows (GPO)
2664 ```
2665 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2666 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2667 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2668 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2669 ```
2670 #### Windows (Intune)
2671 OMA-URI:
2672 ```
2673 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2674 ```
2675 Value (string):
2676 ```
2677 <enabled/>
2678 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2679 ```
2680 OMA-URI:
2681 ```
2682 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2683 ```
2684 Value (string):
2685 ```
2686 <enabled/>
2687 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2688 ```
2689 OMA-URI:
2690 ```
2691 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2692 ```
2693 Value (string):
2694 ```
2695 <enabled/>
2696 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2697 ```
2698 #### macOS
2699 ```
2700 <dict>
2701 <key>Extensions</key>
2702 <dict>
2703 <key>Install</key>
2704 <array>
2705 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2706 <string>//path/to/xpi</string>
2707 </array>
2708 <key>Uninstall</key>
2709 <array>
2710 <string>bad_addon_id@mozilla.org</string>
2711 </array>
2712 <key>Locked</key>
2713 <array>
2714 <string>addon_id@mozilla.org</string>
2715 </array>
2716 </dict>
2717 </dict>
2718 ```
2719 #### policies.json
2720 ```
2721 {
2722 "policies": {
2723 "Extensions": {
2724 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2725 "Uninstall": ["bad_addon_id@mozilla.org"],
2726 "Locked": ["addon_id@mozilla.org"]
2727 }
2728 }
2729 }
2730 ```
2731 ### ExtensionSettings
2732 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2733
2734 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2735
2736 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2737
2738 The configuration for each extension is another dictionary that can contain the fields documented below.
2739
2740 | Name | Description |
2741 | --- | --- |
2742 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2743 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2744 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2745 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2746 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2747 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2748 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2749 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2750 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2751 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2752 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2753 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2754
2755 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2756 **CCK2 Equivalent:** N/A\
2757 **Preferences Affected:** N/A
2758
2759 #### Windows (GPO)
2760 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2761 ```
2762 {
2763 "*": {
2764 "blocked_install_message": "Custom error message.",
2765 "install_sources": ["https://yourwebsite.com/*"],
2766 "installation_mode": "blocked",
2767 "allowed_types": ["extension"]
2768 },
2769 "uBlock0@raymondhill.net": {
2770 "installation_mode": "force_installed",
2771 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2772 },
2773 "https-everywhere@eff.org": {
2774 "installation_mode": "allowed"
2775 }
2776 }
2777 ```
2778 #### Windows (Intune)
2779 OMA-URI:
2780 ```
2781 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2782 ```
2783 Value (string):
2784 ```
2785 <enabled/>
2786 <data id="ExtensionSettings" value='
2787 {
2788 "*": {
2789 "blocked_install_message": "Custom error message.",
2790 "install_sources": ["https://yourwebsite.com/*"],
2791 "installation_mode": "blocked",
2792 "allowed_types": ["extension"]
2793 },
2794 "uBlock0@raymondhill.net": {
2795 "installation_mode": "force_installed",
2796 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2797 },
2798 "https-everywhere@eff.org": {
2799 "installation_mode": "allowed"
2800 }
2801 }'/>
2802 ```
2803 #### macOS
2804 ```
2805 <dict>
2806 <key>ExtensionSettings</key>
2807 <dict>
2808 <key>*</key>
2809 <dict>
2810 <key>blocked_install_message</key>
2811 <string>Custom error message.</string>
2812 <key>install_sources</key>
2813 <array>
2814 <string>"https://yourwebsite.com/*"</string>
2815 </array>
2816 <key>installation_mode</key>
2817 <string>blocked</string>
2818 <key>allowed_types</key>
2819 <array>
2820 <string>extension</string>
2821 </array>
2822 </dict>
2823 <key>uBlock0@raymondhill.net</key>
2824 <dict>
2825 <key>installation_mode</key>
2826 <string>force_installed</string>
2827 <key>install_url</key>
2828 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2829 </dict>
2830 <key>https-everywhere@eff.org</key>
2831 <dict>
2832 <key>installation_mode</key>
2833 <string>allowed</string>
2834 </dict>
2835 </dict>
2836 </dict>
2837 ```
2838 #### policies.json
2839 ```
2840 {
2841 "policies": {
2842 "ExtensionSettings": {
2843 "*": {
2844 "blocked_install_message": "Custom error message.",
2845 "install_sources": ["https://yourwebsite.com/*"],
2846 "installation_mode": "blocked",
2847 "allowed_types": ["extension"]
2848 },
2849 "uBlock0@raymondhill.net": {
2850 "installation_mode": "force_installed",
2851 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2852 },
2853 "https-everywhere@eff.org": {
2854 "installation_mode": "allowed"
2855 }
2856 }
2857 }
2858 }
2859 ```
2860 ### ExtensionUpdate
2861 Control extension updates.
2862
2863 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2864 **CCK2 Equivalent:** N/A\
2865 **Preferences Affected:** `extensions.update.enabled`
2866
2867 #### Windows (GPO)
2868 ```
2869 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2870 ```
2871 #### Windows (Intune)
2872 OMA-URI:
2873 ```
2874 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2875 ```
2876 Value (string):
2877 ```
2878 <enabled/> or <disabled/>
2879 ```
2880 #### macOS
2881 ```
2882 <dict>
2883 <key>ExtensionUpdate</key>
2884 <true/> | <false/>
2885 </dict>
2886 ```
2887 #### policies.json
2888 ```
2889 {
2890 "policies": {
2891 "ExtensionUpdate": true | false
2892 }
2893 }
2894 ```
2895 ### FirefoxHome
2896 Customize the Firefox Home page.
2897
2898 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
2899 **CCK2 Equivalent:** N/A\
2900 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
2901
2902 #### Windows (GPO)
2903 ```
2904 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2905 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2906 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
2907 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2908 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2909 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
2910 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2911 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2912 ```
2913 #### Windows (Intune)
