]> git.p6c8.net - policy-templates.git/blob - README.md
Add documentation for security.ssl.require_safe_negotiation
[policy-templates.git] / README.md
1 **These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
2
3 **You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
4
5 Official policy documentation has been moved to https://mozilla.github.io/policy-templates/.
6
7 I'm maintaining things in the README.md until we can update links in Firefox.
8
9 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
10
11 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
12
13 ```
14 {
15 "policies": {
16 "Authentication": {
17 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
18 }
19 "Authentication_Comment": "These domains are required for us"
20 }
21 }
22 ```
23
24 | Policy Name | Description
25 | --- | --- |
26 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
27 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
28 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
29 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
30 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
31 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
32 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
33 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
34 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
35 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
36 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
37 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
38 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
39 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
40 | **[`Certificates`](#certificates)** |
41 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
42 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
43 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
44 | **[`Cookies`](#cookies)** | Configure cookie preferences.
45 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
46 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
47 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
48 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
49 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
50 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
51 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
52 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
53 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
54 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
55 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
56 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
57 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
58 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
59 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
60 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
61 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
62 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
63 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
64 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
65 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
66 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
67 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
68 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
69 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
70 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
71 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
72 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
73 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
74 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
75 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
76 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
77 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
78 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
79 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
80 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
81 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
82 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
83 | **[`Handlers`](#handlers)** | Configure default application handlers.
84 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
85 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
86 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
87 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
88 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
89 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
90 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
91 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
92 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
93 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
94 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
95 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
96 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
97 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
98 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
99 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
100 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
101 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
102 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
103 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
104 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
105 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
106 | **[`Preferences`](#preferences)** | Set and lock preferences.
107 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
108 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
109 | **[`Proxy`](#proxy)** | Configure proxy settings.
110 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
111 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
112 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
113 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
114 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
115 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
116 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
117 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
118 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
119 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
120 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
121 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
122 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
123 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
124 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
125 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
126 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
127 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
128 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
129 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
130
131 ### 3rdparty
132
133 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
134
135 For GPO and Intune, the extension developer should provide an ADMX file.
136
137 **Compatibility:** Firefox 68\
138 **CCK2 Equivalent:** N/A\
139 **Preferences Affected:** N/A
140
141 #### macOS
142 ```
143 <dict>
144 <key>3rdparty</key>
145 <dict>
146 <key>Extensions</key>
147 <dict>
148 <key>uBlock0@raymondhill.net</key>
149 <dict>
150 <key>adminSettings</key>
151 <dict>
152 <key>selectedFilterLists</key>
153 <array>
154 <string>ublock-privacy</string>
155 <string>ublock-badware</string>
156 <string>ublock-filters</string>
157 <string>user-filters</string>
158 </array>
159 </dict>
160 </dict>
161 </dict>
162 </dict>
163 </dict>
164 ```
165 #### policies.json
166 ```
167 {
168 "policies": {
169 "3rdparty": {
170 "Extensions": {
171 "uBlock0@raymondhill.net": {
172 "adminSettings": {
173 "selectedFilterLists": [
174 "ublock-privacy",
175 "ublock-badware",
176 "ublock-filters",
177 "user-filters"
178 ]
179 }
180 }
181 }
182 }
183 }
184 }
185 ```
186
187 ### AllowedDomainsForApps
188
189 Define domains allowed to access Google Workspace.
190
191 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
192
193 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
194
195 **Compatibility:** Firefox 89, Firefox ESR 78.11\
196 **CCK2 Equivalent:** N/A\
197 **Preferences Affected:** N/A
198
199 #### Windows (GPO)
200 ```
201 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
202 ```
203 #### Windows (Intune)
204 OMA-URI:
205 ```
206 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
207 ```
208 Value (string):
209 ```
210 <enabled/>
211 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
212 ```
213 #### macOS
214 ```
215 <dict>
216 <key>AllowedDomainsForApps</key>
217 <string>managedfirefox.com,example.com</string>
218 </dict>
219 ```
220 #### policies.json
221 ```
222 {
223 "policies": {
224 "AllowedDomainsForApps": "managedfirefox.com,example.com"
225 }
226 }
227 ```
228 ### AppAutoUpdate
229
230 Enable or disable **automatic** application update.
231
232 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
233
234 If set to false, application updates are downloaded but the user can choose when to install the update.
235
236 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
237
238 **Compatibility:** Firefox 75, Firefox ESR 68.7\
239 **CCK2 Equivalent:** N/A\
240 **Preferences Affected:** `app.update.auto`
241
242 #### Windows (GPO)
243 ```
244 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
245 ```
246 #### Windows (Intune)
247 OMA-URI:
248 ```
249 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
250 ```
251 Value (string):
252 ```
253 <enabled/> or <disabled/>
254 ```
255 #### macOS
256 ```
257 <dict>
258 <key>AppAutoUpdate</key>
259 <true/> | <false/>
260 </dict>
261 ```
262 #### policies.json
263 ```
264 {
265 "policies": {
266 "AppAutoUpdate": true | false
267 }
268 }
269 ```
270 ### AppUpdatePin
271
272 Prevent Firefox from being updated beyond the specified version.
273
274 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
275
276 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
277
278 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
279
280 **Compatibility:** Firefox 102,\
281 **CCK2 Equivalent:** N/A\
282 **Preferences Affected:** N/A
283
284 #### Windows (GPO)
285 ```
286 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
287 ```
288 #### Windows (Intune)
289 OMA-URI:
290 ```
291 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
292 ```
293 Value (string):
294 ```
295 <enabled/>
296 <data id="AppUpdatePin" value="106."/>
297 ```
298 #### macOS
299 ```
300 <dict>
301 <key>AppUpdatePin</key>
302 <string>106.</string>
303 </dict>
304 ```
305 #### policies.json
306 ```
307 {
308 "policies": {
309 "AppUpdatePin": "106."
310 }
311 }
312 ```
313 ### AppUpdateURL
314
315 Change the URL for application update if you are providing Firefox updates from a custom update server.
316
317 **Compatibility:** Firefox 62, Firefox ESR 60.2\
318 **CCK2 Equivalent:** N/A\
319 **Preferences Affected:** `app.update.url`
320
321 #### Windows (GPO)
322 ```
323 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
324 ```
325 #### Windows (Intune)
326 OMA-URI:
327 ```
328 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
329 ```
330 Value (string):
331 ```
332 <enabled/>
333 <data id="AppUpdateURL" value="https://yoursite.com"/>
334 ```
335 #### macOS
336 ```
337 <dict>
338 <key>AppUpdateURL</key>
339 <string>https://yoursite.com</string>
340 </dict>
341 ```
342 #### policies.json
343 ```
344 {
345 "policies": {
346 "AppUpdateURL": "https://yoursite.com"
347 }
348 }
349 ```
350 ### Authentication
351
352 Configure sites that support integrated authentication.
353
354 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
355
356 `PrivateBrowsing` enables integrated authentication in private browsing.
357
358 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
359 **CCK2 Equivalent:** N/A\
360 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
361
362 #### Windows (GPO)
363 ```
364 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
365 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
366 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
367 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
368 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
369 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
370 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
371 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
372 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
373 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
374 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
375 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
376 ```
377 #### Windows (Intune)
378 OMA-URI:
379 ```
380 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
381 ```
382 Value (string):
383 ```
384 <enabled/>
385 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
386 ```
387 OMA-URI:
388 ```
389 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
390 ```
391 Value (string):
392 ```
393 <enabled/>
394 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
395 ```
396 OMA-URI:
397 ```
398 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
399 ```
400 Value (string):
401 ```
402 <enabled/>
403 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
404 ```
405 OMA-URI:
406 ```
407 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
408 ```
409 Value (string):
410 ```
411 <enabled/>
412 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
413 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
414 ```
415 OMA-URI:
416 ```
417 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
418 ```
419 Value (string):
420 ```
421 <enabled/> or <disabled/>
422 ```
423 OMA-URI:
424 ```
425 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
426 ```
427 Value (string):
428 ```
429 <enabled/> or <disabled/>
430 ```
431 #### macOS
432 ```
433 <dict>
434 <key>Authentication</key>
435 <dict>
436 <key>SPNEGO</key>
437 <array>
438 <string>mydomain.com</string>
439 <string>https://myotherdomain.com</string>
440 </array>
441 <key>Delegated</key>
442 <array>
443 <string>mydomain.com</string>
444 <string>https://myotherdomain.com</string>
445 </array>
446 <key>NTLM</key>
447 <array>
448 <string>mydomain.com</string>
449 <string>https://myotherdomain.com</string>
450 </array>
451 <key>AllowNonFQDN</key>
452 <dict>
453 <key>SPNEGO</key>
454 <true/> | <false/>
455 <key>NTLM</key>
456 <true/> | <false/>
457 </dict>
458 <key>AllowProxies</key>
459 <dict>
460 <key>SPNEGO</key>
461 <true/> | <false/>
462 <key>NTLM</key>
463 <true/> | <false/>
464 </dict>
465 <key>Locked</key>
466 <true/> | <false/>
467 <key>PrivateBrowsing</key>
468 <true/> | <false/>
469 </dict>
470 </dict>
471 ```
472 #### policies.json
473 ```
474 {
475 "policies": {
476 "Authentication": {
477 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
478 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
479 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
480 "AllowNonFQDN": {
481 "SPNEGO": true | false,
482 "NTLM": true | false
483 },
484 "AllowProxies": {
485 "SPNEGO": true | false,
486 "NTLM": true | false
487 },
488 "Locked": true | false,
489 "PrivateBrowsing": true | false
490 }
491 }
492 }
493 ```
494 ### AutoLaunchProtocolsFromOrigins
495 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
496
497 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
498
499 The schema is:
500 ```
501 {
502 "items": {
503 "properties": {
504 "allowed_origins": {
505 "items": {
506 "type": "string"
507 },
508 "type": "array"
509 },
510 "protocol": {
511 "type": "string"
512 }
513 },
514 "required": [
515 "protocol",
516 "allowed_origins"
517 ],
518 "type": "object"
519 },
520 "type": "array"
521 }
522 ```
523 **Compatibility:** Firefox 90, Firefox ESR 78.12\
524 **CCK2 Equivalent:** N/A\
525 **Preferences Affected:** N/A
526
527 #### Windows (GPO)
528 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
529 ```
530 [
531 {
532 "protocol": "zoommtg",
533 "allowed_origins": [
534 "https://somesite.zoom.us"
535 ]
536 }
537 ]
538 ```
539 #### Windows (Intune)
540 OMA-URI:
541 ```
542 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
543 ```
544 Value (string):
545 ```
546 <enabled/>
547 <data id="JSON" value='
548 [
549 {
550 "protocol": "zoommtg",
551 "allowed_origins": [
552 "https://somesite.zoom.us"
553 ]
554 }
555 ]'/>
556 ```
557 #### macOS
558 ```
559 <dict>
560 <key>AutoLaunchProtocolsFromOrigins</key>
561 <array>
562 <dict>
563 <key>protocol</key>
564 <string>zoommtg</string>
565 <key>allowed_origins</key>
566 <array>
567 <string>https://somesite.zoom.us</string>
568 </array>
569 </dict>
570 </array>
571 </dict>
572 ```
573 #### policies.json
574 ```
575 {
576 "policies": {
577 "AutoLaunchProtocolsFromOrigins": [{
578 "protocol": "zoommtg",
579 "allowed_origins": [
580 "https://somesite.zoom.us"
581 ]
582 }]
583 }
584 }
585 ```
586 ### BackgroundAppUpdate
587
588 Enable or disable **automatic** application update **in the background**, when the application is not running.
589
590 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
591
592 If set to false, the application will not try to install updates when the application is not running.
593
594 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
595
596 **Compatibility:** Firefox 90 (Windows only)\
597 **CCK2 Equivalent:** N/A\
598 **Preferences Affected:** `app.update.background.enabled`
599
600 #### Windows (GPO)
601 ```
602 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
603 ```
604 #### Windows (Intune)
605 OMA-URI:
606 ```
607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
608 ```
609 Value (string):
610 ```
611 <enabled/> or <disabled/>
612 ```
613 #### macOS
614 ```
615 <dict>
616 <key>BackgroundAppUpdate</key>
617 <true/> | <false/>
618 </dict>
619 ```
620 #### policies.json
621 ```
622 {
623 "policies": {
624 "BackgroundAppUpdate": true | false
625 }
626 }
627 ```
628 ### BlockAboutAddons
629
630 Block access to the Add-ons Manager (about:addons).
631
632 **Compatibility:** Firefox 60, Firefox ESR 60\
633 **CCK2 Equivalent:** `disableAddonsManager`\
634 **Preferences Affected:** N/A
635
636 #### Windows (GPO)
637 ```
638 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
639 ```
640 #### Windows (Intune)