2914 OMA-URI:
2915 ```
2916 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2917 ```
2918 Value (string):
2919 ```
2920 <enabled/>
2921 <data id="FirefoxHome_Search" value="true | false"/>
2922 <data id="FirefoxHome_TopSites" value="true | false"/>
2923 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
2924 <data id="FirefoxHome_Highlights" value="true | false"/>
2925 <data id="FirefoxHome_Pocket" value="true | false"/>
2926 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
2927 <data id="FirefoxHome_Snippets" value="true | false"/>
2928 <data id="FirefoxHome_Locked" value="true | false"/>
2929 ```
2930 #### macOS
2931 ```
2932 <dict>
2933 <key>FirefoxHome</key>
2934 <dict>
2935 <key>Search</key>
2936 <true/> | <false/>
2937 <key>TopSites</key>
2938 <true/> | <false/>
2939 <key>SponsoredTopSites</key>
2940 <true/> | <false/>
2941 <key>Highlights</key>
2942 <true/> | <false/>
2943 <key>Pocket</key>
2944 <true/> | <false/>
2945 <key>SponsoredPocket</key>
2946 <true/> | <false/>
2947 <key>Snippets</key>
2948 <true/> | <false/>
2949 <key>Locked</key>
2950 <true/> | <false/>
2951 </dict>
2952 </dict>
2953 ```
2954 #### policies.json
2955 ```
2956 {
2957 "policies": {
2958 "FirefoxHome": {
2959 "Search": true | false,
2960 "TopSites": true | false,
2961 "SponsoredTopSites": true | false,
2962 "Highlights": true | false,
2963 "Pocket": true | false,
2964 "SponsoredPocket": true | false,
2965 "Snippets": true | false,
2966 "Locked": true | false
2967 }
2968 }
2969 }
2970 ```
2971 ### GoToIntranetSiteForSingleWordEntryInAddressBar
2972 Whether to always go through the DNS server before sending a single word search string to a search engine.
2973
2974 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
2975
2976 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
2977
2978 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
2979
2980 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
2981
2982 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
2983
2984 **Compatibility:** Firefox 104, Firefox ESR 102.2\
2985 **CCK2 Equivalent:** `N/A`\
2986 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
2987
2988 #### Windows (GPO)
2989 ```
2990 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
2991 ```
2992 #### Windows (Intune)
2993 OMA-URI:
2994 ```
2995 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
2996 ```
2997 Value (string):
2998 ```
2999 <enabled/> or <disabled/>
3000 ```
3001 #### macOS
3002 ```
3003 <dict>
3004 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3005 <true/> | <false/>
3006 </dict>
3007 ```
3008 #### policies.json
3009 ```
3010 {
3011 "policies": {
3012 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3013 }
3014 }
3015 ```
3016 ### Handlers
3017 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3018
3019 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3020
3021 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3022
3023 | Name | Description |
3024 | --- | --- |
3025 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3026 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3027 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3028 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3029 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3030 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3031
3032 **Compatibility:** Firefox 78, Firefox ESR 78\
3033 **CCK2 Equivalent:** N/A\
3034 **Preferences Affected:** N/A
3035
3036 #### Windows (GPO)
3037 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3038 ```
3039 {
3040 "mimeTypes": {
3041 "application/msword": {
3042 "action": "useSystemDefault",
3043 "ask": true | false
3044 }
3045 },
3046 "schemes": {
3047 "mailto": {
3048 "action": "useHelperApp",
3049 "ask": true | false,
3050 "handlers": [{
3051 "name": "Gmail",
3052 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3053 }]
3054 }
3055 },
3056 "extensions": {
3057 "pdf": {
3058 "action": "useHelperApp",
3059 "ask": true | false,
3060 "handlers": [{
3061 "name": "Adobe Acrobat",
3062 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3063 }]
3064 }
3065 }
3066 }
3067 ```
3068 #### Windows (Intune)
3069 OMA-URI:
3070 ```
3071 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3072 ```
3073 Value (string):
3074 ```
3075 <enabled/>
3076 <data id="Handlers" value='
3077 {
3078 "mimeTypes": {
3079 "application/msword": {
3080 "action": "useSystemDefault",
3081 "ask": true | false
3082 }
3083 },
3084 "schemes": {
3085 "mailto": {
3086 "action": "useHelperApp",
3087 "ask": true | false,
3088 "handlers": [{
3089 "name": "Gmail",
3090 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3091 }]
3092 }
3093 },
3094 "extensions": {
3095 "pdf": {
3096 "action": "useHelperApp",
3097 "ask": true | false,
3098 "handlers": [{
3099 "name": "Adobe Acrobat",
3100 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3101 }]
3102 }
3103 }
3104 }
3105 '/>
3106 ```
3107 #### macOS
3108 ```
3109 <dict>
3110 <key>Handlers</key>
3111 <dict>
3112 <key>mimeTypes</key>
3113 <dict>
3114 <key>application/msword</key>
3115 <dict>
3116 <key>action</key>
3117 <string>useSystemDefault</string>
3118 <key>ask</key>
3119 <true/> | <false/>
3120 </dict>
3121 </dict>
3122 <key>schemes</key>
3123 <dict>
3124 <key>mailto</key>
3125 <dict>
3126 <key>action</key>
3127 <string>useHelperApp</string>
3128 <key>ask</key>
3129 <true/> | <false/>
3130 <key>handlers</key>
3131 <array>
3132 <dict>
3133 <key>name</key>
3134 <string>Gmail</string>
3135 <key>uriTemplate</key>
3136 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3137 </dict>
3138 </array>
3139 </dict>
3140 </dict>
3141 <key>extensions</key>
3142 <dict>
3143 <key>pdf</key>
3144 <dict>
3145 <key>action</key>
3146 <string>useHelperApp</string>
3147 <key>ask</key>
3148 <true/> | <false/>
3149 <key>handlers</key>
3150 <array>
3151 <dict>
3152 <key>name</key>
3153 <string>Adobe Acrobat</string>
3154 <key>path</key>
3155 <string>/System/Applications/Preview.app</string>
3156 </dict>
3157 </array>
3158 </dict>
3159 </dict>
3160 </dict>
3161 </dict>
3162 ```
3163 #### policies.json
3164 ```
3165 {
3166 "policies": {
3167 "Handlers": {
3168 "mimeTypes": {
3169 "application/msword": {
3170 "action": "useSystemDefault",
3171 "ask": false
3172 }
3173 },
3174 "schemes": {
3175 "mailto": {
3176 "action": "useHelperApp",
3177 "ask": true | false,
3178 "handlers": [{
3179 "name": "Gmail",
3180 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3181 }]
3182 }
3183 },
3184 "extensions": {
3185 "pdf": {
3186 "action": "useHelperApp",
3187 "ask": true | false,
3188 "handlers": [{
3189 "name": "Adobe Acrobat",
3190 "path": "/usr/bin/acroread"
3191 }]
3192 }
3193 }
3194 }
3195 }
3196 }
3197 ```
3198 ### HardwareAcceleration
3199 Control hardware acceleration.
3200
3201 **Compatibility:** Firefox 60, Firefox ESR 60\
3202 **CCK2 Equivalent:** N/A\
3203 **Preferences Affected:** `layers.acceleration.disabled`
3204
3205 #### Windows (GPO)
3206 ```
3207 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3208 ```
3209 #### Windows (Intune)
3210 OMA-URI:
3211 ```
3212 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3213 ```
3214 Value (string):
3215 ```
3216 <enabled/> or <disabled/>
3217 ```
3218 #### macOS
3219 ```
3220 <dict>
3221 <key>HardwareAcceleration</key>
3222 <true/> | <false/>
3223 </dict>
3224 ```
3225 #### policies.json
3226 ```
3227 {
3228 "policies": {
3229 "HardwareAcceleration": true | false
3230 }
3231 }
3232 ```
3233 ### Homepage
3234 Configure the default homepage and how Firefox starts.
3235
3236 `URL` is the default homepage.
3237
3238 `Locked` prevents the user from changing homepage preferences.
3239
3240 `Additional` allows for more than one homepage.
3241
3242 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3243
3244 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3245
3246 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3247 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3248 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3249
3250 #### Windows (GPO)
3251 ```
3252 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3253 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3254 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3255 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3256 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3257 ```
3258 #### Windows (Intune)
3259 OMA-URI:
3260 ```
3261 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3262 ```
3263 Value (string):
3264 ```
3265 <enabled/>
3266
3267 <data id="HomepageURL" value="https://example.com"/>
3268 <data id="HomepageLocked" value="true | false"/>
3269 ```
3270 OMA-URI:
3271 ```
3272 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3273 ```
3274 Value (string):
3275 ```
3276 <enabled/>
3277
3278 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3279 ```
3280 OMA-URI:
3281 ```
3282 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3283 ```
3284 Value (string):
3285 ```
3286 <enabled/>
3287
3288 <data id="StartPage" value="none | homepage | previous-session"/>
3289 ```
3290 #### macOS
3291 ```
3292 <dict>
3293 <key>Homepage</key>
3294 <dict>
3295 <key>URL</key>
3296 <string>http://example.com</string>
3297 <key>Locked</key>
3298 <true/> | <false/>
3299 <key>Additional</key>
3300 <array>
3301 <string>http://example.org</string>
3302 <string>http://example.edu</string>
3303 </array>
3304 <key>StartPage</key>
3305 <string>none | homepage | previous-session | homepage-locked</string>
3306 </dict>
3307 </dict>
3308 ```
3309 #### policies.json
3310 ```
3311 {
3312 "policies": {
3313 "Homepage": {
3314 "URL": "http://example.com/",
3315 "Locked": true | false,
3316 "Additional": ["http://example.org/",
3317 "http://example.edu/"],
3318 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3319 }
3320 }
3321 }
3322 ```
3323 ### InstallAddonsPermission
3324 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3325
3326 `Allow` is a list of origins where extension installs are allowed.
3327
3328 `Default` determines whether or not extension installs are allowed by default.
3329
3330 **Compatibility:** Firefox 60, Firefox ESR 60\
3331 **CCK2 Equivalent:** `permissions.install`\
3332 **Preferences Affected:** `xpinstall.enabled`
3333
3334 #### Windows (GPO)
3335 ```
3336 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3337 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3338 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3339 ```
3340 #### Windows (Intune)
3341 OMA-URI:
3342 ```
3343 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3344 ```
3345 Value (string):
3346 ```
3347 <enabled/>
3348 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3349 ```
3350 OMA-URI:
3351 ```
3352 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3353 ```
3354 Value (string):
3355 ```
3356 <enabled/>
3357 ```
3358 #### macOS
3359 ```
3360 <dict>
3361 <key>InstallAddonsPermission</key>
3362 <dict>
3363 <key>Allow</key>
3364 <array>
3365 <string>http://example.org</string>
3366 <string>http://example.edu</string>
3367 </array>
3368 <key>Default</key>
3369 <true/> | <false/>
3370 </dict>
3371 </dict>
3372 ```
3373 #### policies.json
3374 ```
3375 {
3376 "policies": {
3377 "InstallAddonsPermission": {
3378 "Allow": ["http://example.org/",
3379 "http://example.edu/"],
3380 "Default": true | false
3381 }
3382 }
3383 }
3384 ```
3385 ### LegacyProfiles
3386 Disable the feature enforcing a separate profile for each installation.
3387
3388 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3389
3390 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3391
3392 This policy only work on Windows via GPO (not policies.json).
3393
3394 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3395 **CCK2 Equivalent:** N/A\
3396 **Preferences Affected:** N/A
3397
3398 #### Windows (GPO)
3399 ```
3400 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3401 ```
3402 #### Windows (Intune)
3403 OMA-URI:
3404 ```
3405 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3406 ```
3407 Value (string):
3408 ```
3409 <enabled/> or <disabled/>
3410 ```
3411 ### LegacySameSiteCookieBehaviorEnabled
3412 Enable default legacy SameSite cookie behavior setting.
3413
3414 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3415
3416 **Compatibility:** Firefox 96\
3417 **CCK2 Equivalent:** N/A\
3418 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3419
3420 #### Windows (GPO)
3421 ```
3422 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3423 ```
3424 #### Windows (Intune)
3425 OMA-URI:
3426 ```
3427 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3428 ```
3429 Value (string):
3430 ```
3431 <enabled/> or <disabled/>
3432 ```
3433 #### macOS
3434 ```
3435 <dict>
3436 <key>LegacySameSiteCookieBehaviorEnabled</key>
3437 <true/> | <false/>
3438 </dict>
3439 ```
3440 #### policies.json
3441 ```
3442 {
3443 "policies": {
3444 "LegacySameSiteCookieBehaviorEnabled": true | false
3445 }
3446 ```
3447 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3448 Revert to legacy SameSite behavior for cookies on specified sites.
3449
3450 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3451
3452 **Compatibility:** Firefox 96\
3453 **CCK2 Equivalent:** N/A\
3454 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3455
3456 #### Windows (GPO)
3457 ```
3458 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3459 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3460 ```
3461 #### Windows (Intune)
3462 OMA-URI:
3463 ```
3464 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3465 ```
3466 Value (string):
3467 ```
3468 <enabled/>
3469 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3470 ```
3471 #### macOS
3472 ```
3473 <dict>
3474 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3475 <array>
3476 <string>example.org</string>
3477 <string>example.edu</string>
3478 </array>
3479 </dict>
3480 ```
3481 #### policies.json
3482 ```
3483 {
3484 "policies": {
3485 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3486 "example.edu"]
3487 }
3488 }
3489 ```
3490 ### LocalFileLinks
3491 Enable linking to local files by origin.
3492
3493 **Compatibility:** Firefox 68, Firefox ESR 68\
3494 **CCK2 Equivalent:** N/A\
3495 **Preferences Affected:** `capability.policy.localfilelinks.*`
3496
3497 #### Windows (GPO)
3498 ```
3499 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3500 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3501 ```
3502 #### Windows (Intune)
3503 OMA-URI:
3504 ```
3505 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3506 ```
3507 Value (string):
3508 ```
3509 <enabled/>
3510 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3511 ```
3512 #### macOS
3513 ```
3514 <dict>
3515 <key>LocalFileLinks</key>
3516 <array>
3517 <string>http://example.org</string>
3518 <string>http://example.edu</string>
3519 </array>
3520 </dict>
3521 ```
3522 #### policies.json
3523 ```
3524 {
3525 "policies": {
3526 "LocalFileLinks": ["http://example.org/",
3527 "http://example.edu/"]
3528 }
3529 }
3530 ```
3531 ### ManagedBookmarks
3532 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3533
3534 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3535
3536 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3537 ```
3538 {
3539 "items": {
3540 "id": "BookmarkType",
3541 "properties": {
3542 "children": {
3543 "items": {
3544 "$ref": "BookmarkType"
3545 },
3546 "type": "array"
3547 },
3548 "name": {
3549 "type": "string"
3550 },
3551 "toplevel_name": {
3552 "type": "string"
3553 },
3554 "url": {
3555 "type": "string"
3556 }
3557 },
3558 "type": "object"
3559 },
3560 "type": "array"
3561 }
3562 ```
3563 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3564 **CCK2 Equivalent:** N/A\
3565 **Preferences Affected:** N/A
3566
3567 #### Windows (GPO)
3568 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3569 ```
3570 [
3571 {
3572 "toplevel_name": "My managed bookmarks folder"
3573 },
3574 {
3575 "url": "example.com",
3576 "name": "Example"
3577 },
3578 {
3579 "name": "Mozilla links",
3580 "children": [
3581 {
3582 "url": "https://mozilla.org",
3583 "name": "Mozilla.org"
3584 },
3585 {
3586 "url": "https://support.mozilla.org/",
3587 "name": "SUMO"
3588 }
3589 ]
3590 }
3591 ]
3592 ```
3593 #### Windows (Intune)
3594 OMA-URI:
3595 ```
3596 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3597 ```
3598 Value (string):
3599 ```
3600 <enabled/>
3601 <data id="JSON" value='
3602 [
3603 {
3604 "toplevel_name": "My managed bookmarks folder"
3605 },
3606 {
3607 "url": "example.com",
3608 "name": "Example"
3609 },
3610 {
3611 "name": "Mozilla links",
3612 "children": [
3613 {
3614 "url": "https://mozilla.org",
3615 "name": "Mozilla.org"
3616 },
3617 {
3618 "url": "https://support.mozilla.org/",
3619 "name": "SUMO"
3620 }
3621 ]
3622 }
3623 ]'/>
3624 ```
3625 #### macOS
3626 ```
3627 <dict>
3628 <key>ManagedBookmarks</key>
3629 <array>
3630 <dict>
3631 <key>toplevel_name</key>
3632 <string>My managed bookmarks folder</string>
3633 <dict>
3634 <key>url</key>
3635 <string>example.com</string>
3636 <key>name</key>
3637 <string>Example</string>
3638 </dict>
3639 <dict>
3640 <key>name</key>
3641 <string>Mozilla links</string>
3642 <key>children</key>
3643 <array>
3644 <dict>
3645 <key>url</key>
3646 <string>https://mozilla.org</string>
3647 <key>name</key>
3648 <string>Mozilla</string>
3649 </dict>
3650 <dict>
3651 <key>url</key>
3652 <string>https://support.mozilla.org/</string>
3653 <key>name</key>
3654 <string>SUMO</string>
3655 </dict>
3656 </array>
3657 </dict>
3658 </array>
3659 </dict>
3660 ```
3661 #### policies.json
3662 ```
3663 {
3664 "policies": {
3665 "ManagedBookmarks": [
3666 {
3667 "toplevel_name": "My managed bookmarks folder"
3668 },
3669 {
3670 "url": "example.com",
3671 "name": "Example"
3672 },
3673 {
3674 "name": "Mozilla links",
3675 "children": [
3676 {
3677 "url": "https://mozilla.org",
3678 "name": "Mozilla.org"
3679 },
3680 {
3681 "url": "https://support.mozilla.org/",
3682 "name": "SUMO"
3683 }
3684 ]
3685 }
3686 ]
3687 }
3688 }
3689 ```
3690 ### ManualAppUpdateOnly
3691
3692 Switch to manual updates only.
3693
3694 If this policy is enabled:
3695 1. The user will never be prompted to install updates
3696 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3697 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3698
3699 This policy is primarily intended for advanced end users, not for enterprises.
3700
3701 **Compatibility:** Firefox 87\
3702 **CCK2 Equivalent:** N/A\
3703 **Preferences Affected:** N/A
3704
3705 #### policies.json
3706 ```
3707 {
3708 "policies": {
3709 "ManualAppUpdateOnly": true | false
3710 }
3711 }
3712 ```
3713 ### NetworkPrediction
3714 Enable or disable network prediction (DNS prefetching).
3715
3716 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3717 **CCK2 Equivalent:** N/A\
3718 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3719
3720 #### Windows (GPO)
3721 ```
3722 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3723 ```
3724 #### Windows (Intune)
3725 OMA-URI:
3726 ```
3727 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3728 ```
3729 Value (string):
3730 ```
3731 <enabled/> or <disabled/>
3732 ```
3733 #### macOS
3734 ```
3735 <dict>
3736 <key>NetworkPrediction</key>
3737 <true/> | <false/>
3738 </dict>
3739 ```
3740 #### policies.json
3741 ```
3742 {
3743 "policies": {
3744 "NetworkPrediction": true | false
3745 }
3746 ```
3747 ### NewTabPage
3748 Enable or disable the New Tab page.
3749
3750 **Compatibility:** Firefox 68, Firefox ESR 68\
3751 **CCK2 Equivalent:** N/A\
3752 **Preferences Affected:** `browser.newtabpage.enabled`
3753
3754 #### Windows (GPO)
3755 ```
3756 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3757 ```
3758 #### Windows (Intune)
3759 OMA-URI:
3760 ```
3761 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3762 ```
3763 Value (string):
3764 ```
3765 <enabled/> or <disabled/>
3766 ```
3767 #### macOS
3768 ```
3769 <dict>
3770 <key>NewTabPage</key>
3771 <true/> | <false/>
3772 </dict>
3773 ```
3774 #### policies.json
3775 ```
3776 {
3777 "policies": {
3778 "NewTabPage": true | false
3779 }
3780 ```
3781 ### NoDefaultBookmarks
3782 Disable the creation of default bookmarks.
3783
3784 This policy is only effective if the user profile has not been created yet.
3785
3786 **Compatibility:** Firefox 60, Firefox ESR 60\
3787 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3788 **Preferences Affected:** N/A
3789
3790 #### Windows (GPO)
3791 ```
3792 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3793 ```
3794 #### Windows (Intune)
3795 OMA-URI:
3796 ```
3797 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3798 ```
3799 Value (string):
3800 ```
3801 <enabled/> or <disabled/>
3802 ```
3803 #### macOS
3804 ```
3805 <dict>
3806 <key>NoDefaultBookmarks</key>
3807 <true/> | <false/>
3808 </dict>
3809 ```
3810 #### policies.json
3811 ```
3812 {
3813 "policies": {
3814 "NoDefaultBookmarks": true | false
3815 }
3816 }
3817 ```
3818 ### OfferToSaveLogins
3819 Control whether or not Firefox offers to save passwords.
3820
3821 **Compatibility:** Firefox 60, Firefox ESR 60\
3822 **CCK2 Equivalent:** `dontRememberPasswords`\
3823 **Preferences Affected:** `signon.rememberSignons`
3824
3825 #### Windows (GPO)
3826 ```
3827 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3828 ```
3829 #### Windows (Intune)
3830 OMA-URI:
3831 ```
3832 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3833 ```
3834 Value (string):
3835 ```
3836 <enabled/> or <disabled/>
3837 ```
3838 #### macOS
3839 ```
3840 <dict>
3841 <key>OfferToSaveLogins</key>
3842 <true/> | <false/>
3843 </dict>
3844 ```
3845 #### policies.json
3846 ```
3847 {
3848 "policies": {
3849 "OfferToSaveLogins": true | false
3850 }
3851 }
3852 ```
3853 ### OfferToSaveLoginsDefault
3854 Sets the default value of signon.rememberSignons without locking it.
3855
3856 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3857 **CCK2 Equivalent:** `dontRememberPasswords`\
3858 **Preferences Affected:** `signon.rememberSignons`
3859
3860 #### Windows (GPO)
3861 ```
3862 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
3863 ```
3864 #### Windows (Intune)
3865 OMA-URI:
3866 ```
3867 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
3868 ```
3869 Value (string):
3870 ```
3871 <enabled/> or <disabled/>
3872 ```
3873 #### macOS
3874 ```
3875 <dict>
3876 <key>OfferToSaveLoginsDefault</key>
3877 <true/> | <false/>
3878 </dict>
3879 ```
3880 #### policies.json
3881 ```
3882 {
3883 "policies": {
3884 "OfferToSaveLoginsDefault": true | false
3885 }
3886 }
3887 ```
3888 ### OverrideFirstRunPage
3889 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
3890
3891 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
3892
3893 **Compatibility:** Firefox 60, Firefox ESR 60\
3894 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
3895 **Preferences Affected:** `startup.homepage_welcome_url`
3896
3897 #### Windows (GPO)
3898 ```
3899 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
3900 ```
3901 #### Windows (Intune)
3902 OMA-URI:
3903 ```
3904 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
3905 ```
3906 Value (string):
3907 ```
3908 <enabled/>
3909 <data id="OverridePage" value="https://example.com"/>
3910 ```
3911 #### macOS
3912 ```
3913 <dict>
3914 <key>OverrideFirstRunPage</key>
3915 <string>http://example.org</string>
3916 </dict>
3917 ```
3918 #### policies.json
3919 ```
3920 {
3921 "policies": {
3922 "OverrideFirstRunPage": "http://example.org"
3923 }
3924 }
3925 ```
3926 ### OverridePostUpdatePage
3927 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
3928
3929 **Compatibility:** Firefox 60, Firefox ESR 60\
3930 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
3931 **Preferences Affected:** `startup.homepage_override_url`
3932
3933 #### Windows (GPO)
3934 ```
3935 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
3936 ```
3937 #### Windows (Intune)
3938 OMA-URI:
3939 ```
3940 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
3941 ```
3942 Value (string):
3943 ```
3944 <enabled/>
3945 <data id="OverridePage" value="https://example.com"/>
3946 ```
3947 #### macOS
3948 ```
3949 <dict>
3950 <key>OverridePostUpdatePage</key>
3951 <string>http://example.org</string>
3952 </dict>
3953 ```
3954 #### policies.json
3955 ```
3956 {
3957 "policies": {
3958 "OverridePostUpdatePage": "http://example.org"
3959 }
3960 }
3961 ```
3962 ### PasswordManagerEnabled
3963 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
3964
3965 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3966 **CCK2 Equivalent:** N/A\
3967 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
3968
3969 #### Windows (GPO)
3970 ```
3971 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
3972 ```
3973 #### Windows (Intune)