641 OMA-URI:
642 ```
643 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
644 ```
645 Value (string):
646 ```
647 <enabled/> or <disabled/>
648 ```
649 #### macOS
650 ```
651 <dict>
652 <key>BlockAboutAddons</key>
653 <true/> | <false/>
654 </dict>
655 ```
656 #### policies.json
657 ```
658 {
659 "policies": {
660 "BlockAboutAddons": true | false
661 }
662 }
663 ```
664 ### BlockAboutConfig
665
666 Block access to about:config.
667
668 **Compatibility:** Firefox 60, Firefox ESR 60\
669 **CCK2 Equivalent:** `disableAboutConfig`\
670 **Preferences Affected:** N/A
671
672 #### Windows (GPO)
673 ```
674 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
675 ```
676 #### Windows (Intune)
677 OMA-URI:
678 ```
679 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
680 ```
681 Value (string):
682 ```
683 <enabled/> or <disabled/>
684 ```
685 #### macOS
686 ```
687 <dict>
688 <key>BlockAboutConfig</key>
689 <true/> | <false/>
690 </dict>
691 ```
692 #### policies.json
693 ```
694 {
695 "policies": {
696 "BlockAboutConfig": true | false
697 }
698 }
699 ```
700 ### BlockAboutProfiles
701
702 Block access to About Profiles (about:profiles).
703
704 **Compatibility:** Firefox 60, Firefox ESR 60\
705 **CCK2 Equivalent:** `disableAboutProfiles`\
706 **Preferences Affected:** N/A
707
708 #### Windows (GPO)
709 ```
710 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
711 ```
712 #### Windows (Intune)
713 OMA-URI:
714 ```
715 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
716 ```
717 Value (string):
718 ```
719 <enabled/> or <disabled/>
720 ```
721 #### macOS
722 ```
723 <dict>
724 <key>BlockAboutProfiles</key>
725 <true/> | <false/>
726 </dict>
727 ```
728 #### policies.json
729 ```
730 {
731 "policies": {
732 "BlockAboutProfiles": true | false
733 }
734 }
735 ```
736 ### BlockAboutSupport
737
738 Block access to Troubleshooting Information (about:support).
739
740 **Compatibility:** Firefox 60, Firefox ESR 60\
741 **CCK2 Equivalent:** `disableAboutSupport`\
742 **Preferences Affected:** N/A
743
744 #### Windows (GPO)
745 ```
746 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
747 ```
748 #### Windows (Intune)
749 OMA-URI:
750 ```
751 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
752 ```
753 Value (string):
754 ```
755 <enabled/> or <disabled/>
756 ```
757 #### macOS
758 ```
759 <dict>
760 <key>BlockAboutSupport</key>
761 <true/> | <false/>
762 </dict>
763 ```
764 #### policies.json
765 ```
766 {
767 "policies": {
768 "BlockAboutSupport": true | false
769 }
770 }
771 ```
772 ### Bookmarks
773
774 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
775
776 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
777
778 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
779
780 **Compatibility:** Firefox 60, Firefox ESR 60\
781 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
782 **Preferences Affected:** N/A
783
784 #### Windows (GPO)
785 ```
786 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
787 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
788 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
789 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
790 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
791
792 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
793 ```
794 []
795 ```
796
797 ```
798 #### Windows (Intune)
799 OMA-URI:
800 ```
801 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
802 ```
803 Value (string):
804 ```
805 <enabled/>
806 <data id="BookmarkTitle" value="Example"/>
807 <data id="BookmarkURL" value="https://example.com"/>
808 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
809 <data id="BookmarkPlacement" value="toolbar | menu"/>
810 <data id="BookmarkFolder" value="FolderName"/>
811 ```
812 OMA-URI:
813 ```
814 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
815 ```
816 Value (string):
817 ```
818 <enabled/>
819 <data id="JSON" value='[]'/>
820 ```
821 #### macOS
822 ```
823 <dict>
824 <key>Bookmarks</key>
825 <array>
826 <dict>
827 <key>Title</key>
828 <string>Example</string>
829 <key>URL</key>
830 <string>https://example.com</string>
831 <key>Favicon</key>
832 <string>https://example.com/favicon.ico</string>
833 <key>Placement</key>
834 <string>toolbar | menu</string>
835 <key>Folder</key>
836 <string>FolderName</string>
837 </dict>
838 </array>
839 </dict>
840 ```
841 #### policies.json
842 ```
843 {
844 "policies": {
845 "Bookmarks": [
846 {
847 "Title": "Example",
848 "URL": "https://example.com",
849 "Favicon": "https://example.com/favicon.ico",
850 "Placement": "toolbar" | "menu",
851 "Folder": "FolderName"
852 }
853 ]
854 }
855 }
856 ```
857 ### CaptivePortal
858 Enable or disable the detection of captive portals.
859
860 **Compatibility:** Firefox 67, Firefox ESR 60.7\
861 **CCK2 Equivalent:** N/A\
862 **Preferences Affected:** `network.captive-portal-service.enabled`
863
864 #### Windows (GPO)
865 ```
866 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
867 ```
868 #### Windows (Intune)
869 OMA-URI:
870 ```
871 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
872 ```
873 Value (string):
874 ```
875 <enabled/> or <disabled/>
876 ```
877 #### macOS
878 ```
879 <dict>
880 <key>CaptivePortal</key>
881 <true/> | <false/>
882 </dict>
883 ```
884 #### policies.json
885 ```
886 {
887 "policies": {
888 "CaptivePortal": true | false
889 }
890 }
891 ```
892 ### Certificates
893
894 ### Certificates | ImportEnterpriseRoots
895
896 Trust certificates that have been added to the operating system certificate store by a user or administrator.
897
898 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
899
900 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
901
902 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
903 **CCK2 Equivalent:** N/A\
904 **Preferences Affected:** `security.enterprise_roots.enabled`
905
906 #### Windows (GPO)
907 ```
908 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
909 ```
910 #### Windows (Intune)
911 OMA-URI:
912 ```
913 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
914 ```
915 Value (string):
916 ```
917 <enabled/> or <disabled/>
918 ```
919 #### macOS
920 ```
921 <dict>
922 <key>Certificates</key>
923 <dict>
924 <key>ImportEnterpriseRoots</key>
925 <true/> | <false/>
926 </dict>
927 </dict>
928 ```
929 #### policies.json
930 ```
931 {
932 "policies": {
933 "Certificates": {
934 "ImportEnterpriseRoots": true | false
935 }
936 }
937 }
938 ```
939 ### Certificates | Install
940
941 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
942
943 - Windows
944 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
945 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
946 - macOS
947 - /Library/Application Support/Mozilla/Certificates
948 - ~/Library/Application Support/Mozilla/Certificates
949 - Linux
950 - /usr/lib/mozilla/certificates
951 - /usr/lib64/mozilla/certificates
952 - ~/.mozilla/certificates
953
954 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
955
956 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
957
958 Certificates are installed using the trust string `CT,CT,`.
959
960 Binary (DER) and ASCII (PEM) certificates are both supported.
961
962 **Compatibility:** Firefox 64, Firefox ESR 64\
963 **CCK2 Equivalent:** `certs.ca`\
964 **Preferences Affected:** N/A
965
966 #### Windows (GPO)
967 ```
968 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
969 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
970 ```
971 #### Windows (Intune)
972 OMA-URI:
973 ```
974 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
975 ```
976 Value (string):
977 ```
978 <enabled/>
979 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
980 ```
981 #### macOS
982 ```
983 <dict>
984 <key>Certificates</key>
985 <dict>
986 <key>Install</key>
987 <array>
988 <string>cert1.der</string>
989 <string>/Users/username/cert2.pem</string>
990 </array>
991 </dict>
992 </dict>
993 ```
994 #### policies.json
995 ```
996 {
997 "policies": {
998 "Certificates": {
999 "Install": ["cert1.der", "/home/username/cert2.pem"]
1000 }
1001 }
1002 }
1003 ```
1004 ### Containers
1005 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1006
1007 Currently you can set the initial set of containers.
1008
1009 For each container, you can specify the name, icon, and color.
1010
1011 | Name | Description |
1012 | --- | --- |
1013 | `name`| Name of container
1014 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1015 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1016
1017 **Compatibility:** Firefox 113\
1018 **CCK2 Equivalent:** N/A\
1019 **Preferences Affected:** N/A
1020
1021 #### Windows (GPO)
1022 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1023 ```
1024 {
1025 "Default": [
1026 {
1027 "name": "My container",
1028 "icon": "pet",
1029 "color": "turquoise"
1030 }
1031 ]
1032 }
1033 ```
1034 #### Windows (Intune)
1035 OMA-URI:
1036 ```
1037 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1038 ```
1039 Value (string):
1040 ```
1041 <enabled/>
1042 <data id="JSON" value='
1043 {
1044 "Default": [
1045 {
1046 "name": "My container",
1047 "icon": "pet",
1048 "color": "turquoise"
1049 }
1050 ]
1051 }
1052 '/>
1053 ```
1054 #### macOS
1055 ```
1056 <dict>
1057 <key>Default</key>
1058 <dict>
1059 <key>Containers</key>
1060 <array>
1061 <dict>
1062 <key>name</key>
1063 <string>My container</string>
1064 <key>icon</key>
1065 <string>pet</string>
1066 <key>color</key>
1067 <string>turquoise</string>
1068 </dict>
1069 </array>
1070 </dict>
1071 </dict>
1072 ```
1073 #### policies.json
1074 ```
1075 {
1076 "policies": {
1077 "Containers": {
1078 "Default": [
1079 {
1080 "name": "My container",
1081 "icon": "pet",
1082 "color": "turquoise"
1083 }
1084 ]
1085 }
1086 }
1087 }
1088 ```
1089 ### Cookies
1090 Configure cookie preferences.
1091
1092 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1093
1094 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1095
1096 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1097
1098 `Behavior` sets the default behavior for cookies based on the values below.
1099
1100 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1101
1102 | Value | Description
1103 | --- | --- |
1104 | accept | Accept all cookies
1105 | reject-foreign | Reject third party cookies
1106 | reject | Reject all cookies
1107 | limit-foreign | Reject third party cookies for sites you haven't visited
1108 | reject-tracker | Reject cookies for known trackers (default)
1109 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1110
1111 `ExpireAtSessionEnd` determines when cookies expire.
1112
1113 `Locked` prevents the user from changing cookie preferences.
1114
1115 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1116 **CCK2 Equivalent:** N/A\
1117 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1118
1119 #### Windows (GPO)
1120 ```
1121 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1122 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1123 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1124 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1125 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1126 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1127 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1128 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1129 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1130 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1131 ```
1132 #### Windows (Intune)
1133 OMA-URI:
1134 ```
1135 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1136 ```
1137 Value (string):
1138 ```
1139 <enabled/>
1140 <data id="Permissions" value="1&#xF000;https://example.com"/>
1141 ```
1142 OMA-URI:
1143 ```
1144 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1145 ```
1146 Value (string):
1147 ```
1148 <enabled/>
1149 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1150 ```
1151 OMA-URI:
1152 ```
1153 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1154 ```
1155 Value (string):
1156 ```
1157 <enabled/>
1158 <data id="Permissions" value="1&#xF000;https://example.org"/>
1159 ```
1160 OMA-URI:
1161 ```
1162 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1163 ```
1164 Value (string):
1165 ```
1166 <enabled/> or <disabled/>
1167 ```
1168 OMA-URI:
1169 ```
1170 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1171 ```
1172 Value (string):
1173 ```
1174 <enabled/>
1175 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1176 ```
1177 OMA-URI:
1178 ```
1179 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1180 ```
1181 Value (string):
1182 ```
1183 <enabled/> or <disabled/>
1184 ```
1185 OMA-URI:
1186 ```
1187 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1188 ```
1189 Value (string):
1190 ```
1191 <enabled/> or <disabled/>
1192 ```
1193 OMA-URI:
1194 ```
1195 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1196 ```
1197 Value (string):
1198 ```
1199 <enabled/> or <disabled/>
1200 ```
1201 OMA-URI:
1202 ```
1203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1204 ```
1205 Value (string):
1206 ```
1207 <enabled/>
1208 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1209 ```
1210 OMA-URI:
1211 ```
1212 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1213 ```
1214 Value (string):
1215 ```
1216 <enabled/>
1217 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1218 ```
1219 #### macOS
1220 ```
1221 <dict>
1222 <key>Cookies</key>
1223 <dict>
1224 <key>Allow</key>
1225 <array>
1226 <string>http://example.com</string>
1227 </array>
1228 <key>AllowSession</key>
1229 <array>
1230 <string>http://example.edu</string>
1231 </array>
1232 <key>Block</key>
1233 <array>
1234 <string>http://example.org</string>
1235 </array>
1236 <key>Default</key>
1237 <true/> | <false/>
1238 <key>AcceptThirdParty</key>
1239 <string>always | never | from-visited</string>
1240 <key>ExpireAtSessionEnd</key>
1241 <true/> | <false/>
1242 <key>RejectTracker</key>
1243 <true/> | <false/>
1244 <key>Locked</key>
1245 <true/> | <false/>
1246 <key>Behavior</key>
1247 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1248 <key>BehaviorPrivateBrowsing</key>
1249 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1250 </dict>
1251 </dict>
1252 ```
1253 #### policies.json
1254 ```
1255 {
1256 "policies": {
1257 "Cookies": {
1258 "Allow": ["http://example.org/"],
1259 "AllowSession": ["http://example.edu/"],
1260 "Block": ["http://example.edu/"],
1261 "Default": true | false,
1262 "AcceptThirdParty": "always" | "never" | "from-visited",
1263 "ExpireAtSessionEnd": true | false,
1264 "RejectTracker": true | false,
1265 "Locked": true | false,
1266 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1267 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1268 }