3974 OMA-URI:
3975 ```
3976 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
3977 ```
3978 Value (string):
3979 ```
3980 <enabled/> or <disabled/>
3981 ```
3982 #### macOS
3983 ```
3984 <dict>
3985 <key>PasswordManagerEnabled</key>
3986 <true/> | <false/>
3987 </dict>
3988 ```
3989 #### policies.json
3990 ```
3991 {
3992 "policies": {
3993 "PasswordManagerEnabled": true | false
3994 }
3995 }
3996 ```
3997 ### PasswordManagerExceptions
3998 Prevent Firefox from saving passwords for specific sites.
3999
4000 The sites are specified as a list of origins.
4001
4002 **Compatibility:** Firefox 101\
4003 **CCK2 Equivalent:** N/A\
4004 **Preferences Affected:** N/A
4005
4006 #### Windows (GPO)
4007 ```
4008 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4009 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4010 ```
4011 #### Windows (Intune)
4012 OMA-URI:
4013 ```
4014 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4015 ```
4016 Value (string):
4017 ```
4018 <enabled/>
4019 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4020 ```
4021 #### macOS
4022 ```
4023 <dict>
4024 <key>PasswordManagerExceptions</key>
4025 <array>
4026 <string>https://example.org</string>
4027 <string>https://example.edu</string>
4028 </array>
4029 </dict>
4030 ```
4031 #### policies.json
4032 ```
4033 {
4034 "policies": {
4035 "PasswordManagerExceptions": ["https://example.org",
4036 "https://example.edu"]
4037 }
4038 }
4039 ```
4040
4041 ### PDFjs
4042 Disable or configure PDF.js, the built-in PDF viewer.
4043
4044 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4045
4046 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4047
4048 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4049
4050 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4051 **CCK2 Equivalent:** N/A\
4052 **Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
4053
4054 #### Windows (GPO)
4055 ```
4056 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4057 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4058 ```
4059 #### Windows (Intune)
4060 OMA-URI:
4061 ```
4062 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4063 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4064 ```
4065 Value (string):
4066 ```
4067 <enabled/>or <disabled/>
4068 ```
4069 #### macOS
4070 ```
4071 <dict>
4072 <key>PDFjs</key>
4073 <dict>
4074 <key>Enabled</key>
4075 <true/> | <false/>
4076 <key>EnablePermissions</key>
4077 <true/> | <false/>
4078 </dict>
4079 </dict>
4080 ```
4081 #### policies.json
4082 ```
4083 {
4084 "policies": {
4085 "PDFjs": {
4086 "Enabled": true | false,
4087 "EnablePermissions": true | false
4088 }
4089 }
4090 }
4091 ```
4092 ### Permissions
4093 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4094
4095 `Allow` is a list of origins where the feature is allowed.
4096
4097 `Block` is a list of origins where the feature is not allowed.
4098
4099 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4100
4101 `Locked` prevents the user from changing preferences for the feature.
4102
4103 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4104
4105 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4106 **CCK2 Equivalent:** N/A\
4107 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4108
4109 #### Windows (GPO)
4110 ```
4111 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4112 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4113 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4114 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4115 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4116 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4117 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4118 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4119 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4120 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4121 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4122 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4123 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4124 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4125 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4126 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4127 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4128 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4129 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4130 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4131 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4132 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4133 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4134 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4135 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4136 ```
4137 #### Windows (Intune)
4138 OMA-URI:
4139 ```
4140 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4141 ```
4142 Value (string):
4143 ```
4144 <enabled/> or <disabled/>
4145 ```
4146 OMA-URI:
4147 ```
4148 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4149 ```
4150 Value (string):
4151 ```
4152 <enabled/> or <disabled/>
4153 ```
4154 OMA-URI:
4155 ```
4156 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4157 ```
4158 Value (string):
4159 ```
4160 <enabled/>
4161 <data id="Permissions" value="1&#xF000;https://example.org"/>
4162 ```
4163 OMA-URI:
4164 ```
4165 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4166 ```
4167 Value (string):
4168 ```
4169 <enabled/> or <disabled/>
4170 ```
4171 OMA-URI:
4172 ```
4173 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4174 ```
4175 Value (string):
4176 ```
4177 <enabled/> or <disabled/>
4178 ```
4179 OMA-URI:
4180 ```
4181 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4182 ```
4183 Value (string):
4184 ```
4185 <enabled/>
4186 <data id="Permissions" value="1&#xF000;https://example.org"/>
4187 ```
4188 OMA-URI:
4189 ```
4190 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4191 ```
4192 Value (string):
4193 ```
4194 <enabled/>
4195 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4196 ```
4197 OMA-URI:
4198 ```
4199 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4200 ```
4201 Value (string):
4202 ```
4203 <enabled/>
4204 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4205 ```
4206 OMA-URI:
4207 ```
4208 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4209 ```
4210 Value (string):
4211 ```
4212 <enabled/> or <disabled/>
4213 ```
4214 OMA-URI:
4215 ```
4216 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4217 ```
4218 Value (string):
4219 ```
4220 <enabled/>
4221 <data id="Permissions" value="1&#xF000;https://example.org"/>
4222 ```
4223 OMA-URI:
4224 ```
4225 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4226 ```
4227 Value (string):
4228 ```
4229 <enabled/>
4230 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4231 ```
4232 OMA-URI:
4233 ```
4234 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4235 ```
4236 Value (string):
4237 ```
4238 <enabled/> or <disabled/>
4239 ```
4240 OMA-URI:
4241 ```
4242 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4243 ```
4244 Value (string):
4245 ```
4246 <enabled/> or <disabled/>
4247 ```
4248 #### macOS
4249 ```
4250 <dict>
4251 <key>Permissions</key>
4252 <dict>
4253 <key>Camera</key>
4254 <dict>
4255 <key>Allow</key>
4256 <array>
4257 <string>https://example.org</string>
4258 <string>https://example.org:1234</string>
4259 </array>
4260 <key>Block</key>
4261 <array>
4262 <string>https://example.edu</string>
4263 </array>
4264 <key>BlockNewRequests</key>
4265 <true/> | <false/>
4266 <key>Locked</key>
4267 <true/> | <false/>
4268 </dict>
4269 <key>Microphone</key>
4270 <dict>
4271 <key>Allow</key>
4272 <array>
4273 <string>https://example.org</string>
4274 </array>
4275 <key>Block</key>
4276 <array>
4277 <string>https://example.edu</string>
4278 </array>
4279 <key>BlockNewRequests</key>
4280 <true/> | <false/>
4281 <key>Locked</key>
4282 <true/> | <false/>
4283 </dict>
4284 <key>Location</key>
4285 <dict>
4286 <key>Allow</key>
4287 <array>
4288 <string>https://example.org</string>
4289 </array>
4290 <key>Block</key>
4291 <array>
4292 <string>https://example.edu</string>
4293 </array>
4294 <key>BlockNewRequests</key>
4295 <true/> | <false/>
4296 <key>Locked</key>
4297 <true/> | <false/>
4298 </dict>
4299 <key>Notifications</key>
4300 <dict>
4301 <key>Allow</key>
4302 <array>
4303 <string>https://example.org</string>
4304 </array>
4305 <key>Block</key>
4306 <array>
4307 <string>https://example.edu</string>
4308 </array>
4309 <key>BlockNewRequests</key>
4310 <true/>
4311 <key>Locked</key>
4312 <true/>
4313 </dict>
4314 <key>Autoplay</key>
4315 <dict>
4316 <key>Allow</key>
4317 <array>
4318 <string>https://example.org</string>
4319 </array>
4320 <key>Block</key>
4321 <array>
4322 <string>https://example.edu</string>
4323 </array>
4324 <key>Default</key>
4325 <string>allow-audio-video | block-audio | block-audio-video</string>
4326 <key>Locked</key>
4327 <true/> | <false/>
4328 </dict>
4329 </dict>
4330 </dict>
4331 ```
4332 #### policies.json
4333 ```
4334 {
4335 "policies": {
4336 "Permissions": {
4337 "Camera": {
4338 "Allow": ["https://example.org","https://example.org:1234"],
4339 "Block": ["https://example.edu"],
4340 "BlockNewRequests": true | false,
4341 "Locked": true | false
4342 },
4343 "Microphone": {
4344 "Allow": ["https://example.org"],
4345 "Block": ["https://example.edu"],
4346 "BlockNewRequests": true | false,
4347 "Locked": true | false
4348 },
4349 "Location": {
4350 "Allow": ["https://example.org"],
4351 "Block": ["https://example.edu"],
4352 "BlockNewRequests": true | false,
4353 "Locked": true | false
4354 },
4355 "Notifications": {
4356 "Allow": ["https://example.org"],
4357 "Block": ["https://example.edu"],
4358 "BlockNewRequests": true | false,
4359 "Locked": true | false
4360 },
4361 "Autoplay": {
4362 "Allow": ["https://example.org"],
4363 "Block": ["https://example.edu"],
4364 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4365 "Locked": true | false
4366 }
4367 }
4368 }
4369 }
4370 ```
4371 ### PictureInPicture
4372
4373 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4374
4375 **Compatibility:** Firefox 78, Firefox ESR 78\
4376 **CCK2 Equivalent:** N/A\
4377 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4378
4379 #### Windows (GPO)
4380 ```
4381 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4382 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4383
4384 ```
4385 #### Windows (Intune)
4386 OMA-URI:
4387 ```
4388 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4389 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4390 ```
4391 Value (string):
4392 ```
4393 <enabled/> or <disabled/>
4394 ```
4395 #### macOS
4396 ```
4397 <dict>
4398 <key>PictureInPicture</key>
4399 <dict>
4400 <key>Enabled</key>
4401 <true/> | <false/>
4402 <key>Locked</key>
4403 <true/> | <false/>
4404 </dict>
4405 </dict>
4406 ```
4407 #### policies.json
4408 ```
4409 {
4410 "policies": {
4411 "PictureInPicture": {
4412 "Enabled": true | false,
4413 "Locked": true | false
4414 }
4415 }
4416 }
4417 ```
4418 ### PopupBlocking
4419 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4420
4421 `Allow` is a list of origins where popup-windows are allowed.