1269 }
1270 }
1271 ```
1272 ### DefaultDownloadDirectory
1273 Set the default download directory.
1274
1275 You can use ${home} for the native home directory.
1276
1277 **Compatibility:** Firefox 68, Firefox ESR 68\
1278 **CCK2 Equivalent:** N/A\
1279 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1280
1281 #### Windows (GPO)
1282 ```
1283 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1284 ```
1285 #### Windows (Intune)
1286 OMA-URI:
1287 ```
1288 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1289 ```
1290 Value (string):
1291 ```
1292 <enabled/>
1293 <data id="Preferences_String" value="${home}\Downloads"/>
1294 ```
1295 #### macOS
1296 ```
1297 <dict>
1298 <key>DefaultDownloadDirectory</key>
1299 <string>${home}/Downloads</string>
1300 </dict>
1301 ```
1302 #### policies.json (macOS and Linux)
1303 ```
1304 {
1305 "policies": {
1306 "DefaultDownloadDirectory": "${home}/Downloads"
1307 }
1308 }
1309 ```
1310 #### policies.json (Windows)
1311 ```
1312 {
1313 "policies": {
1314 "DefaultDownloadDirectory": "${home}\\Downloads"
1315 }
1316 }
1317 ```
1318 ### DisableAppUpdate
1319 Turn off application updates within Firefox.
1320
1321 **Compatibility:** Firefox 60, Firefox ESR 60\
1322 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1323 **Preferences Affected:** N/A
1324
1325 #### Windows (GPO)
1326 ```
1327 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1328 ```
1329 #### Windows (Intune)
1330 OMA-URI:
1331 ```
1332 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1333 ```
1334 Value (string):
1335 ```
1336 <enabled/> or <disabled/>
1337 ```
1338 #### macOS
1339 ```
1340 <dict>
1341 <key>DisableAppUpdate</key>
1342 <true/> | <false/>
1343 </dict>
1344 ```
1345 #### policies.json
1346 ```
1347 {
1348 "policies": {
1349 "DisableAppUpdate": true | false
1350 }
1351 }
1352 ```
1353 ### DisableBuiltinPDFViewer
1354 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1355
1356 **Compatibility:** Firefox 60, Firefox ESR 60\
1357 **CCK2 Equivalent:** `disablePDFjs`\
1358 **Preferences Affected:** `pdfjs.disabled`
1359
1360 #### Windows (GPO)
1361 ```
1362 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1363 ```
1364 #### Windows (Intune)
1365 OMA-URI:
1366 ```
1367 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1368 ```
1369 Value (string):
1370 ```
1371 <enabled/> or <disabled/>
1372 ```
1373 #### macOS
1374 ```
1375 <dict>
1376 <key>DisableBuiltinPDFViewer</key>
1377 <true/> | <false/>
1378 </dict>
1379 ```
1380 #### policies.json
1381 ```
1382 {
1383 "policies": {
1384 "DisableBuiltinPDFViewer": true | false
1385 }
1386 }
1387 ```
1388 ### DisabledCiphers
1389 Disable specific cryptographic ciphers, listed below.
1390
1391 ```
1392 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1393 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1394 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1395 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1396 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1397 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1398 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1399 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1400 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1401 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1402 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1403 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1404 TLS_RSA_WITH_AES_128_GCM_SHA256
1405 TLS_RSA_WITH_AES_256_GCM_SHA384
1406 TLS_RSA_WITH_AES_128_CBC_SHA
1407 TLS_RSA_WITH_AES_256_CBC_SHA
1408 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1409 ```
1410
1411 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1412
1413 ---
1414 **Note:**
1415
1416 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1417
1418 ---
1419 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1420 **CCK2 Equivalent:** N/A\
1421 **Preferences Affected:** N/A
1422
1423 #### Windows (GPO)
1424 ```
1425 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1426 ```
1427 #### Windows (Intune)
1428 OMA-URI:
1429 ```
1430 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1431
1432 ```
1433 Value (string):
1434 ```
1435 <enabled/> or <disabled/>
1436 ```
1437 #### macOS
1438 ```
1439 <dict>
1440 <key>DisabledCiphers</key>
1441 <dict>
1442 <key>CIPHER_NAME</key>
1443 <true/> | <false/>
1444 </dict>
1445 </dict>
1446 ```
1447 #### policies.json
1448 ```
1449 {
1450 "policies": {
1451 "DisabledCiphers": {
1452 "CIPHER_NAME": true | false,
1453 }
1454 }
1455 }
1456 ```
1457 ### DisableDefaultBrowserAgent
1458 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1459
1460 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1461
1462 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1463 **CCK2 Equivalent:** N/A\
1464 **Preferences Affected:** N/A
1465
1466 #### Windows (GPO)
1467 ```
1468 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1469 ```
1470 #### Windows (Intune)
1471 OMA-URI:
1472 ```
1473 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1474 ```
1475 Value (string):
1476 ```
1477 <enabled/> or <disabled/>
1478 ```
1479 #### policies.json
1480 ```
1481 {
1482 "policies": {
1483 "DisableDefaultBrowserAgent": true | false
1484 }
1485 }
1486 ```
1487 ### DisableDeveloperTools
1488 Remove access to all developer tools.
1489
1490 **Compatibility:** Firefox 60, Firefox ESR 60\
1491 **CCK2 Equivalent:** `removeDeveloperTools`\
1492 **Preferences Affected:** `devtools.policy.disabled`
1493
1494 #### Windows (GPO)
1495 ```
1496 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1497 ```
1498 #### Windows (Intune)
1499 OMA-URI:
1500 ```
1501 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1502 ```
1503 Value (string):
1504 ```
1505 <enabled/> or <disabled/>
1506 ```
1507 #### macOS
1508 ```
1509 <dict>
1510 <key>DisableDeveloperTools</key>
1511 <true/> | <false/>
1512 </dict>
1513 ```
1514 #### policies.json
1515 ```
1516 {
1517 "policies": {
1518 "DisableDeveloperTools": true | false
1519 }
1520 }
1521 ```
1522 ### DisableFeedbackCommands
1523 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1524
1525 **Compatibility:** Firefox 60, Firefox ESR 60\
1526 **CCK2 Equivalent:** N/A\
1527 **Preferences Affected:** N/A
1528
1529 #### Windows (GPO)
1530 ```
1531 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1532 ```
1533 #### Windows (Intune)
1534 OMA-URI:
1535 ```
1536 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1537 ```
1538 Value (string):
1539 ```
1540 <enabled/> or <disabled/>
1541 ```
1542 #### macOS
1543 ```
1544 <dict>
1545 <key>DisableFeedbackCommands</key>
1546 <true/> | <false/>
1547 </dict>
1548 ```
1549 #### policies.json
1550 ```
1551 {
1552 "policies": {
1553 "DisableFeedbackCommands": true | false
1554 }
1555 }
1556 ```
1557 ### DisableFirefoxAccounts
1558 Disable Firefox Accounts integration (Sync).
1559
1560 **Compatibility:** Firefox 60, Firefox ESR 60\
1561 **CCK2 Equivalent:** `disableSync`\
1562 **Preferences Affected:** `identity.fxaccounts.enabled`
1563
1564 #### Windows (GPO)
1565 ```
1566 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1567 ```
1568 #### Windows (Intune)
1569 OMA-URI:
1570 ```
1571 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1572 ```
1573 Value (string):
1574 ```
1575 <enabled/> or <disabled/>
1576 ```
1577 #### macOS
1578 ```
1579 <dict>
1580 <key>DisableFirefoxAccounts</key>
1581 <true/> | <false/>
1582 </dict>
1583 ```
1584 #### policies.json
1585 ```
1586 {
1587 "policies": {
1588 "DisableFirefoxAccounts": true | false
1589 }
1590 }
1591 ```
1592 ### DisableFirefoxScreenshots
1593 Remove access to Firefox Screenshots.
1594
1595 **Compatibility:** Firefox 60, Firefox ESR 60\
1596 **CCK2 Equivalent:** N/A\
1597 **Preferences Affected:** `extensions.screenshots.disabled`
1598
1599 #### Windows (GPO)
1600 ```
1601 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1602 ```
1603 #### Windows (Intune)
1604 OMA-URI:
1605 ```
1606 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1607 ```
1608 Value (string):
1609 ```
1610 <enabled/> or <disabled/>
1611 ```
1612 #### macOS
1613 ```
1614 <dict>
1615 <key>DisableFirefoxScreenshots</key>
1616 <true/> | <false/>
1617 </dict>
1618 ```
1619 #### policies.json
1620 ```
1621 {
1622 "policies": {
1623 "DisableFirefoxScreenshots": true | false
1624 }
1625 }
1626 ```
1627 ### DisableFirefoxStudies
1628 Disable Firefox studies (Shield).
1629
1630 **Compatibility:** Firefox 60, Firefox ESR 60\
1631 **CCK2 Equivalent:** N/A\
1632 **Preferences Affected:** N/A
1633
1634 #### Windows (GPO)
1635 ```
1636 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1637 ```
1638 #### Windows (Intune)
1639 OMA-URI:
1640 ```
1641 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1642 ```
1643 Value (string):
1644 ```
1645 <enabled/> or <disabled/>
1646 ```
1647 #### macOS
1648 ```
1649 <dict>
1650 <key>DisableFirefoxStudies</key>
1651 <true/> | <false/>
1652 </dict>
1653 ```
1654 #### policies.json
1655 ```
1656 {
1657 "policies": {
1658 "DisableFirefoxStudies": true | false
1659 }
1660 }
1661 ```
1662 ### DisableForgetButton
1663 Disable the "Forget" button.
1664
1665 **Compatibility:** Firefox 60, Firefox ESR 60\
1666 **CCK2 Equivalent:** `disableForget`\
1667 **Preferences Affected:** N/A
1668
1669 #### Windows (GPO)
1670 ```
1671 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1672 ```
1673 #### Windows (Intune)
1674 OMA-URI:
1675 ```
1676 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1677 ```
1678 Value (string):
1679 ```
1680 <enabled/> or <disabled/>
1681 ```
1682 #### macOS
1683 ```
1684 <dict>
1685 <key>DisableForgetButton</key>
1686 <true/> | <false/>
1687 </dict>
1688 ```
1689 #### policies.json
1690 ```
1691 {
1692 "policies": {
1693 "DisableForgetButton": true | false
1694 }
1695 }
1696 ```
1697 ### DisableFormHistory
1698 Turn off saving information on web forms and the search bar.
1699
1700 **Compatibility:** Firefox 60, Firefox ESR 60\
1701 **CCK2 Equivalent:** `disableFormFill`\
1702 **Preferences Affected:** `browser.formfill.enable`
1703
1704 #### Windows (GPO)
1705 ```
1706 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1707 ```
1708 #### Windows (Intune)
1709 OMA-URI:
1710 ```
1711 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1712 ```
1713 Value (string):
1714 ```
1715 <enabled/> or <disabled/>
1716 ```
1717 #### macOS
1718 ```
1719 <dict>
1720 <key>DisableFormHistory</key>
1721 <true/> | <false/>
1722 </dict>
1723 ```
1724 #### policies.json
1725 ```
1726 {
1727 "policies": {
1728 "DisableFormHistory": true | false
1729 }
1730 }
1731 ```
1732 ### DisableMasterPasswordCreation
1733 Remove the master password functionality.
1734
1735 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1736
1737 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1738
1739 **Compatibility:** Firefox 60, Firefox ESR 60\
1740 **CCK2 Equivalent:** `noMasterPassword`\
1741 **Preferences Affected:** N/A
1742
1743 #### Windows (GPO)
1744 ```
1745 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1746 ```
1747 #### Windows (Intune)
1748 OMA-URI:
1749 ```
1750 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1751 ```
1752 Value (string):
1753 ```
1754 <enabled/> or <disabled/>
1755 ```
1756 #### macOS
1757 ```
1758 <dict>
1759 <key>DisableMasterPasswordCreation</key>
1760 <true/> | <false/>
1761 </dict>
1762 ```
1763 #### policies.json
1764 ```
1765 {
1766 "policies": {
1767 "DisableMasterPasswordCreation": true | false
1768 }
1769 }
1770 ```
1771 ### DisablePasswordReveal
1772 Do not allow passwords to be shown in saved logins
1773
1774 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1775 **CCK2 Equivalent:** N/A
1776 **Preferences Affected:** N/A
1777
1778 #### Windows (GPO)
1779 ```
1780 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1781 ```
1782 #### Windows (Intune)
1783 OMA-URI:
1784 ```
1785 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1786 ```
1787 Value (string):
1788 ```
1789 <enabled/> or <disabled/>
1790 ```
1791 #### macOS
1792 ```
1793 <dict>
1794 <key>DisablePasswordReveal</key>
1795 <true/> | <false/>
1796 </dict>
1797 ```
1798 #### policies.json
1799 ```
1800 {
1801 "policies": {
1802 "DisablePasswordReveal": true | false
1803 }
1804 }
1805 ```
1806 ### DisablePocket
1807 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1808
1809 **Compatibility:** Firefox 60, Firefox ESR 60\
1810 **CCK2 Equivalent:** `disablePocket`\
1811 **Preferences Affected:** `extensions.pocket.enabled`
1812
1813 #### Windows (GPO)
1814 ```
1815 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1816 ```
1817 #### Windows (Intune)
1818 OMA-URI:
1819 ```
1820 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1821 ```
1822 Value (string):
1823 ```
1824 <enabled/> or <disabled/>
1825 ```
1826 #### macOS
1827 ```
1828 <dict>
1829 <key>DisablePocket</key>
1830 <true/> | <false/>
1831 </dict>
1832 ```
1833 #### policies.json
1834 ```
1835 {
1836 "policies": {
1837 "DisablePocket": true | false
1838 }
1839 }
1840 ```
1841 ### DisablePrivateBrowsing
1842 Remove access to private browsing.
1843
1844 **Compatibility:** Firefox 60, Firefox ESR 60\
1845 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1846 **Preferences Affected:** N/A
1847
1848 #### Windows (GPO)
1849 ```
1850 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1851 ```
1852 #### Windows (Intune)
1853 OMA-URI:
1854 ```
1855 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1856 ```
1857 Value (string):
1858 ```
1859 <enabled/> or <disabled/>
1860 ```
1861 #### macOS
1862 ```
1863 <dict>
1864 <key>DisablePrivateBrowsing</key>
1865 <true/> | <false/>
1866 </dict>
1867 ```
1868 #### policies.json
1869 ```
1870 {
1871 "policies": {
1872 "DisablePrivateBrowsing": true | false
1873 }
1874 }
1875 ```
1876 ### DisableProfileImport
1877 Disables the "Import data from another browser" option in the bookmarks window.
1878
1879 **Compatibility:** Firefox 60, Firefox ESR 60\
1880 **CCK2 Equivalent:** N/A\
1881 **Preferences Affected:** N/A
1882
1883 #### Windows (GPO)
1884 ```
1885 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1886 ```
1887 #### Windows (Intune)
1888 OMA-URI:
1889 ```
1890 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1891 ```
1892 Value (string):
1893 ```
1894 <enabled/> or <disabled/>
1895 ```
1896 #### macOS
1897 ```
1898 <dict>
1899 <key>DisableProfileImport</key>
1900 <true/> | <false/>
1901 </dict>
1902 ```
1903 #### policies.json
1904 ```
1905 {
1906 "policies": {
1907 "DisableProfileImport": true | false
1908 }
1909 }
1910 ```
1911 ### DisableProfileRefresh
1912 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1913
1914 **Compatibility:** Firefox 60, Firefox ESR 60\
1915 **CCK2 Equivalent:** `disableResetFirefox`\
1916 **Preferences Affected:** `browser.disableResetPrompt`
1917
1918 #### Windows (GPO)
1919 ```
1920 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1921 ```
1922 #### Windows (Intune)
1923 OMA-URI:
1924 ```
1925 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1926 ```
1927 Value (string):
1928 ```
1929 <enabled/> or <disabled/>
1930 ```
1931 #### macOS
1932 ```
1933 <dict>
1934 <key>DisableProfileRefresh</key>
1935 <true/> | <false/>
1936 </dict>
1937 ```
1938 #### policies.json
1939 ```
1940 {
1941 "policies": {
1942 "DisableProfileRefresh": true | false
1943 }
1944 }
1945 ```
1946 ### DisableSafeMode
1947 Disable safe mode within the browser.
1948
1949 On Windows, this disables safe mode via the command line as well.
1950
1951 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1952 **CCK2 Equivalent:** `disableSafeMode`\
1953 **Preferences Affected:** N/A
1954
1955 #### Windows (GPO)
1956 ```
1957 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1958 ```
1959 #### Windows (Intune)
1960 OMA-URI:
1961 ```
1962 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1963 ```
1964 Value (string):
1965 ```
1966 <enabled/> or <disabled/>
1967 ```
1968 #### macOS
1969 ```
1970 <dict>
1971 <key>DisableSafeMode</key>
1972 <true/> | <false/>
1973 </dict>
1974 ```
1975 #### policies.json
1976 ```
1977 {
1978 "policies": {
1979 "DisableSafeMode": true | false
1980 }
1981 }
1982 ```
1983 ### DisableSecurityBypass
1984 Prevent the user from bypassing security in certain cases.
1985
1986 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1987
1988 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1989
1990 **Compatibility:** Firefox 60, Firefox ESR 60\
1991 **CCK2 Equivalent:** N/A\
1992 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
1993
1994 #### Windows (GPO)
1995 ```
1996 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
1997 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
1998 ```
1999 #### Windows (Intune)
2000 OMA-URI:
2001 ```
2002 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2003 ```
2004 Value (string):
2005 ```
2006 <enabled/> or <disabled/>
2007 ```
2008 OMA-URI:
2009 ```
2010 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2011 ```
2012 Value (string):
2013 ```
2014 <enabled/> or <disabled/>
2015 ```
2016
2017 #### macOS
2018 ```
2019 <dict>
2020 <key>DisableSecurityBypass</key>
2021 <dict>
2022 <key>InvalidCertificate</key>
2023 <true/> | <false/>
2024 <key>SafeBrowsing</key>
2025 <true/> | <false/>
2026 </dict>
2027 </dict>
2028 ```
2029 #### policies.json
2030 ```
2031 {
2032 "policies": {
2033 "DisableSecurityBypass": {
2034 "InvalidCertificate": true | false,
2035 "SafeBrowsing": true | false
2036 }
2037 }
2038 }
2039 ```
2040 ### DisableSetDesktopBackground
2041 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2042
2043 **Compatibility:** Firefox 60, Firefox ESR 60\
2044 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2045 **Preferences Affected:** N/A
2046
2047 #### Windows (GPO)
2048 ```
2049 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2050 ```
2051 #### Windows (Intune)
2052 OMA-URI:
2053 ```
2054 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2055 ```
2056 Value (string):
2057 ```
2058 <enabled/> or <disabled/>
2059 ```
2060 #### macOS
2061 ```
2062 <dict>
2063 <key>DisableSetDesktopBackground</key>
2064 <true/> | <false/>
2065 </dict>
2066 ```
2067 #### policies.json
2068 ```
2069 {
2070 "policies": {
2071 "DisableSetDesktopBackground": true | false
2072 }
2073 }
2074 ```
2075 ### DisableSystemAddonUpdate
2076 Prevent system add-ons from being installed or updated.
2077
2078 **Compatibility:** Firefox 60, Firefox ESR 60\
2079 **CCK2 Equivalent:** N/A\
2080 **Preferences Affected:** N/A
2081
2082 #### Windows (GPO)
2083 ```
2084 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2085 ```
2086 #### Windows (Intune)
2087 OMA-URI:
2088 ```
2089 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2090 ```
2091 Value (string):
2092 ```
2093 <enabled/> or <disabled/>
2094 ```
2095 #### macOS
2096 ```
2097 <dict>
2098 <key>DisableSystemAddonUpdate</key>
2099 <true/> | <false/>
2100 </dict>
2101 ```
2102 #### policies.json
2103 ```
2104 {
2105 "policies": {
2106 "DisableSystemAddonUpdate": true | false
2107 }
2108 }
2109 ```
2110 ### DisableTelemetry
2111 Prevent the upload of telemetry data.
2112
2113 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2114
2115 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2116
2117 **Compatibility:** Firefox 60, Firefox ESR 60\
2118 **CCK2 Equivalent:** `disableTelemetry`\
2119 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2120
2121 #### Windows (GPO)
2122 ```
2123 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2124 ```
2125 #### Windows (Intune)
2126 OMA-URI:
2127 ```
2128 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2129 ```
2130 Value (string):
2131 ```
2132 <enabled/> or <disabled/>
2133 ```
2134 #### macOS
2135 ```
2136 <dict>
2137 <key>DisableTelemetry</key>
2138 <true/> | <false/>
2139 </dict>
2140 ```
2141 #### policies.json
2142 ```
2143 {
2144 "policies": {
2145 "DisableTelemetry": true | false
2146 }
2147 }
2148 ```
2149 ### DisableThirdPartyModuleBlocking
2150 Do not allow blocking third-party modules from the `about:third-party` page.
2151
2152 This policy only works on Windows through GPO (not policies.json).
2153
2154 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2155 **CCK2 Equivalent:** N/A\
2156 **Preferences Affected:** N/A
2157
2158 #### Windows (GPO)
2159 ```
2160 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2161 ```
2162 #### Windows (Intune)
2163 OMA-URI:
2164 ```
2165 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2166 ```
2167 Value (string):
2168 ```
2169 <enabled/> or <disabled/>
2170 ```
2171 ### DisplayBookmarksToolbar
2172 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2173
2174 `always` means the bookmarks toolbar is always shown.
2175
2176 `never` means the bookmarks toolbar is not shown.
2177
2178 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2179
2180 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2181 **CCK2 Equivalent:** N/A\
2182 **Preferences Affected:** N/A
2183
2184 #### Windows (GPO)
2185 ```
2186 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2187 ```
2188 #### Windows (Intune)
2189 OMA-URI:
2190 ```
2191 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2192 ```
2193 Value (string):
2194 ```
2195 <enabled/>
2196 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2197 ```
2198 #### macOS
2199 ```
2200 <dict>
2201 <key>DisplayBookmarksToolbar</key>
2202 <string>always | never | newtab</string>
2203 </dict>
2204 ```
2205 #### policies.json
2206 ```
2207 {
2208 "policies": {
2209 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2210 }
2211 }
2212 ```
2213 ### DisplayMenuBar
2214 Set the state of the menubar.
2215
2216 `always` means the menubar is shown and cannot be hidden.
2217
2218 `never` means the menubar is hidden and cannot be shown.
2219
2220 `default-on` means the menubar is on by default but can be hidden.
2221
2222 `default-off` means the menubar is off by default but can be shown.
2223
2224 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2225 **CCK2 Equivalent:** `displayMenuBar`\
2226 **Preferences Affected:** N/A
2227
2228 #### Windows (GPO)
2229 ```
2230 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2231 ```
2232 #### Windows (Intune)
2233 OMA-URI:
2234 ```
2235 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2236 ```
2237 Value (string):
2238 ```
2239 <enabled/>
2240 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2241 ```
2242 #### macOS
2243 ```
2244 <dict>
2245 <key>DisplayMenuBar</key>
2246 <string>always | never | default-on | default-off</string>
2247 </dict>
2248 ```
2249 #### policies.json
2250 ```
2251 {
2252 "policies": {
2253 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2254 }
2255 }
2256 ```
2257 ### DNSOverHTTPS
2258 Configure DNS over HTTPS.
2259
2260 `Enabled` determines whether DNS over HTTPS is enabled
2261
2262 `ProviderURL` is a URL to another provider.
2263
2264 `Locked` prevents the user from changing DNS over HTTPS preferences.
2265
2266 `ExcludedDomains` excludes domains from DNS over HTTPS.
2267
2268 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
2269 **CCK2 Equivalent:** N/A\
2270 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2271
2272 #### Windows (GPO)
2273 ```
2274 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2275 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2276 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2277 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2278 ```
2279 #### Windows (Intune)
2280 OMA-URI:
2281 ```
2282 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2283 ```
2284 Value (string):
2285 ```
2286 <enabled/> or <disabled/>
2287 ```
2288 OMA-URI:
2289 ```
2290 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2291 ```
2292 Value (string):
2293 ```
2294 <enabled/>
2295 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2296 ```
2297 OMA-URI:
2298 ```
2299 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2300 ```
2301 Value (string):
2302 ```
2303 <enabled/> or <disabled/>
2304 ```
2305 OMA-URI:
2306 ```
2307 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2308 ```
2309 Value (string):
2310 ```
2311 <enabled/>
2312 <data id="List" value="1&#xF000;example.com"/>
2313 ```
2314 #### macOS
2315 ```
2316 <dict>
2317 <key>DNSOverHTTPS</key>
2318 <dict>
2319 <key>Enabled</key>
2320 <true/> | <false/>
2321 <key>ProviderURL</key>
2322 <string>URL_TO_ALTERNATE_PROVIDER</string>
2323 <key>Locked</key>
2324 <true/> | <false/>
2325 <key>ExcludedDomains</key>
2326 <array>
2327 <string>example.com</string>
2328 </array>
2329 </dict>
2330 </dict>
2331 ```
2332 #### policies.json
2333 ```
2334 {
2335 "policies": {
2336 "DNSOverHTTPS": {
2337 "Enabled": true | false,
2338 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2339 "Locked": true | false,
2340 "ExcludedDomains": ["example.com"]
2341 }
2342 }
2343 }
2344 ```
2345 ### DontCheckDefaultBrowser
2346 Don't check if Firefox is the default browser at startup.
2347
2348 **Compatibility:** Firefox 60, Firefox ESR 60\
2349 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2350 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2351
2352 #### Windows (GPO)
2353 ```
2354 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2355 ```
2356 #### Windows (Intune)
2357 OMA-URI:
2358 ```
2359 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2360 ```
2361 Value (string):
2362 ```
2363 <enabled/> or <disabled/>
2364 ```
2365 #### macOS
2366 ```
2367 <dict>
2368 <key>DontCheckDefaultBrowser</key>
2369 <true/> | <false/>
2370 </dict>
2371 ```
2372 #### policies.json
2373 ```
2374 {
2375 "policies": {
2376 "DontCheckDefaultBrowser": true | false
2377 }
2378 }
2379 ```
2380 ### DownloadDirectory
2381 Set and lock the download directory.
2382
2383 You can use ${home} for the native home directory.
2384
2385 **Compatibility:** Firefox 68, Firefox ESR 68\
2386 **CCK2 Equivalent:** N/A\
2387 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2388
2389 #### Windows (GPO)
2390 ```
2391 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2392 ```
2393 #### Windows (Intune)
2394 OMA-URI:
2395 ```
2396 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2397 ```
2398 Value (string):
2399 ```
2400 <enabled/>
2401 <data id="Preferences_String" value="${home}\Downloads"/>
2402 ```
2403 #### macOS
2404 ```
2405 <dict>
2406 <key>DownloadDirectory</key>
2407 <string>${home}/Downloads</string>
2408 </dict>
2409 ```
2410 #### policies.json (macOS and Linux)
2411 ```
2412 {
2413 "policies": {
2414 "DownloadDirectory": "${home}/Downloads"
2415 }
2416 ```
2417 #### policies.json (Windows)
2418 ```
2419 {
2420 "policies": {
2421 "DownloadDirectory": "${home}\\Downloads"
2422 }
2423 ```
2424 ### EnableTrackingProtection
2425 Configure tracking protection.
2426
2427 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2428
2429 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2430
2431 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2432
2433 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2434
2435 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2436
2437 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2438
2439 `Exceptions` are origins for which tracking protection is not enabled.