4422
4423 `Default` determines whether or not pop-up windows are allowed by default.
4424
4425 `Locked` prevents the user from changing pop-up preferences.
4426
4427 **Compatibility:** Firefox 60, Firefox ESR 60\
4428 **CCK2 Equivalent:** `permissions.popup`\
4429 **Preferences Affected:** `dom.disable_open_during_load`
4430
4431 #### Windows (GPO)
4432 ```
4433 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4434 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4435 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4436 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4437 ```
4438 #### Windows (Intune)
4439 OMA-URI:
4440 ```
4441 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4442 ```
4443 Value (string):
4444 ```
4445 <enabled/>
4446 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4447 ```
4448 OMA-URI:
4449 ```
4450 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4451 ```
4452 Value (string):
4453 ```
4454 <enabled/> or <disabled/>
4455 ```
4456 OMA-URI:
4457 ```
4458 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4459 ```
4460 Value (string):
4461 ```
4462 <enabled/> or <disabled/>
4463 ```
4464 #### macOS
4465 ```
4466 <dict>
4467 <key>PopupBlocking</key>
4468 <dict>
4469 <key>Allow</key>
4470 <array>
4471 <string>http://example.org</string>
4472 <string>http://example.edu</string>
4473 </array>
4474 <key>Default</key>
4475 <true/> | <false/>
4476 <key>Locked</key>
4477 <true/> | <false/>
4478 </dict>
4479 </dict>
4480 ```
4481 #### policies.json
4482 ```
4483 {
4484 "policies": {
4485 "PopupBlocking": {
4486 "Allow": ["http://example.org/",
4487 "http://example.edu/"],
4488 "Default": true | false,
4489 "Locked": true | false
4490 }
4491 }
4492 }
4493 ```
4494 ### Preferences
4495 Set and lock preferences.
4496
4497 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4498
4499 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4500
4501 Preferences that start with the following prefixes are supported:
4502 ```
4503 accessibility.
4504 app.update.* (Firefox 86, Firefox 78.8)
4505 browser.
4506 datareporting.policy.
4507 dom.
4508 extensions.
4509 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4510 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4511 geo.
4512 gfx.
4513 intl.
4514 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4515 layers.
4516 layout.
4517 media.
4518 network.
4519 pdfjs. (Firefox 84, Firefox ESR 78.6)
4520 places.
4521 print.
4522 signon. (Firefox 83, Firefox ESR 78.5)
4523 spellchecker. (Firefox 84, Firefox ESR 78.6)
4524 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4525 ui.
4526 widget.
4527 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4528 ```
4529 as well as the following security preferences:
4530
4531 | Preference | Type | Default
4532 | --- | --- | --- |
4533 | security.default_personal_cert | string | Ask Every Time
4534 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4535 | security.insecure_connection_text.enabled | bool | false
4536 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4537 | security.insecure_connection_text.pbmode.enabled | bool | false
4538 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4539 | security.mixed_content.block_active_content | boolean | true
4540 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4541 | security.osclientcerts.autoload | boolean | false
4542 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4543 | security.OCSP.enabled | integer | 1
4544 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates.
4545 | security.OCSP.require | boolean | false
4546 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4547 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4548 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
4549 | security.ssl.enable_ocsp_stapling | boolean | true
4550 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4551 | security.ssl.errorReporting.enabled | boolean | true
4552 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4553 | security.ssl.require_safe_negotiation | boolean | false
4554 | &nbsp;&nbsp;&nbsp;&nbsp;If true, Firefox will only negotiate TLS connections with servers that indicate they support secure renegotiation. (Firefox 118, Firefox ESR 115.3)
4555 | security.tls.enable_0rtt_data | boolean | true
4556 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off. (Firefox 93, Firefox 91.2, Firefox 78.15)
4557 | security.tls.hello_downgrade_check | boolean | true
4558 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4559 | security.tls.version.enable-deprecated | boolean | false
4560 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1. (Firefox 86, Firefox 78.8)
4561 | security.warn_submit_secure_to_insecure | boolean | true
4562 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4563
4564 Using the preference as the key, set the `Value` to the corresponding preference value.
4565
4566 `Status` can be "default", "locked", "user" or "clear"
4567
4568 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4569 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4570 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4571 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4572
4573 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4574
4575 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4576
4577 See the examples below for more detail.
4578
4579 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4580
4581 Status
4582 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4583 **CCK2 Equivalent:** `preferences`\
4584 **Preferences Affected:** Many
4585
4586 #### Windows (GPO)
4587 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4588 ```
4589 {
4590 "accessibility.force_disabled": {
4591 "Value": 1,
4592 "Status": "default"
4593 },
4594 "browser.cache.disk.parent_directory": {
4595 "Value": "SOME_NATIVE_PATH",
4596 "Status": "user"
4597 },
4598 "browser.tabs.warnOnClose": {
4599 "Value": false,
4600 "Status": "locked"
4601 }
4602 }
4603 ```
4604 #### Windows (Intune)
4605 OMA-URI:
4606 ```
4607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4608 ```
4609 Value (string):
4610 ```
4611 <enabled/>
4612 <data id="JSON" value='
4613 {
4614 "accessibility.force_disabled": {
4615 "Value": 1,
4616 "Status": "default"
4617 },
4618 "browser.cache.disk.parent_directory": {
4619 "Value": "SOME_NATIVE_PATH",
4620 "Status": "user"
4621 },
4622 "browser.tabs.warnOnClose": {
4623 "Value": false,
4624 "Status": "locked"
4625 }
4626 }'/>
4627 ```
4628 #### macOS
4629 ```
4630 <dict>
4631 <key>Preferences</key>
4632 <dict>
4633 <key>accessibility.force_disabled</key>
4634 <dict>
4635 <key>Value</key>
4636 <integer>1</integer>
4637 <key>Status</key>
4638 <string>default</string>
4639 </dict>
4640 <key>browser.cache.disk.parent_directory</key>
4641 <dict>
4642 <key>Value</key>
4643 <string>SOME_NATIVE_PATH</string>
4644 <key>Status</key>
4645 <string>user</string>
4646 </dict>
4647 <key>browser.tabs.warnOnClose</key>
4648 <dict>
4649 <key>Value</key>
4650 <false/>
4651 <key>Status</key>
4652 <string>locked</string>
4653 </dict>
4654 </dict>
4655 </dict>
4656 ```
4657 #### policies.json
4658 ```
4659 {
4660 "policies": {
4661 "Preferences": {
4662 "accessibility.force_disabled": {
4663 "Value": 1,
4664 "Status": "default"
4665 },
4666 "browser.cache.disk.parent_directory": {
4667 "Value": "SOME_NATIVE_PATH",
4668 "Status": "user"
4669 },
4670 "browser.tabs.warnOnClose": {
4671 "Value": false,
4672 "Status": "locked"
4673 }
4674 }
4675 }
4676 }
4677 ```
4678 ### PrimaryPassword
4679 Require or prevent using a primary (formerly master) password.
4680
4681 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4682
4683 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4684
4685 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4686 **CCK2 Equivalent:** `noMasterPassword`\
4687 **Preferences Affected:** N/A
4688
4689 #### Windows (GPO)
4690 ```
4691 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4692 ```
4693 #### Windows (Intune)
4694 OMA-URI:
4695 ```
4696 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4697 ```
4698 Value (string):
4699 ```
4700 <enabled/> or <disabled/>
4701 ```
4702 #### macOS
4703 ```
4704 <dict>
4705 <key>PrimaryPassword</key>
4706 <true/> | <false/>
4707 </dict>
4708 ```
4709 #### policies.json
4710 ```
4711 {
4712 "policies": {
4713 "PrimaryPassword": true | false
4714 }
4715 }
4716 ```
4717 ### PromptForDownloadLocation
4718 Ask where to save each file before downloading.
4719
4720 **Compatibility:** Firefox 68, Firefox ESR 68\
4721 **CCK2 Equivalent:** N/A\
4722 **Preferences Affected:** `browser.download.useDownloadDir`
4723
4724 #### Windows (GPO)
4725 ```
4726 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4727 ```
4728 #### Windows (Intune)
4729 OMA-URI:
4730 ```
4731 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4732 ```
4733 Value (string):
4734 ```
4735 <enabled/> or <disabled/>
4736 ```
4737 #### macOS
4738 ```
4739 <dict>
4740 <key>PromptForDownloadLocation</key>
4741 <true/> | <false/>
4742 </dict>
4743 ```
4744 #### policies.json
4745 ```
4746 {
4747 "policies": {
4748 "PromptForDownloadLocation": true | false
4749 }
4750 }
4751 ```
4752 ### Proxy
4753 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
4754 To specify ports, append them to the hostnames with a colon (:).
4755
4756 Unless you lock this policy, changes the user already has in place will take effect.
4757
4758 `Mode` is the proxy method being used.