2440
2441 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2442 **CCK2 Equivalent:** N/A\
2443 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2444
2445 #### Windows (GPO)
2446 ```
2447 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2448 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2449 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2450 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2451 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2452 ```
2453 #### Windows (Intune)
2454 OMA-URI:
2455 ```
2456 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2457 ```
2458 Value (string):
2459 ```
2460 <enabled/> or <disabled/>
2461 ```
2462 OMA-URI:
2463 ```
2464 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2465 ```
2466 Value (string):
2467 ```
2468 <enabled/> or <disabled/>
2469 ```
2470 OMA-URI:
2471 ```
2472 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2473 ```
2474 Value (string):
2475 ```
2476 <enabled/> or <disabled/>
2477 ```
2478 OMA-URI:
2479 ```
2480 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2481 ```
2482 Value (string):
2483 ```
2484 <enabled/>
2485 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2486 ```
2487 OMA-URI:
2488 ```
2489 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2490 ```
2491 Value (string):
2492 ```
2493 <enabled/> or <disabled/>
2494 ```
2495 #### macOS
2496 ```
2497 <dict>
2498 <key>EnableTrackingProtection</key>
2499 <dict>
2500 <key>Value</key>
2501 <true/> | <false/>
2502 <key>Locked</key>
2503 <true/> | <false/>
2504 <key>Cryptomining</key>
2505 <true/> | <false/>
2506 <key>Fingerprinting</key>
2507 <true/> | <false/>
2508 <key>Exceptions</key>
2509 <array>
2510 <string>https://example.com</string>
2511 </array>
2512 </dict>
2513 </dict>
2514 ```
2515 #### policies.json
2516 ```
2517 {
2518 "policies": {
2519 "EnableTrackingProtection": {
2520 "Value": true | false,
2521 "Locked": true | false,
2522 "Cryptomining": true | false,
2523 "Fingerprinting": true | false,
2524 "Exceptions": ["https://example.com"]
2525 }
2526 }
2527 }
2528 ```
2529 ### EncryptedMediaExtensions
2530 Enable or disable Encrypted Media Extensions and optionally lock it.
2531
2532 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2533
2534 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2535
2536 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2537 **CCK2 Equivalent:** N/A\
2538 **Preferences Affected:** `media.eme.enabled`
2539
2540 #### Windows (GPO)
2541 ```
2542 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2543 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2544 ```
2545 #### Windows (Intune)
2546 OMA-URI:
2547 ```
2548 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2549 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2550 ```
2551 Value (string):
2552 ```
2553 <enabled/>or <disabled/>
2554 ```
2555 #### macOS
2556 ```
2557 <dict>
2558 <key>EncryptedMediaExtensions</key>
2559 <dict>
2560 <key>Enabled</key>
2561 <true/> | <false/>
2562 <key>Locked</key>
2563 <true/> | <false/>
2564 </dict>
2565 </dict>
2566 ```
2567 #### policies.json
2568 ```
2569 {
2570 "policies": {
2571 "EncryptedMediaExtensions": {
2572 "Enabled": true | false,
2573 "Locked": true | false
2574 }
2575 }
2576 }
2577 ```
2578 ### EnterprisePoliciesEnabled
2579 Enable policy support on macOS.
2580
2581 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2582 **CCK2 Equivalent:** N/A\
2583 **Preferences Affected:** N/A
2584
2585 #### macOS
2586 ```
2587 <dict>
2588 <key>EnterprisePoliciesEnabled</key>
2589 <true/>
2590 </dict>
2591 ```
2592 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2593
2594 Disable warnings based on file extension for specific file types on domains.
2595
2596 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2597
2598 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2599
2600 **Compatibility:** Firefox 102\
2601 **CCK2 Equivalent:** N/A\
2602 **Preferences Affected:** N/A
2603
2604 #### Windows (GPO)
2605 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2606 ```
2607 [
2608 {
2609 "file_extension": "jnlp",
2610 "domains": ["example.com"]
2611 }
2612 ]
2613 ```
2614 #### Windows (Intune)
2615 OMA-URI:
2616 ```
2617 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2618 ```
2619 Value (string):
2620 ```
2621 <enabled/>
2622 <data id="JSON" value='
2623 [
2624 {
2625 "file_extension": "jnlp",
2626 "domains": ["example.com"]
2627 }
2628 ]
2629 '/>
2630 ```
2631 #### macOS
2632 ```
2633 <dict>
2634 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2635 <array>
2636 <dict>
2637 <key>file_extension</key>
2638 <string>jnlp</string>
2639 <key>domains</key>
2640 <array>
2641 <string>example.com</string>
2642 </array>
2643 </dict>
2644 </array>
2645 </dict>
2646 ```
2647 #### policies.json
2648 ```
2649 {
2650 "policies": {
2651 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2652 "file_extension": "jnlp",
2653 "domains": ["example.com"]
2654 }]
2655 }
2656 }
2657 ```
2658 ### Extensions
2659 Control the installation, uninstallation and locking of extensions.
2660
2661 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2662
2663 `Install` is a list of URLs or native paths for extensions to be installed.
2664
2665 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2666
2667 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2668
2669 **Compatibility:** Firefox 60, Firefox ESR 60\
2670 **CCK2 Equivalent:** `addons`\
2671 **Preferences Affected:** N/A
2672
2673 #### Windows (GPO)
2674 ```
2675 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2676 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2677 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2678 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2679 ```
2680 #### Windows (Intune)
2681 OMA-URI:
2682 ```
2683 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2684 ```
2685 Value (string):
2686 ```
2687 <enabled/>
2688 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2689 ```
2690 OMA-URI:
2691 ```
2692 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2693 ```
2694 Value (string):
2695 ```
2696 <enabled/>
2697 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2698 ```
2699 OMA-URI:
2700 ```
2701 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2702 ```
2703 Value (string):
2704 ```
2705 <enabled/>
2706 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2707 ```
2708 #### macOS
2709 ```
2710 <dict>
2711 <key>Extensions</key>
2712 <dict>
2713 <key>Install</key>
2714 <array>
2715 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2716 <string>//path/to/xpi</string>
2717 </array>
2718 <key>Uninstall</key>
2719 <array>
2720 <string>bad_addon_id@mozilla.org</string>
2721 </array>
2722 <key>Locked</key>
2723 <array>
2724 <string>addon_id@mozilla.org</string>
2725 </array>
2726 </dict>
2727 </dict>
2728 ```
2729 #### policies.json
2730 ```
2731 {
2732 "policies": {
2733 "Extensions": {
2734 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2735 "Uninstall": ["bad_addon_id@mozilla.org"],
2736 "Locked": ["addon_id@mozilla.org"]
2737 }
2738 }
2739 }
2740 ```
2741 ### ExtensionSettings
2742 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2743
2744 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2745
2746 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2747
2748 The configuration for each extension is another dictionary that can contain the fields documented below.
2749
2750 | Name | Description |
2751 | --- | --- |
2752 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2753 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2754 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2755 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2756 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2757 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2758 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2759 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2760 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2761 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2762 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2763 | `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
2764
2765 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2766 **CCK2 Equivalent:** N/A\
2767 **Preferences Affected:** N/A
2768
2769 #### Windows (GPO)
2770 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2771 ```
2772 {
2773 "*": {
2774 "blocked_install_message": "Custom error message.",
2775 "install_sources": ["https://yourwebsite.com/*"],
2776 "installation_mode": "blocked",
2777 "allowed_types": ["extension"]
2778 },
2779 "uBlock0@raymondhill.net": {
2780 "installation_mode": "force_installed",
2781 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2782 },
2783 "@testpilot-containers": {
2784 "installation_mode": "normal_installed",
2785 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi",
2786 "default_area": "navbar"
2787 },
2788 "https-everywhere@eff.org": {
2789 "installation_mode": "allowed"
2790 }
2791 }
2792 ```
2793 #### Windows (Intune)
2794 OMA-URI:
2795 ```
2796 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2797 ```
2798 Value (string):
2799 ```
2800 <enabled/>
2801 <data id="ExtensionSettings" value='
2802 {
2803 "*": {
2804 "blocked_install_message": "Custom error message.",
2805 "install_sources": ["https://yourwebsite.com/*"],
2806 "installation_mode": "blocked",
2807 "allowed_types": ["extension"]
2808 },
2809 "uBlock0@raymondhill.net": {
2810 "installation_mode": "force_installed",
2811 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2812 },
2813 "@testpilot-containers": {
2814 "installation_mode": "normal_installed",
2815 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi",
2816 "default_area": "navbar"
2817 },
2818 "https-everywhere@eff.org": {
2819 "installation_mode": "allowed"
2820 }
2821 }'/>
2822 ```
2823 #### macOS
2824 ```
2825 <dict>
2826 <key>ExtensionSettings</key>
2827 <dict>
2828 <key>*</key>
2829 <dict>
2830 <key>blocked_install_message</key>
2831 <string>Custom error message.</string>
2832 <key>install_sources</key>
2833 <array>
2834 <string>"https://yourwebsite.com/*"</string>
2835 </array>
2836 <key>installation_mode</key>
2837 <string>blocked</string>
2838 <key>allowed_types</key>
2839 <array>
2840 <string>extension</string>
2841 </array>
2842 </dict>
2843 <key>uBlock0@raymondhill.net</key>
2844 <dict>
2845 <key>installation_mode</key>
2846 <string>force_installed</string>
2847 <key>install_url</key>
2848 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2849 </dict>
2850 <key>@testpilot-containers</key>
2851 <dict>
2852 <key>installation_mode</key>
2853 <string>normal_installed</string>
2854 <key>install_url</key>
2855 <string>https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi</string>
2856 <key>default_area</key>
2857 <string>navbar</string>
2858 </dict>
2859 <key>https-everywhere@eff.org</key>
2860 <dict>
2861 <key>installation_mode</key>
2862 <string>allowed</string>
2863 </dict>
2864 </dict>
2865 </dict>
2866 ```
2867 #### policies.json
2868 ```
2869 {
2870 "policies": {
2871 "ExtensionSettings": {
2872 "*": {
2873 "blocked_install_message": "Custom error message.",
2874 "install_sources": ["https://yourwebsite.com/*"],
2875 "installation_mode": "blocked",
2876 "allowed_types": ["extension"]
2877 },
2878 "uBlock0@raymondhill.net": {
2879 "installation_mode": "force_installed",
2880 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2881 },
2882 "@testpilot-containers": {
2883 "installation_mode": "normal_installed",
2884 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi",
2885 "default_area": "navbar"
2886 },
2887 "https-everywhere@eff.org": {
2888 "installation_mode": "allowed"
2889 }
2890 }
2891 }
2892 }
2893 ```
2894 ### ExtensionUpdate
2895 Control extension updates.
2896
2897 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2898 **CCK2 Equivalent:** N/A\
2899 **Preferences Affected:** `extensions.update.enabled`
2900
2901 #### Windows (GPO)
2902 ```
2903 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2904 ```
2905 #### Windows (Intune)
2906 OMA-URI:
2907 ```
2908 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2909 ```
2910 Value (string):
2911 ```
2912 <enabled/> or <disabled/>
2913 ```
2914 #### macOS
2915 ```
2916 <dict>
2917 <key>ExtensionUpdate</key>
2918 <true/> | <false/>
2919 </dict>
2920 ```
2921 #### policies.json
2922 ```
2923 {
2924 "policies": {
2925 "ExtensionUpdate": true | false
2926 }
2927 }
2928 ```
2929 ### FirefoxHome
2930 Customize the Firefox Home page.
2931
2932 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
2933 **CCK2 Equivalent:** N/A\
2934 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
2935
2936 #### Windows (GPO)
2937 ```
2938 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2939 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2940 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
2941 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2942 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2943 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
2944 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2945 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2946 ```
2947 #### Windows (Intune)
2948 OMA-URI:
2949 ```
2950 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2951 ```
2952 Value (string):
2953 ```
2954 <enabled/>
2955 <data id="FirefoxHome_Search" value="true | false"/>
2956 <data id="FirefoxHome_TopSites" value="true | false"/>
2957 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
2958 <data id="FirefoxHome_Highlights" value="true | false"/>
2959 <data id="FirefoxHome_Pocket" value="true | false"/>
2960 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
2961 <data id="FirefoxHome_Snippets" value="true | false"/>
2962 <data id="FirefoxHome_Locked" value="true | false"/>
2963 ```
2964 #### macOS
2965 ```
2966 <dict>
2967 <key>FirefoxHome</key>
2968 <dict>
2969 <key>Search</key>
2970 <true/> | <false/>
2971 <key>TopSites</key>
2972 <true/> | <false/>
2973 <key>SponsoredTopSites</key>
2974 <true/> | <false/>
2975 <key>Highlights</key>
2976 <true/> | <false/>
2977 <key>Pocket</key>
2978 <true/> | <false/>
2979 <key>SponsoredPocket</key>
2980 <true/> | <false/>
2981 <key>Snippets</key>
2982 <true/> | <false/>
2983 <key>Locked</key>
2984 <true/> | <false/>
2985 </dict>
2986 </dict>
2987 ```
2988 #### policies.json
2989 ```
2990 {
2991 "policies": {
2992 "FirefoxHome": {
2993 "Search": true | false,
2994 "TopSites": true | false,
2995 "SponsoredTopSites": true | false,
2996 "Highlights": true | false,
2997 "Pocket": true | false,
2998 "SponsoredPocket": true | false,
2999 "Snippets": true | false,
3000 "Locked": true | false
3001 }
3002 }
3003 }
3004 ```
3005 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3006 Whether to always go through the DNS server before sending a single word search string to a search engine.