4759
4760 `Locked` is whether or not proxy settings can be changed.
4761
4762 `HTTPProxy` is the HTTP proxy server.
4763
4764 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
4765
4766 `SSLProxy` is the SSL proxy server.
4767
4768 `FTPProxy` is the FTP proxy server.
4769
4770 `SOCKSProxy` is the SOCKS proxy server
4771
4772 `SOCKSVersion` is the SOCKS version (4 or 5)
4773
4774 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
4775
4776 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
4777
4778 `AutoLogin` means do not prompt for authentication if password is saved.
4779
4780 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
4781
4782 **Compatibility:** Firefox 60, Firefox ESR 60\
4783 **CCK2 Equivalent:** `networkProxy*`\
4784 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
4785
4786 #### Windows (GPO)
4787 ```
4788 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
4789 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
4790 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
4791 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
4792 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
4793 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
4794 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
4795 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
4796 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
4797 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
4798 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
4799 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
4800 ```
4801 #### Windows (Intune)
4802 **Note**
4803 These setttings were moved to a category to make them easier to configure via Intune.
4804
4805 OMA-URI:
4806 ```
4807 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
4808 ```
4809 Value (string):
4810 ```
4811 <enabled/> or <disabled/>
4812 ```
4813 OMA-URI:
4814 ```
4815 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
4816 ```
4817 Value (string):
4818 ```
4819 <enabled/>
4820 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4821 ```
4822 OMA-URI:
4823 ```
4824 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
4825 ```
4826 Value (string):
4827 ```
4828 <enabled/>
4829 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
4830 ```
4831 OMA-URI:
4832 ```
4833 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
4834 ```
4835 Value (string):
4836 ```
4837 <enabled/> or <disabled/>
4838 ```
4839 OMA-URI:
4840 ```
4841 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
4842 ```
4843 Value (string):
4844 ```
4845 <enabled/>
4846 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
4847 ```
4848 OMA-URI:
4849 ```
4850 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
4851 ```
4852 Value (string):
4853 ```
4854 <enabled/>
4855 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
4856 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
4857 ```
4858 OMA-URI:
4859 ```
4860 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
4861 ```
4862 Value (string):
4863 ```
4864 <enabled/>
4865 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4866 ```
4867 OMA-URI:
4868 ```
4869 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
4870 ```
4871 Value (string):
4872 ```
4873 <enabled/>
4874 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
4875 ```
4876 OMA-URI:
4877 ```
4878 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
4879 ```
4880 Value (string):
4881 ```
4882 <enabled/> or <disabled/>
4883 ```
4884 OMA-URI:
4885 ```
4886 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
4887 ```
4888 Value (string):
4889 ```
4890 <enabled/> or <disabled/>
4891 ```
4892 OMA-URI (Old way):
4893 ```
4894 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
4895 ```
4896 Value (string):
4897 ```
4898 <enabled/>
4899 <data id="ProxyLocked" value="true | false"/>
4900 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4901 <data id="HTTPProxy" value="httpproxy.example.com"/>
4902 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
4903 <data id="SSLProxy" value="sslproxy.example.com"/>
4904 <data id="FTPProxy" value="ftpproxy.example.com"/>
4905 <data id="SOCKSProxy" value="socksproxy.example.com"/>
4906 <data id="SOCKSVersion" value="4 | 5"/>
4907 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4908 <data id="Passthrough" value="<local>"/>
4909 <data id="AutoLogin" value="true | false"/>
4910 <data id="UseProxyForDNS" value="true | false"/>
4911 ```
4912 #### macOS
4913 ```
4914 <dict>
4915 <key>Proxy</key>
4916 <dict>
4917 <key>Mode</key>
4918 <string>none | system | manual | autoDetect | autoConfig</string>
4919 <key>Locked</key>
4920 <true> | </false>
4921 <key>HTTPProxy</key>
4922 <string>https://httpproxy.example.com</string>
4923 <key>UseHTTPProxyForAllProtocols</key>
4924 <true> | </false>
4925 <key>SSLProxy</key>
4926 <string>https://sslproxy.example.com</string>
4927 <key>FTPProxy</key>
4928 <string>https://ftpproxy.example.com</string>
4929 <key>SOCKSProxy</key>
4930 <string>https://socksproxy.example.com</string>
4931 <key>SOCKSVersion</key>
4932 <string>4 | 5</string>
4933 <key>Passthrough</key>
4934 <string>&lt;local>&gt;</string>
4935 <key>AutoConfigURL</key>
4936 <string>URL_TO_AUTOCONFIG</string>
4937 <key>AutoLogin</key>
4938 <true> | </false>
4939 <key>UseProxyForDNS</key>
4940 <true> | </false>
4941 </dict>
4942 </dict>
4943 ```
4944 #### policies.json
4945 ```
4946 {
4947 "policies": {
4948 "Proxy": {
4949 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
4950 "Locked": true | false,
4951 "HTTPProxy": "hostname",
4952 "UseHTTPProxyForAllProtocols": true | false,
4953 "SSLProxy": "hostname",
4954 "FTPProxy": "hostname",
4955 "SOCKSProxy": "hostname",
4956 "SOCKSVersion": 4 | 5,
4957 "Passthrough": "<local>",
4958 "AutoConfigURL": "URL_TO_AUTOCONFIG",
4959 "AutoLogin": true | false,
4960 "UseProxyForDNS": true | false
4961 }
4962 }
4963 }
4964 ```
4965 ### RequestedLocales
4966 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
4967
4968 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
4969
4970 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
4971 **CCK2 Equivalent:** N/A\
4972 **Preferences Affected:** N/A
4973 #### Windows (GPO)
4974 ```
4975 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
4976 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
4977
4978 or
4979
4980 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
4981 ```
4982 #### Windows (Intune)
4983 OMA-URI:
4984 ```
4985 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
4986 ```
4987 Value (string):
4988 ```
4989 <enabled/>
4990 <data id="Preferences_String" value="de,en-US"/>
4991 ```
4992 #### macOS
4993 ```
4994 <dict>
4995 <key>RequestedLocales</key>
4996 <array>
4997 <string>de</string>
4998 <string>en-US</string>
4999 </array>
5000 </dict>
5001
5002 or
5003
5004 <dict>
5005 <key>RequestedLocales</key>
5006 <string>de,en-US</string>
5007 </dict>
5008
5009 ```
5010 #### policies.json
5011 ```
5012 {
5013 "policies": {
5014 "RequestedLocales": ["de", "en-US"]
5015 }
5016 }
5017
5018 or
5019
5020 {
5021 "policies": {
5022 "RequestedLocales": "de,en-US"
5023 }
5024 }
5025 ```
5026 <a name="SanitizeOnShutdown"></a>
5027
5028 ### SanitizeOnShutdown (Selective)
5029 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5030
5031 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5032
5033 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5034 **CCK2 Equivalent:** N/A\
5035 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5036 #### Windows (GPO)
5037 ```
5038 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5039 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5040 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5041 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5042 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5043 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5044 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5045 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5046 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5047 ```
5048 #### Windows (Intune)
5049 OMA-URI:
5050 ```
5051 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5052 ```
5053 Value (string):
5054 ```
5055 <enabled/> or <disabled/>
5056 ```
5057 OMA-URI:
5058 ```
5059 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5060 ```
5061 Value (string):
5062 ```
5063 <enabled/> or <disabled/>
5064 ```
5065 OMA-URI:
5066 ```
5067 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5068 ```
5069 Value (string):
5070 ```
5071 <enabled/> or <disabled/>
5072 ```
5073 OMA-URI:
5074 ```
5075 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5076 ```
5077 Value (string):
5078 ```
5079 <enabled/> or <disabled/>
5080 ```
5081 OMA-URI:
5082 ```
5083 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5084 ```
5085 Value (string):
5086 ```
5087 <enabled/> or <disabled/>
5088 ```
5089 OMA-URI:
5090 ```
5091 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5092 ```
5093 Value (string):
5094 ```
5095 <enabled/> or <disabled/>
5096 ```
5097 OMA-URI:
5098 ```
5099 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5100 ```
5101 Value (string):
5102 ```
5103 <enabled/> or <disabled/>
5104 ```
5105 OMA-URI:
5106 ```
5107 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5108 ```
5109 Value (string):
5110 ```
5111 <enabled/> or <disabled/>
5112 ```
5113 OMA-URI:
5114 ```
5115 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5116 ```
5117 Value (string):
5118 ```
5119 <enabled/> or <disabled/>
5120 ```
5121 #### macOS
5122 ```
5123 <dict>
5124 <key>SanitizeOnShutdown</key>
5125 <dict>
5126 <key>Cache</key>
5127 <true/> | <false/>
5128 <key>Cookies</key>
5129 <true/> | <false/>
5130 <key>Downloads</key>
5131 <true/> | <false/>
5132 <key>FormData</key>
5133 <true/> | <false/>
5134 <key>History</key>
5135 <true/> | <false/>
5136 <key>Sessions</key>
5137 <true/> | <false/>
5138 <key>SiteSettings</key>
5139 <true/> | <false/>
5140 <key>OfflineApps</key>
5141 <true/> | <false/>
5142 <key>Locked</key>
5143 <true/> | <false/>
5144 </dict>
5145 </dict>
5146 ```
5147 #### policies.json
5148 ```
5149 {
5150 "policies": {
5151 "SanitizeOnShutdown": {
5152 "Cache": true | false,
5153 "Cookies": true | false,
5154 "Downloads": true | false,
5155 "FormData": true | false,
5156 "History": true | false,
5157 "Sessions": true | false,
5158 "SiteSettings": true | false,
5159 "OfflineApps": true | false,
5160 "Locked": true | false
5161 }
5162 }
5163 }
5164 ```
5165 ### SanitizeOnShutdown (All)
5166 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5167
5168 **Compatibility:** Firefox 60, Firefox ESR 60\
5169 **CCK2 Equivalent:** N/A\
5170 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5171 #### Windows (GPO)
5172 ```
5173 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5174 ```
5175 #### Windows (Intune)
5176 OMA-URI:
5177 ```
5178 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5179 ```
5180 Value (string):
5181 ```
5182 <enabled/> or <disabled/>
5183 ```
5184 #### macOS
5185 ```
5186 <dict>
5187 <key>SanitizeOnShutdown</key>
5188 <true/> | <false/>
5189 </dict>
5190 ```
5191 #### policies.json
5192 ```
5193 {
5194 "policies": {
5195 "SanitizeOnShutdown": true | false
5196 }
5197 }
5198 ```
5199 ### SearchBar
5200 Set whether or not search bar is displayed.
5201
5202 **Compatibility:** Firefox 60, Firefox ESR 60\
5203 **CCK2 Equivalent:** `showSearchBar`\
5204 **Preferences Affected:** N/A
5205
5206 #### Windows (GPO)
5207 ```
5208 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5209 ```
5210
5211 #### Windows (Intune)
5212 OMA-URI:
5213 ```
5214 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5215 ```
5216 Value (string):
5217 ```
5218 <enabled/>
5219 <data id="SearchBar" value="unified | separate"/>
5220 ```
5221 #### macOS
5222 ```
5223 <dict>
5224 <key>SearchBar</key>
5225 <string>unified | separate</string>
5226 </dict>
5227 ```
5228 #### policies.json
5229 ```
5230 {
5231 "policies": {
5232 "SearchBar": "unified" | "separate"
5233 }
5234 }
5235 ```
5236 <a name="SearchEngines"></a>
5237
5238 ### SearchEngines (This policy is only available on the ESR.)
5239
5240 ### SearchEngines | Add
5241
5242 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5243
5244 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5245
5246 `Name` is the name of the search engine.
5247
5248 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5249
5250 `Method` is either GET or POST
5251
5252 `IconURL` is a URL for the icon to use.
5253
5254 `Alias` is a keyword to use for the engine.
5255
5256 `Description` is a description of the search engine.
5257
5258 `PostData` is the POST data as name value pairs separated by &.
5259
5260 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5261
5262 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5263
5264 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5265 **CCK2 Equivalent:** `searchplugins`\
5266 **Preferences Affected:** N/A
5267
5268 #### Windows (GPO)
5269 ```
5270 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5271 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5272 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5273 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5274 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5275 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5276 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5277 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5278 ```
5279 #### Windows (Intune)
5280 OMA-URI:
5281 ```
5282 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5283 ```
5284 Value (string):
5285 ```
5286 <enabled/>
5287 <data id="SearchEngine_Name" value="Example1"/>
5288 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5289 <data id="SearchEngine_Method" value="GET | POST"/>
5290 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5291 <data id="SearchEngine_Alias" value="example"/>
5292 <data id="SearchEngine_Description" value="Example Description"/>
5293 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5294 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5295 ```
5296 #### macOS
5297 ```
5298 <dict>
5299 <key>SearchEngines</key>
5300 <dict>
5301 <key>Add</key>
5302 <array>
5303 <dict>
5304 <key>Name</key>
5305 <string>Example1</string>
5306 <key>URLTemplate</key>
5307 <string>https://www.example.org/q={searchTerms}</string>
5308 <key>Method</key>
5309 <string>GET | POST </string>
5310 <key>IconURL</key>
5311 <string>https://www.example.org/favicon.ico</string>
5312 <key>Alias</key>
5313 <string>example</string>
5314 <key>Description</key>
5315 <string>Example Description</string>
5316 <key>SuggestURLTemplate</key>
5317 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5318 <key>PostData</key>
5319 <string>name=value&q={searchTerms}</string>
5320 </dict>
5321 <array>
5322 </dict>
5323 </dict>
5324 ```
5325 #### policies.json
5326 ```
5327 {
5328 "policies": {
5329 "SearchEngines": {
5330 "Add": [
5331 {
5332 "Name": "Example1",
5333 "URLTemplate": "https://www.example.org/q={searchTerms}",
5334 "Method": "GET" | "POST",
5335 "IconURL": "https://www.example.org/favicon.ico",
5336 "Alias": "example",
5337 "Description": "Description",
5338 "PostData": "name=value&q={searchTerms}",
5339 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5340 }
5341 ]
5342 }
5343 }
5344 }
5345 ```
5346 ### SearchEngines | Default
5347
5348 Set the default search engine. This policy is only available on the ESR.
5349
5350 **Compatibility:** Firefox ESR 60\
5351 **CCK2 Equivalent:** `defaultSearchEngine`\
5352 **Preferences Affected:** N/A
5353
5354 #### Windows (GPO)
5355 ```
5356 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5357 ```
5358 #### Windows (Intune)
5359 OMA-URI:
5360 ```
5361 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5362 ```
5363 Value (string):
5364 ```
5365 <enabled/>
5366 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5367 ```
5368 #### macOS
5369 ```
5370 <dict>
5371 <key>SearchEngines</key>
5372 <dict>
5373 <key>Default</key>
5374 <string>NAME_OF_SEARCH_ENGINE</string>
5375 </dict>
5376 </dict>
5377 ```
5378 #### policies.json
5379 ```
5380 {
5381 "policies": {
5382 "SearchEngines": {
5383 "Default": "NAME_OF_SEARCH_ENGINE"
5384 }
5385 }
5386 }
5387 ```
5388 ### SearchEngines | PreventInstalls
5389
5390 Prevent installing search engines from webpages.
5391
5392 **Compatibility:** Firefox ESR 60\
5393 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5394 **Preferences Affected:** N/A
5395
5396 #### Windows (GPO)
5397 ```
5398 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5399 ```
5400 #### Windows (Intune)
5401 OMA-URI:
5402 ```
5403 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5404 ```
5405 Value (string):
5406 ```
5407 <enabled/> or <disabled/>
5408 ```
5409 #### macOS
5410 ```
5411 <dict>
5412 <key>SearchEngines</key>
5413 <dict>
5414 <key>PreventInstalls</key>
5415 <true/> | <false/>
5416 </dict>
5417 </dict>
5418 ```
5419 #### policies.json
5420 ```
5421 {
5422 "policies": {
5423 "SearchEngines": {
5424 "PreventInstalls": true | false
5425 }
5426 }
5427 }
5428 ```
5429 ### SearchEngines | Remove
5430
5431 Hide built-in search engines. This policy is only available on the ESR.
5432
5433 **Compatibility:** Firefox ESR 60.2\
5434 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5435 **Preferences Affected:** N/A
5436
5437 #### Windows (GPO)
5438 ```
5439 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5440 ```
5441 #### Windows (Intune)
5442 OMA-URI:
5443 ```
5444 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5445 ```
5446 Value (string):
5447 ```
5448 <enabled/>
5449 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5450 ```
5451 #### macOS
5452 ```
5453 <dict>
5454 <key>SearchEngines</key>
5455 <dict>
5456 <key>Remove</key>
5457 <array>
5458 <string>NAME_OF_SEARCH_ENGINE</string>
5459 </array>
5460 </dict>
5461 </dict>
5462 ```
5463 #### policies.json
5464 ```
5465 {
5466 "policies": {
5467 "SearchEngines": {
5468 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5469 }
5470 }
5471 }
5472 ```
5473 ### SearchSuggestEnabled
5474
5475 Enable search suggestions.
5476
5477 **Compatibility:** Firefox 68, Firefox ESR 68\
5478 **CCK2 Equivalent:** N/A\
5479 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5480
5481 #### Windows (GPO)
5482 ```
5483 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5484 ```
5485 #### Windows (Intune)
5486 OMA-URI:
5487 ```
5488 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5489 ```
5490 Value (string):
5491 ```
5492 <enabled/> or <disabled/>
5493 ```
5494 #### macOS
5495 ```
5496 <dict>
5497 <key>SearchSuggestEnabled</key>
5498 <true/> | <false/>
5499 </dict>
5500 ```
5501 #### policies.json
5502 ```
5503 {
5504 "policies": {
5505 "SearchSuggestEnabled": true | false
5506 }
5507 }
5508 ```
5509 ### SecurityDevices
5510
5511 Add or delete PKCS #11 modules.
5512
5513 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5514 **CCK2 Equivalent:** N/A\
5515 **Preferences Affected:** N/A
5516
5517 #### Windows (GPO)
5518 ```
5519 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5520 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5521 ```
5522 #### Windows (Intune)
5523 OMA-URI:
5524 ```
5525 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5526 ```
5527 Value (string):
5528 ```
5529 <enabled/>
5530 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5531 ```
5532 OMA-URI:
5533 ```
5534 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5535 ```
5536 Value (string):
5537 ```
5538 <enabled/>
5539 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5540 ```
5541 #### macOS
5542 ```
5543 <dict>
5544 <key>SecurityDevices</key>
5545 <dict>
5546 <key>Add<key>
5547 <dict>
5548 <key>NAME_OF_DEVICE_TO_ADD</key>
5549 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5550 </dict>
5551 <key>Delete</add>
5552 <array>
5553 <string>NAME_OF_DEVICE_TO_DELETE</string>
5554 </array>
5555 </dict>
5556 </dict>
5557 ```
5558 #### policies.json
5559 ```
5560 {
5561 "policies": {
5562 "SecurityDevices": {
5563 "Add": {
5564 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5565 },
5566 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5567 }
5568 }
5569 }
5570 ```
5571 ### SecurityDevices (Deprecated)
5572
5573 Install PKCS #11 modules.
5574
5575 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5576 **CCK2 Equivalent:** `certs.devices`\
5577 **Preferences Affected:** N/A
5578
5579 #### Windows (GPO)
5580 ```
5581 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5582 ```
5583 #### Windows (Intune)