3007
3008 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3009
3010 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3011
3012 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3013
3014 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3015
3016 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3017
3018 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3019 **CCK2 Equivalent:** `N/A`\
3020 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3021
3022 #### Windows (GPO)
3023 ```
3024 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3025 ```
3026 #### Windows (Intune)
3027 OMA-URI:
3028 ```
3029 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3030 ```
3031 Value (string):
3032 ```
3033 <enabled/> or <disabled/>
3034 ```
3035 #### macOS
3036 ```
3037 <dict>
3038 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3039 <true/> | <false/>
3040 </dict>
3041 ```
3042 #### policies.json
3043 ```
3044 {
3045 "policies": {
3046 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3047 }
3048 }
3049 ```
3050 ### Handlers
3051 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3052
3053 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3054
3055 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3056
3057 | Name | Description |
3058 | --- | --- |
3059 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3060 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3061 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3062 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3063 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3064 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3065
3066 **Compatibility:** Firefox 78, Firefox ESR 78\
3067 **CCK2 Equivalent:** N/A\
3068 **Preferences Affected:** N/A
3069
3070 #### Windows (GPO)
3071 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3072 ```
3073 {
3074 "mimeTypes": {
3075 "application/msword": {
3076 "action": "useSystemDefault",
3077 "ask": true | false
3078 }
3079 },
3080 "schemes": {
3081 "mailto": {
3082 "action": "useHelperApp",
3083 "ask": true | false,
3084 "handlers": [{
3085 "name": "Gmail",
3086 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3087 }]
3088 }
3089 },
3090 "extensions": {
3091 "pdf": {
3092 "action": "useHelperApp",
3093 "ask": true | false,
3094 "handlers": [{
3095 "name": "Adobe Acrobat",
3096 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3097 }]
3098 }
3099 }
3100 }
3101 ```
3102 #### Windows (Intune)
3103 OMA-URI:
3104 ```
3105 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3106 ```
3107 Value (string):
3108 ```
3109 <enabled/>
3110 <data id="Handlers" value='
3111 {
3112 "mimeTypes": {
3113 "application/msword": {
3114 "action": "useSystemDefault",
3115 "ask": true | false
3116 }
3117 },
3118 "schemes": {
3119 "mailto": {
3120 "action": "useHelperApp",
3121 "ask": true | false,
3122 "handlers": [{
3123 "name": "Gmail",
3124 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3125 }]
3126 }
3127 },
3128 "extensions": {
3129 "pdf": {
3130 "action": "useHelperApp",
3131 "ask": true | false,
3132 "handlers": [{
3133 "name": "Adobe Acrobat",
3134 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3135 }]
3136 }
3137 }
3138 }
3139 '/>
3140 ```
3141 #### macOS
3142 ```
3143 <dict>
3144 <key>Handlers</key>
3145 <dict>
3146 <key>mimeTypes</key>
3147 <dict>
3148 <key>application/msword</key>
3149 <dict>
3150 <key>action</key>
3151 <string>useSystemDefault</string>
3152 <key>ask</key>
3153 <true/> | <false/>
3154 </dict>
3155 </dict>
3156 <key>schemes</key>
3157 <dict>
3158 <key>mailto</key>
3159 <dict>
3160 <key>action</key>
3161 <string>useHelperApp</string>
3162 <key>ask</key>
3163 <true/> | <false/>
3164 <key>handlers</key>
3165 <array>
3166 <dict>
3167 <key>name</key>
3168 <string>Gmail</string>
3169 <key>uriTemplate</key>
3170 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3171 </dict>
3172 </array>
3173 </dict>
3174 </dict>
3175 <key>extensions</key>
3176 <dict>
3177 <key>pdf</key>
3178 <dict>
3179 <key>action</key>
3180 <string>useHelperApp</string>
3181 <key>ask</key>
3182 <true/> | <false/>
3183 <key>handlers</key>
3184 <array>
3185 <dict>
3186 <key>name</key>
3187 <string>Adobe Acrobat</string>
3188 <key>path</key>
3189 <string>/System/Applications/Preview.app</string>
3190 </dict>
3191 </array>
3192 </dict>
3193 </dict>
3194 </dict>
3195 </dict>
3196 ```
3197 #### policies.json
3198 ```
3199 {
3200 "policies": {
3201 "Handlers": {
3202 "mimeTypes": {
3203 "application/msword": {
3204 "action": "useSystemDefault",
3205 "ask": false
3206 }
3207 },
3208 "schemes": {
3209 "mailto": {
3210 "action": "useHelperApp",
3211 "ask": true | false,
3212 "handlers": [{
3213 "name": "Gmail",
3214 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3215 }]
3216 }
3217 },
3218 "extensions": {
3219 "pdf": {
3220 "action": "useHelperApp",
3221 "ask": true | false,
3222 "handlers": [{
3223 "name": "Adobe Acrobat",
3224 "path": "/usr/bin/acroread"
3225 }]
3226 }
3227 }
3228 }
3229 }
3230 }
3231 ```
3232 ### HardwareAcceleration
3233 Control hardware acceleration.
3234
3235 **Compatibility:** Firefox 60, Firefox ESR 60\
3236 **CCK2 Equivalent:** N/A\
3237 **Preferences Affected:** `layers.acceleration.disabled`
3238
3239 #### Windows (GPO)
3240 ```
3241 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3242 ```
3243 #### Windows (Intune)
3244 OMA-URI:
3245 ```
3246 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3247 ```
3248 Value (string):
3249 ```
3250 <enabled/> or <disabled/>
3251 ```
3252 #### macOS
3253 ```
3254 <dict>
3255 <key>HardwareAcceleration</key>
3256 <true/> | <false/>
3257 </dict>
3258 ```
3259 #### policies.json
3260 ```
3261 {
3262 "policies": {
3263 "HardwareAcceleration": true | false
3264 }
3265 }
3266 ```
3267 ### Homepage
3268 Configure the default homepage and how Firefox starts.
3269
3270 `URL` is the default homepage.
3271
3272 `Locked` prevents the user from changing homepage preferences.
3273
3274 `Additional` allows for more than one homepage.
3275
3276 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3277
3278 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3279
3280 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3281 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3282 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3283
3284 #### Windows (GPO)
3285 ```
3286 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3287 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3288 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3289 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3290 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3291 ```
3292 #### Windows (Intune)
3293 OMA-URI:
3294 ```
3295 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3296 ```
3297 Value (string):
3298 ```
3299 <enabled/>
3300
3301 <data id="HomepageURL" value="https://example.com"/>
3302 <data id="HomepageLocked" value="true | false"/>
3303 ```
3304 OMA-URI:
3305 ```
3306 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3307 ```
3308 Value (string):
3309 ```
3310 <enabled/>
3311
3312 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3313 ```
3314 OMA-URI:
3315 ```
3316 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3317 ```
3318 Value (string):
3319 ```
3320 <enabled/>
3321
3322 <data id="StartPage" value="none | homepage | previous-session"/>
3323 ```
3324 #### macOS
3325 ```
3326 <dict>
3327 <key>Homepage</key>
3328 <dict>
3329 <key>URL</key>
3330 <string>http://example.com</string>
3331 <key>Locked</key>
3332 <true/> | <false/>
3333 <key>Additional</key>
3334 <array>
3335 <string>http://example.org</string>
3336 <string>http://example.edu</string>
3337 </array>
3338 <key>StartPage</key>
3339 <string>none | homepage | previous-session | homepage-locked</string>
3340 </dict>
3341 </dict>
3342 ```
3343 #### policies.json
3344 ```
3345 {
3346 "policies": {
3347 "Homepage": {
3348 "URL": "http://example.com/",
3349 "Locked": true | false,
3350 "Additional": ["http://example.org/",
3351 "http://example.edu/"],
3352 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3353 }
3354 }
3355 }
3356 ```
3357 ### InstallAddonsPermission
3358 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3359
3360 `Allow` is a list of origins where extension installs are allowed.
3361
3362 `Default` determines whether or not extension installs are allowed by default.
3363
3364 **Compatibility:** Firefox 60, Firefox ESR 60\
3365 **CCK2 Equivalent:** `permissions.install`\
3366 **Preferences Affected:** `xpinstall.enabled`
3367
3368 #### Windows (GPO)
3369 ```
3370 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3371 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3372 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3373 ```
3374 #### Windows (Intune)
3375 OMA-URI:
3376 ```
3377 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3378 ```
3379 Value (string):
3380 ```
3381 <enabled/>
3382 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3383 ```
3384 OMA-URI:
3385 ```
3386 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3387 ```
3388 Value (string):
3389 ```
3390 <enabled/>
3391 ```
3392 #### macOS
3393 ```
3394 <dict>
3395 <key>InstallAddonsPermission</key>
3396 <dict>
3397 <key>Allow</key>
3398 <array>
3399 <string>http://example.org</string>
3400 <string>http://example.edu</string>
3401 </array>
3402 <key>Default</key>
3403 <true/> | <false/>
3404 </dict>
3405 </dict>
3406 ```
3407 #### policies.json
3408 ```
3409 {
3410 "policies": {
3411 "InstallAddonsPermission": {
3412 "Allow": ["http://example.org/",
3413 "http://example.edu/"],
3414 "Default": true | false
3415 }
3416 }
3417 }
3418 ```
3419 ### LegacyProfiles
3420 Disable the feature enforcing a separate profile for each installation.
3421
3422 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3423
3424 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3425
3426 This policy only work on Windows via GPO (not policies.json).
3427
3428 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3429 **CCK2 Equivalent:** N/A\
3430 **Preferences Affected:** N/A
3431
3432 #### Windows (GPO)
3433 ```
3434 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3435 ```
3436 #### Windows (Intune)
3437 OMA-URI:
3438 ```
3439 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3440 ```
3441 Value (string):
3442 ```
3443 <enabled/> or <disabled/>
3444 ```
3445 ### LegacySameSiteCookieBehaviorEnabled
3446 Enable default legacy SameSite cookie behavior setting.
3447
3448 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3449
3450 **Compatibility:** Firefox 96\
3451 **CCK2 Equivalent:** N/A\
3452 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3453
3454 #### Windows (GPO)
3455 ```
3456 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3457 ```
3458 #### Windows (Intune)
3459 OMA-URI:
3460 ```
3461 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3462 ```
3463 Value (string):
3464 ```
3465 <enabled/> or <disabled/>
3466 ```
3467 #### macOS
3468 ```
3469 <dict>
3470 <key>LegacySameSiteCookieBehaviorEnabled</key>
3471 <true/> | <false/>
3472 </dict>
3473 ```
3474 #### policies.json
3475 ```
3476 {
3477 "policies": {
3478 "LegacySameSiteCookieBehaviorEnabled": true | false
3479 }
3480 ```
3481 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3482 Revert to legacy SameSite behavior for cookies on specified sites.