5584 OMA-URI:
5585 ```
5586 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5587 ```
5588 Value (string):
5589 ```
5590 <enabled/>
5591 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5592 ```
5593 #### macOS
5594 ```
5595 <dict>
5596 <key>SecurityDevices</key>
5597 <dict>
5598 <key>NAME_OF_DEVICE</key>
5599 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5600 </dict>
5601 </dict>
5602 ```
5603 #### policies.json
5604 ```
5605 {
5606 "policies": {
5607 "SecurityDevices": {
5608 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5609 }
5610 }
5611 }
5612 ```
5613 ### ShowHomeButton
5614 Show the home button on the toolbar.
5615
5616 Future versions of Firefox will not show the home button by default.
5617
5618 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5619 **CCK2 Equivalent:** N/A\
5620 **Preferences Affected:** N/A
5621
5622 #### Windows (GPO)
5623 ```
5624 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5625 ```
5626 #### Windows (Intune)
5627 OMA-URI:
5628 ```
5629 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5630 ```
5631 Value (string):
5632 ```
5633 <enabled/> or <disabled/>
5634 ```
5635 #### macOS
5636 ```
5637 <dict>
5638 <key>ShowHomeButton</key>
5639 <true/> | <false/>
5640 </dict>
5641 ```
5642 #### policies.json
5643 ```
5644 {
5645 "policies": {
5646 "ShowHomeButton": true | false
5647 }
5648 }
5649 ```
5650 ### SSLVersionMax
5651
5652 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5653
5654 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5655 **CCK2 Equivalent:** N/A\
5656 **Preferences Affected:** `security.tls.version.max`
5657
5658 #### Windows (GPO)
5659 ```
5660 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5661 ```
5662 #### Windows (Intune)
5663 OMA-URI:
5664 ```
5665 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5666 ```
5667 Value (string):
5668 ```
5669 <enabled/>
5670 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5671 ```
5672 #### macOS
5673 ```
5674 <dict>
5675 <key>SSLVersionMax</key>
5676 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5677 </dict>
5678 ```
5679
5680 #### policies.json
5681 ```
5682 {
5683 "policies": {
5684 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5685 }
5686 }
5687 ```
5688 ### SSLVersionMin
5689
5690 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5691
5692 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5693 **CCK2 Equivalent:** N/A\
5694 **Preferences Affected:** `security.tls.version.min`
5695
5696 #### Windows (GPO)
5697 ```
5698 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5699 ```
5700 #### Windows (Intune)
5701 OMA-URI:
5702 ```
5703 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5704 ```
5705 Value (string):
5706 ```
5707 <enabled/>
5708 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5709 ```
5710 #### macOS
5711 ```
5712 <dict>
5713 <key>SSLVersionMin</key>
5714 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5715 </dict>
5716 ```
5717
5718 #### policies.json
5719 ```
5720 {
5721 "policies": {
5722 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5723 }
5724 }
5725 ```
5726 ### SupportMenu
5727 Add a menuitem to the help menu for specifying support information.
5728
5729 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5730 **CCK2 Equivalent:** helpMenu\
5731 **Preferences Affected:** N/A
5732
5733 #### Windows (GPO)
5734 ```
5735 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5736 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5737 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5738 ```
5739 #### Windows (Intune)
5740 OMA-URI:
5741 ```
5742 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5743 ```
5744 Value (string):
5745 ```
5746 <enabled/>
5747 <data id="SupportMenuTitle" value="Support Menu"/>
5748 <data id="SupportMenuURL" value="http://example.com/support"/>
5749 <data id="SupportMenuAccessKey" value="S"/>
5750 ```
5751 #### macOS
5752 ```
5753 <dict>
5754 <key>SupportMenu</key>
5755 <dict>
5756 <key>Title</key>
5757 <string>SupportMenu</string>
5758 <key>URL</key>
5759 <string>http://example.com/support</string>
5760 <key>AccessKey</key>
5761 <string>S</string>
5762 </dict>
5763 </dict>
5764 ```
5765 #### policies.json
5766 ```
5767 {
5768 "policies": {
5769 "SupportMenu": {
5770 "Title": "Support Menu",
5771 "URL": "http://example.com/support",
5772 "AccessKey": "S"
5773 }
5774 }
5775 }
5776 ```
5777 ### StartDownloadsInTempDirectory
5778 Force downloads to start off in a local, temporary location rather than the default download directory.
5779
5780 **Compatibility:** Firefox 102\
5781 **CCK2 Equivalent:** N/A\
5782 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
5783
5784 #### Windows (GPO)
5785 ```
5786 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
5787 ```
5788 #### Windows (Intune)
5789 OMA-URI:
5790 ```
5791 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
5792 ```
5793 Value (string):
5794 ```
5795 <enabled/> or <disabled/>
5796 ```
5797 #### macOS
5798 ```
5799 <dict>
5800 <key>StartDownloadsInTempDirectory</key>
5801 <true/> | <false/>
5802 </dict>
5803 ```
5804 #### policies.json
5805 ```
5806 {
5807 "policies": {
5808 "StartDownloadsInTempDirectory": true | false
5809 }
5810 ```
5811 ### UserMessaging
5812
5813 Prevent Firefox from messaging the user in certain situations.
5814
5815 `WhatsNew` Remove the "What's New" icon and menuitem.
5816
5817 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
5818
5819 `FeatureRecommendations` If false, don't recommend browser features.
5820
5821 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
5822
5823 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
5824
5825 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
5826
5827 `Locked` prevents the user from changing user messaging preferences.
5828
5829 **Compatibility:** Firefox 75, Firefox ESR 68.7\
5830 **CCK2 Equivalent:** N/A\
5831 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
5832
5833 #### Windows (GPO)
5834 ```
5835 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
5836 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
5837 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
5838 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
5839 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
5840 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
5841 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
5842 ```
5843 #### Windows (Intune)
5844 OMA-URI:
5845 ```
5846 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
5847 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
5848 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
5849 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
5850 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
5851 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
5852 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
5853 ```
5854 Value (string):
5855 ```
5856 <enabled/> or <disabled/>
5857 ```
5858 #### macOS
5859 ```
5860 <dict>
5861 <key>UserMessaging</key>
5862 <dict>
5863 <key>WhatsNew</key>
5864 <true/> | <false/>
5865 <key>ExtensionRecommendations</key>
5866 <true/> | <false/>
5867 <key>FeatureRecommendations</key>
5868 <true/> | <false/>
5869 <key>UrlbarInterventions</key>
5870 <true/> | <false/>
5871 <key>SkipOnboarding</key>
5872 <true/> | <false/>
5873 <key>MoreFromMozilla</key>
5874 <true/> | <false/>
5875 <key>Locked</key>
5876 <true/> | <false/>
5877 </dict>
5878 </dict>
5879 ```
5880 #### policies.json
5881 ```
5882 {
5883 "policies": {
5884 "UserMessaging": {
5885 "WhatsNew": true | false,
5886 "ExtensionRecommendations": true | false,
5887 "FeatureRecommendations": true | false,
5888 "UrlbarInterventions": true | false,
5889 "SkipOnboarding": true | false,
5890 "MoreFromMozilla": true | false,
5891 "Locked": true | false
5892 }
5893 }
5894 }
5895 ```
5896 ### UseSystemPrintDialog
5897 Use the system print dialog instead of the print preview window.
5898
5899 **Compatibility:** Firefox 102\
5900 **CCK2 Equivalent:** N/A\
5901 **Preferences Affected:** `print.prefer_system_dialog`
5902
5903 #### Windows (GPO)
5904 ```
5905 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
5906 ```
5907 #### Windows (Intune)
5908 OMA-URI:
5909 ```
5910 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
5911 ```
5912 Value (string):
5913 ```
5914 <enabled/> or <disabled/>
5915 ```
5916 #### macOS
5917 ```
5918 <dict>
5919 <key>UseSystemPrintDialog</key>
5920 <true/> | <false/>
5921 </dict>
5922 ```
5923 #### policies.json
5924 ```
5925 {
5926 "policies": {
5927 "UseSystemPrintDialog": true | false
5928 }
5929 }
5930 ```
5931 ### WebsiteFilter
5932 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
5933 The arrays are limited to 1000 entries each.
5934
5935 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
5936
5937 For specific protocols, use `https://*/*` or `http://*/*`.
5938
5939 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
5940
5941 **Compatibility:** Firefox 60, Firefox ESR 60\
5942 **CCK2 Equivalent:** N/A\
5943 **Preferences Affected:** N/A
5944
5945 #### Windows (GPO)
5946 ```
5947 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
5948 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
5949 ```
5950 #### Windows (Intune)
5951 OMA-URI:
5952 ```
5953 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
5954 ```
5955 Value (string):
5956 ```
5957 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
5958 ```
5959 OMA-URI:
5960 ```
5961 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
5962 ```
5963 Value (string):
5964 ```
5965 <enabled/>
5966 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
5967 ```
5968 #### macOS
5969 ```
5970 <dict>
5971 <key>WebsiteFilter</key>
5972 <dict>
5973 <key>Block</key>
5974 <array>
5975 <string><all_urls></string>
5976 </array>
5977 <key>Exceptions</key>
5978 <array>
5979 <string>http://example.org/*</string>
5980 </array>
5981 </dict>
5982
5983 </dict>
5984 ```
5985 #### policies.json
5986 ```
5987 {
5988 "policies": {
5989 "WebsiteFilter": {
5990 "Block": ["<all_urls>"],
5991 "Exceptions": ["http://example.org/*"]
5992 }
5993 }
5994 }
5995 ```
5996 ### WindowsSSO
5997 Allow Windows single sign-on for Microsoft, work, and school accounts.
5998
5999 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6000
6001 **Compatibility:** Firefox 91\
6002 **CCK2 Equivalent:** N/A\
6003 **Preferences Affected:** `network.http.windows-sso.enabled`
6004
6005 #### Windows (GPO)
6006 ```
6007 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6008 ```
6009 #### Windows (Intune)
6010 OMA-URI:
6011 ```
6012 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6013 ```
6014 Value (string):
6015 ```
6016 <enabled/> or <disabled/>
6017 ```
6018 #### policies.json
6019 ```
6020 {
6021 "policies": {
6022 "WindowsSSO": true | false
6023 }
6024 }
6025 ```

patrick-canterino.de