3483
3484 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3485
3486 **Compatibility:** Firefox 96\
3487 **CCK2 Equivalent:** N/A\
3488 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3489
3490 #### Windows (GPO)
3491 ```
3492 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3493 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3494 ```
3495 #### Windows (Intune)
3496 OMA-URI:
3497 ```
3498 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3499 ```
3500 Value (string):
3501 ```
3502 <enabled/>
3503 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3504 ```
3505 #### macOS
3506 ```
3507 <dict>
3508 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3509 <array>
3510 <string>example.org</string>
3511 <string>example.edu</string>
3512 </array>
3513 </dict>
3514 ```
3515 #### policies.json
3516 ```
3517 {
3518 "policies": {
3519 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3520 "example.edu"]
3521 }
3522 }
3523 ```
3524 ### LocalFileLinks
3525 Enable linking to local files by origin.
3526
3527 **Compatibility:** Firefox 68, Firefox ESR 68\
3528 **CCK2 Equivalent:** N/A\
3529 **Preferences Affected:** `capability.policy.localfilelinks.*`
3530
3531 #### Windows (GPO)
3532 ```
3533 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3534 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3535 ```
3536 #### Windows (Intune)
3537 OMA-URI:
3538 ```
3539 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3540 ```
3541 Value (string):
3542 ```
3543 <enabled/>
3544 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3545 ```
3546 #### macOS
3547 ```
3548 <dict>
3549 <key>LocalFileLinks</key>
3550 <array>
3551 <string>http://example.org</string>
3552 <string>http://example.edu</string>
3553 </array>
3554 </dict>
3555 ```
3556 #### policies.json
3557 ```
3558 {
3559 "policies": {
3560 "LocalFileLinks": ["http://example.org/",
3561 "http://example.edu/"]
3562 }
3563 }
3564 ```
3565 ### ManagedBookmarks
3566 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3567
3568 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3569
3570 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3571 ```
3572 {
3573 "items": {
3574 "id": "BookmarkType",
3575 "properties": {
3576 "children": {
3577 "items": {
3578 "$ref": "BookmarkType"
3579 },
3580 "type": "array"
3581 },
3582 "name": {
3583 "type": "string"
3584 },
3585 "toplevel_name": {
3586 "type": "string"
3587 },
3588 "url": {
3589 "type": "string"
3590 }
3591 },
3592 "type": "object"
3593 },
3594 "type": "array"
3595 }
3596 ```
3597 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3598 **CCK2 Equivalent:** N/A\
3599 **Preferences Affected:** N/A
3600
3601 #### Windows (GPO)
3602 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3603 ```
3604 [
3605 {
3606 "toplevel_name": "My managed bookmarks folder"
3607 },
3608 {
3609 "url": "example.com",
3610 "name": "Example"
3611 },
3612 {
3613 "name": "Mozilla links",
3614 "children": [
3615 {
3616 "url": "https://mozilla.org",
3617 "name": "Mozilla.org"
3618 },
3619 {
3620 "url": "https://support.mozilla.org/",
3621 "name": "SUMO"
3622 }
3623 ]
3624 }
3625 ]
3626 ```
3627 #### Windows (Intune)
3628 OMA-URI:
3629 ```
3630 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3631 ```
3632 Value (string):
3633 ```
3634 <enabled/>
3635 <data id="JSON" value='
3636 [
3637 {
3638 "toplevel_name": "My managed bookmarks folder"
3639 },
3640 {
3641 "url": "example.com",
3642 "name": "Example"
3643 },
3644 {
3645 "name": "Mozilla links",
3646 "children": [
3647 {
3648 "url": "https://mozilla.org",
3649 "name": "Mozilla.org"
3650 },
3651 {
3652 "url": "https://support.mozilla.org/",
3653 "name": "SUMO"
3654 }
3655 ]
3656 }
3657 ]'/>
3658 ```
3659 #### macOS
3660 ```
3661 <dict>
3662 <key>ManagedBookmarks</key>
3663 <array>
3664 <dict>
3665 <key>toplevel_name</key>
3666 <string>My managed bookmarks folder</string>
3667 <dict>
3668 <key>url</key>
3669 <string>example.com</string>
3670 <key>name</key>
3671 <string>Example</string>
3672 </dict>
3673 <dict>
3674 <key>name</key>
3675 <string>Mozilla links</string>
3676 <key>children</key>
3677 <array>
3678 <dict>
3679 <key>url</key>
3680 <string>https://mozilla.org</string>
3681 <key>name</key>
3682 <string>Mozilla</string>
3683 </dict>
3684 <dict>
3685 <key>url</key>
3686 <string>https://support.mozilla.org/</string>
3687 <key>name</key>
3688 <string>SUMO</string>
3689 </dict>
3690 </array>
3691 </dict>
3692 </array>
3693 </dict>
3694 ```
3695 #### policies.json
3696 ```
3697 {
3698 "policies": {
3699 "ManagedBookmarks": [
3700 {
3701 "toplevel_name": "My managed bookmarks folder"
3702 },
3703 {
3704 "url": "example.com",
3705 "name": "Example"
3706 },
3707 {
3708 "name": "Mozilla links",
3709 "children": [
3710 {
3711 "url": "https://mozilla.org",
3712 "name": "Mozilla.org"
3713 },
3714 {
3715 "url": "https://support.mozilla.org/",
3716 "name": "SUMO"
3717 }
3718 ]
3719 }
3720 ]
3721 }
3722 }
3723 ```
3724 ### ManualAppUpdateOnly
3725
3726 Switch to manual updates only.
3727
3728 If this policy is enabled:
3729 1. The user will never be prompted to install updates
3730 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3731 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3732
3733 This policy is primarily intended for advanced end users, not for enterprises.
3734
3735 **Compatibility:** Firefox 87\
3736 **CCK2 Equivalent:** N/A\
3737 **Preferences Affected:** N/A
3738
3739 #### policies.json
3740 ```
3741 {
3742 "policies": {
3743 "ManualAppUpdateOnly": true | false
3744 }
3745 }
3746 ```
3747 ### NetworkPrediction
3748 Enable or disable network prediction (DNS prefetching).
3749
3750 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3751 **CCK2 Equivalent:** N/A\
3752 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3753
3754 #### Windows (GPO)
3755 ```
3756 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3757 ```
3758 #### Windows (Intune)
3759 OMA-URI:
3760 ```
3761 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3762 ```
3763 Value (string):
3764 ```
3765 <enabled/> or <disabled/>
3766 ```
3767 #### macOS
3768 ```
3769 <dict>
3770 <key>NetworkPrediction</key>
3771 <true/> | <false/>
3772 </dict>
3773 ```
3774 #### policies.json
3775 ```
3776 {
3777 "policies": {
3778 "NetworkPrediction": true | false
3779 }
3780 ```
3781 ### NewTabPage
3782 Enable or disable the New Tab page.
3783
3784 **Compatibility:** Firefox 68, Firefox ESR 68\
3785 **CCK2 Equivalent:** N/A\
3786 **Preferences Affected:** `browser.newtabpage.enabled`
3787
3788 #### Windows (GPO)
3789 ```
3790 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3791 ```
3792 #### Windows (Intune)
3793 OMA-URI:
3794 ```
3795 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3796 ```
3797 Value (string):
3798 ```
3799 <enabled/> or <disabled/>
3800 ```
3801 #### macOS
3802 ```
3803 <dict>
3804 <key>NewTabPage</key>
3805 <true/> | <false/>
3806 </dict>
3807 ```
3808 #### policies.json
3809 ```
3810 {
3811 "policies": {
3812 "NewTabPage": true | false
3813 }
3814 ```
3815 ### NoDefaultBookmarks
3816 Disable the creation of default bookmarks.
3817
3818 This policy is only effective if the user profile has not been created yet.
3819
3820 **Compatibility:** Firefox 60, Firefox ESR 60\
3821 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3822 **Preferences Affected:** N/A
3823
3824 #### Windows (GPO)
3825 ```
3826 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3827 ```
3828 #### Windows (Intune)
3829 OMA-URI:
3830 ```
3831 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3832 ```
3833 Value (string):
3834 ```
3835 <enabled/> or <disabled/>
3836 ```
3837 #### macOS
3838 ```
3839 <dict>
3840 <key>NoDefaultBookmarks</key>
3841 <true/> | <false/>
3842 </dict>
3843 ```
3844 #### policies.json
3845 ```
3846 {
3847 "policies": {
3848 "NoDefaultBookmarks": true | false
3849 }
3850 }
3851 ```
3852 ### OfferToSaveLogins
3853 Control whether or not Firefox offers to save passwords.
3854
3855 **Compatibility:** Firefox 60, Firefox ESR 60\
3856 **CCK2 Equivalent:** `dontRememberPasswords`\
3857 **Preferences Affected:** `signon.rememberSignons`
3858
3859 #### Windows (GPO)
3860 ```
3861 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3862 ```
3863 #### Windows (Intune)
3864 OMA-URI:
3865 ```
3866 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3867 ```
3868 Value (string):
3869 ```
3870 <enabled/> or <disabled/>
3871 ```
3872 #### macOS
3873 ```
3874 <dict>
3875 <key>OfferToSaveLogins</key>
3876 <true/> | <false/>
3877 </dict>
3878 ```
3879 #### policies.json
3880 ```
3881 {
3882 "policies": {
3883 "OfferToSaveLogins": true | false
3884 }
3885 }
3886 ```
3887 ### OfferToSaveLoginsDefault
3888 Sets the default value of signon.rememberSignons without locking it.
3889
3890 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3891 **CCK2 Equivalent:** `dontRememberPasswords`\
3892 **Preferences Affected:** `signon.rememberSignons`
3893
3894 #### Windows (GPO)
3895 ```
3896 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
3897 ```
3898 #### Windows (Intune)
3899 OMA-URI:
3900 ```
3901 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
3902 ```
3903 Value (string):
3904 ```
3905 <enabled/> or <disabled/>
3906 ```
3907 #### macOS
3908 ```
3909 <dict>
3910 <key>OfferToSaveLoginsDefault</key>
3911 <true/> | <false/>
3912 </dict>
3913 ```
3914 #### policies.json
3915 ```
3916 {
3917 "policies": {
3918 "OfferToSaveLoginsDefault": true | false
3919 }
3920 }
3921 ```
3922 ### OverrideFirstRunPage
3923 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
3924
3925 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
3926
3927 **Compatibility:** Firefox 60, Firefox ESR 60\
3928 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
3929 **Preferences Affected:** `startup.homepage_welcome_url`
3930
3931 #### Windows (GPO)
3932 ```
3933 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
3934 ```
3935 #### Windows (Intune)
3936 OMA-URI:
3937 ```
3938 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
3939 ```
3940 Value (string):
3941 ```
3942 <enabled/>
3943 <data id="OverridePage" value="https://example.com"/>
3944 ```
3945 #### macOS
3946 ```
3947 <dict>
3948 <key>OverrideFirstRunPage</key>
3949 <string>http://example.org</string>
3950 </dict>
3951 ```
3952 #### policies.json
3953 ```
3954 {
3955 "policies": {
3956 "OverrideFirstRunPage": "http://example.org"
3957 }
3958 }
3959 ```
3960 ### OverridePostUpdatePage
3961 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
3962
3963 **Compatibility:** Firefox 60, Firefox ESR 60\
3964 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
3965 **Preferences Affected:** `startup.homepage_override_url`
3966
3967 #### Windows (GPO)
3968 ```
3969 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
3970 ```
3971 #### Windows (Intune)
3972 OMA-URI:
3973 ```
3974 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
3975 ```
3976 Value (string):
3977 ```
3978 <enabled/>
3979 <data id="OverridePage" value="https://example.com"/>
3980 ```
3981 #### macOS
3982 ```
3983 <dict>
3984 <key>OverridePostUpdatePage</key>
3985 <string>http://example.org</string>
3986 </dict>
3987 ```
3988 #### policies.json
3989 ```
3990 {
3991 "policies": {
3992 "OverridePostUpdatePage": "http://example.org"
3993 }
3994 }
3995 ```
3996 ### PasswordManagerEnabled
3997 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
3998
3999 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4000 **CCK2 Equivalent:** N/A\
4001 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4002
4003 #### Windows (GPO)
4004 ```
4005 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4006 ```
4007 #### Windows (Intune)
4008 OMA-URI:
4009 ```
4010 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4011 ```
4012 Value (string):
4013 ```
4014 <enabled/> or <disabled/>
4015 ```
4016 #### macOS
4017 ```
4018 <dict>
4019 <key>PasswordManagerEnabled</key>
4020 <true/> | <false/>
4021 </dict>
4022 ```
4023 #### policies.json
4024 ```
4025 {
4026 "policies": {
4027 "PasswordManagerEnabled": true | false
4028 }
4029 }
4030 ```
4031 ### PasswordManagerExceptions
4032 Prevent Firefox from saving passwords for specific sites.
4033
4034 The sites are specified as a list of origins.
4035
4036 **Compatibility:** Firefox 101\
4037 **CCK2 Equivalent:** N/A\
4038 **Preferences Affected:** N/A
4039
4040 #### Windows (GPO)
4041 ```
4042 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4043 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4044 ```
4045 #### Windows (Intune)
4046 OMA-URI:
4047 ```
4048 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4049 ```
4050 Value (string):
4051 ```
4052 <enabled/>
4053 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4054 ```
4055 #### macOS
4056 ```
4057 <dict>
4058 <key>PasswordManagerExceptions</key>
4059 <array>
4060 <string>https://example.org</string>
4061 <string>https://example.edu</string>
4062 </array>
4063 </dict>
4064 ```
4065 #### policies.json
4066 ```
4067 {
4068 "policies": {
4069 "PasswordManagerExceptions": ["https://example.org",
4070 "https://example.edu"]
4071 }
4072 }
4073 ```
4074
4075 ### PDFjs
4076 Disable or configure PDF.js, the built-in PDF viewer.
4077
4078 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4079
4080 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4081
4082 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4083
4084 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4085 **CCK2 Equivalent:** N/A\
4086 **Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
4087
4088 #### Windows (GPO)
4089 ```
4090 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4091 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4092 ```
4093 #### Windows (Intune)
4094 OMA-URI:
4095 ```
4096 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4097 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4098 ```
4099 Value (string):
4100 ```
4101 <enabled/>or <disabled/>
4102 ```
4103 #### macOS
4104 ```
4105 <dict>
4106 <key>PDFjs</key>
4107 <dict>
4108 <key>Enabled</key>
4109 <true/> | <false/>
4110 <key>EnablePermissions</key>
4111 <true/> | <false/>
4112 </dict>
4113 </dict>
4114 ```
4115 #### policies.json
4116 ```
4117 {
4118 "policies": {
4119 "PDFjs": {
4120 "Enabled": true | false,
4121 "EnablePermissions": true | false
4122 }
4123 }
4124 }
4125 ```
4126 ### Permissions
4127 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4128
4129 `Allow` is a list of origins where the feature is allowed.
4130
4131 `Block` is a list of origins where the feature is not allowed.
4132
4133 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4134
4135 `Locked` prevents the user from changing preferences for the feature.
4136
4137 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4138
4139 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4140 **CCK2 Equivalent:** N/A\
4141 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4142
4143 #### Windows (GPO)
4144 ```
4145 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4146 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4147 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4148 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4149 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4150 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4151 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4152 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4153 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4154 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4155 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4156 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4157 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4158 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4159 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4160 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4161 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4162 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4163 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4164 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4165 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4166 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4167 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4168 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4169 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4170 ```
4171 #### Windows (Intune)
4172 OMA-URI:
4173 ```
4174 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4175 ```
4176 Value (string):
4177 ```
4178 <enabled/> or <disabled/>
4179 ```
4180 OMA-URI:
4181 ```
4182 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4183 ```
4184 Value (string):
4185 ```
4186 <enabled/> or <disabled/>
4187 ```
4188 OMA-URI:
4189 ```
4190 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4191 ```
4192 Value (string):
4193 ```
4194 <enabled/>
4195 <data id="Permissions" value="1&#xF000;https://example.org"/>
4196 ```
4197 OMA-URI:
4198 ```
4199 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4200 ```
4201 Value (string):
4202 ```
4203 <enabled/> or <disabled/>
4204 ```
4205 OMA-URI:
4206 ```
4207 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4208 ```
4209 Value (string):
4210 ```
4211 <enabled/> or <disabled/>
4212 ```
4213 OMA-URI:
4214 ```
4215 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4216 ```
4217 Value (string):
4218 ```
4219 <enabled/>
4220 <data id="Permissions" value="1&#xF000;https://example.org"/>
4221 ```
4222 OMA-URI:
4223 ```
4224 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4225 ```
4226 Value (string):
4227 ```
4228 <enabled/>
4229 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4230 ```
4231 OMA-URI:
4232 ```
4233 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4234 ```
4235 Value (string):
4236 ```
4237 <enabled/>
4238 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4239 ```
4240 OMA-URI:
4241 ```
4242 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4243 ```
4244 Value (string):
4245 ```
4246 <enabled/> or <disabled/>
4247 ```
4248 OMA-URI:
4249 ```
4250 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4251 ```
4252 Value (string):
4253 ```
4254 <enabled/>
4255 <data id="Permissions" value="1&#xF000;https://example.org"/>
4256 ```
4257 OMA-URI:
4258 ```
4259 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4260 ```
4261 Value (string):
4262 ```
4263 <enabled/>
4264 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4265 ```
4266 OMA-URI:
4267 ```
4268 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4269 ```
4270 Value (string):
4271 ```
4272 <enabled/> or <disabled/>
4273 ```
4274 OMA-URI:
4275 ```
4276 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4277 ```
4278 Value (string):
4279 ```
4280 <enabled/> or <disabled/>
4281 ```
4282 #### macOS
4283 ```
4284 <dict>
4285 <key>Permissions</key>
4286 <dict>
4287 <key>Camera</key>
4288 <dict>
4289 <key>Allow</key>
4290 <array>
4291 <string>https://example.org</string>
4292 <string>https://example.org:1234</string>
4293 </array>
4294 <key>Block</key>
4295 <array>
4296 <string>https://example.edu</string>
4297 </array>
4298 <key>BlockNewRequests</key>
4299 <true/> | <false/>
4300 <key>Locked</key>
4301 <true/> | <false/>
4302 </dict>
4303 <key>Microphone</key>
4304 <dict>
4305 <key>Allow</key>
4306 <array>
4307 <string>https://example.org</string>
4308 </array>
4309 <key>Block</key>
4310 <array>
4311 <string>https://example.edu</string>
4312 </array>
4313 <key>BlockNewRequests</key>
4314 <true/> | <false/>
4315 <key>Locked</key>
4316 <true/> | <false/>
4317 </dict>
4318 <key>Location</key>
4319 <dict>
4320 <key>Allow</key>
4321 <array>
4322 <string>https://example.org</string>
4323 </array>
4324 <key>Block</key>
4325 <array>
4326 <string>https://example.edu</string>
4327 </array>
4328 <key>BlockNewRequests</key>
4329 <true/> | <false/>
4330 <key>Locked</key>
4331 <true/> | <false/>
4332 </dict>
4333 <key>Notifications</key>
4334 <dict>
4335 <key>Allow</key>
4336 <array>
4337 <string>https://example.org</string>
4338 </array>
4339 <key>Block</key>
4340 <array>
4341 <string>https://example.edu</string>
4342 </array>
4343 <key>BlockNewRequests</key>
4344 <true/>
4345 <key>Locked</key>
4346 <true/>
4347 </dict>
4348 <key>Autoplay</key>
4349 <dict>
4350 <key>Allow</key>
4351 <array>
4352 <string>https://example.org</string>
4353 </array>
4354 <key>Block</key>
4355 <array>
4356 <string>https://example.edu</string>
4357 </array>
4358 <key>Default</key>
4359 <string>allow-audio-video | block-audio | block-audio-video</string>
4360 <key>Locked</key>
4361 <true/> | <false/>
4362 </dict>
4363 </dict>
4364 </dict>
4365 ```
4366 #### policies.json
4367 ```
4368 {
4369 "policies": {
4370 "Permissions": {
4371 "Camera": {
4372 "Allow": ["https://example.org","https://example.org:1234"],
4373 "Block": ["https://example.edu"],
4374 "BlockNewRequests": true | false,
4375 "Locked": true | false
4376 },
4377 "Microphone": {
4378 "Allow": ["https://example.org"],
4379 "Block": ["https://example.edu"],
4380 "BlockNewRequests": true | false,
4381 "Locked": true | false
4382 },
4383 "Location": {
4384 "Allow": ["https://example.org"],
4385 "Block": ["https://example.edu"],
4386 "BlockNewRequests": true | false,
4387 "Locked": true | false
4388 },
4389 "Notifications": {
4390 "Allow": ["https://example.org"],
4391 "Block": ["https://example.edu"],
4392 "BlockNewRequests": true | false,
4393 "Locked": true | false
4394 },
4395 "Autoplay": {
4396 "Allow": ["https://example.org"],
4397 "Block": ["https://example.edu"],
4398 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4399 "Locked": true | false
4400 }
4401 }
4402 }
4403 }
4404 ```
4405 ### PictureInPicture
4406
4407 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4408
4409 **Compatibility:** Firefox 78, Firefox ESR 78\
4410 **CCK2 Equivalent:** N/A\
4411 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4412
4413 #### Windows (GPO)
4414 ```
4415 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4416 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4417
4418 ```
4419 #### Windows (Intune)
4420 OMA-URI:
4421 ```
4422 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4423 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4424 ```
4425 Value (string):
4426 ```
4427 <enabled/> or <disabled/>
4428 ```
4429 #### macOS
4430 ```
4431 <dict>
4432 <key>PictureInPicture</key>
4433 <dict>
4434 <key>Enabled</key>
4435 <true/> | <false/>
4436 <key>Locked</key>
4437 <true/> | <false/>
4438 </dict>
4439 </dict>
4440 ```
4441 #### policies.json
4442 ```
4443 {
4444 "policies": {
4445 "PictureInPicture": {
4446 "Enabled": true | false,
4447 "Locked": true | false
4448 }
4449 }
4450 }
4451 ```
4452 ### PopupBlocking
4453 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4454
4455 `Allow` is a list of origins where popup-windows are allowed.
4456
4457 `Default` determines whether or not pop-up windows are allowed by default.
4458
4459 `Locked` prevents the user from changing pop-up preferences.
4460
4461 **Compatibility:** Firefox 60, Firefox ESR 60\
4462 **CCK2 Equivalent:** `permissions.popup`\
4463 **Preferences Affected:** `dom.disable_open_during_load`
4464
4465 #### Windows (GPO)
4466 ```
4467 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4468 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4469 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4470 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4471 ```
4472 #### Windows (Intune)
4473 OMA-URI:
4474 ```
4475 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4476 ```
4477 Value (string):
4478 ```
4479 <enabled/>
4480 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4481 ```
4482 OMA-URI:
4483 ```
4484 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4485 ```
4486 Value (string):
4487 ```
4488 <enabled/> or <disabled/>
4489 ```
4490 OMA-URI:
4491 ```
4492 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4493 ```
4494 Value (string):
4495 ```
4496 <enabled/> or <disabled/>
4497 ```
4498 #### macOS
4499 ```
4500 <dict>
4501 <key>PopupBlocking</key>
4502 <dict>
4503 <key>Allow</key>
4504 <array>
4505 <string>http://example.org</string>
4506 <string>http://example.edu</string>
4507 </array>
4508 <key>Default</key>
4509 <true/> | <false/>
4510 <key>Locked</key>
4511 <true/> | <false/>
4512 </dict>
4513 </dict>
4514 ```
4515 #### policies.json
4516 ```
4517 {
4518 "policies": {
4519 "PopupBlocking": {
4520 "Allow": ["http://example.org/",
4521 "http://example.edu/"],
4522 "Default": true | false,
4523 "Locked": true | false
4524 }
4525 }
4526 }
4527 ```
4528 ### Preferences
4529 Set and lock preferences.
4530
4531 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section in group policy.
4532
4533 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4534
4535 Preferences that start with the following prefixes are supported:
4536 ```
4537 accessibility.
4538 app.update.* (Firefox 86, Firefox 78.8)
4539 browser.
4540 datareporting.policy.
4541 dom.
4542 extensions.
4543 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4544 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4545 geo.
4546 gfx.
4547 intl.
4548 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4549 layers.
4550 layout.
4551 media.
4552 network.
4553 pdfjs. (Firefox 84, Firefox ESR 78.6)
4554 places.
4555 print.
4556 signon. (Firefox 83, Firefox ESR 78.5)
4557 spellchecker. (Firefox 84, Firefox ESR 78.6)
4558 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4559 ui.
4560 widget.
4561 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4562 ```
4563 as well as the following security preferences:
4564
4565 | Preference | Type | Default
4566 | --- | --- | --- |
4567 | security.default_personal_cert | string | Ask Every Time
4568 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4569 | security.insecure_connection_text.enabled | bool | false
4570 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4571 | security.insecure_connection_text.pbmode.enabled | bool | false
4572 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4573 | security.mixed_content.block_active_content | boolean | true
4574 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4575 | security.osclientcerts.autoload | boolean | false
4576 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4577 | security.OCSP.enabled | integer | 1
4578 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
4579 | security.OCSP.require | boolean | false
4580 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4581 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4582 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
4583 | security.ssl.enable_ocsp_stapling | boolean | true
4584 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4585 | security.ssl.errorReporting.enabled | boolean | true
4586 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4587 | security.tls.enable_0rtt_data | boolean | true
4588 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
4589 | security.tls.hello_downgrade_check | boolean | true
4590 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4591 | security.tls.version.enable-deprecated | boolean | false
4592 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
4593 | security.warn_submit_secure_to_insecure | boolean | true
4594 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4595
4596 Using the preference as the key, set the `Value` to the corresponding preference value.
4597
4598 `Status` can be "default", "locked", "user" or "clear"
4599
4600 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4601 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4602 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4603 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4604
4605 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4606
4607 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4608
4609 See the examples below for more detail.
4610
4611 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4612
4613 Status
4614 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4615 **CCK2 Equivalent:** `preferences`\
4616 **Preferences Affected:** Many
4617
4618 #### Windows (GPO)
4619 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4620 ```
4621 {
4622 "accessibility.force_disabled": {
4623 "Value": 1,
4624 "Status": "default"
4625 },
4626 "browser.cache.disk.parent_directory": {
4627 "Value": "SOME_NATIVE_PATH",
4628 "Status": "user"
4629 },
4630 "browser.tabs.warnOnClose": {
4631 "Value": false,
4632 "Status": "locked"
4633 }
4634 }
4635 ```
4636 #### Windows (Intune)
4637 OMA-URI:
4638 ```
4639 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4640 ```
4641 Value (string):
4642 ```
4643 <enabled/>
4644 <data id="JSON" value='
4645 {
4646 "accessibility.force_disabled": {
4647 "Value": 1,
4648 "Status": "default"
4649 },
4650 "browser.cache.disk.parent_directory": {
4651 "Value": "SOME_NATIVE_PATH",
4652 "Status": "user"
4653 },
4654 "browser.tabs.warnOnClose": {
4655 "Value": false,
4656 "Status": "locked"
4657 }
4658 }'/>
4659 ```
4660 #### macOS
4661 ```
4662 <dict>
4663 <key>Preferences</key>
4664 <dict>
4665 <key>accessibility.force_disabled</key>
4666 <dict>
4667 <key>Value</key>
4668 <integer>1</integer>
4669 <key>Status</key>
4670 <string>default</string>
4671 </dict>
4672 <key>browser.cache.disk.parent_directory</key>
4673 <dict>
4674 <key>Value</key>
4675 <string>SOME_NATIVE_PATH</string>
4676 <key>Status</key>
4677 <string>user</string>
4678 </dict>
4679 <key>browser.tabs.warnOnClose</key>
4680 <dict>
4681 <key>Value</key>
4682 <false/>
4683 <key>Status</key>
4684 <string>locked</string>
4685 </dict>
4686 </dict>
4687 </dict>
4688 ```
4689 #### policies.json
4690 ```
4691 {
4692 "policies": {
4693 "Preferences": {
4694 "accessibility.force_disabled": {
4695 "Value": 1,
4696 "Status": "default"
4697 },
4698 "browser.cache.disk.parent_directory": {
4699 "Value": "SOME_NATIVE_PATH",
4700 "Status": "user"
4701 },
4702 "browser.tabs.warnOnClose": {
4703 "Value": false,
4704 "Status": "locked"
4705 }
4706 }
4707 }
4708 }
4709 ```
4710 ### PrimaryPassword
4711 Require or prevent using a primary (formerly master) password.
4712
4713 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4714
4715 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4716
4717 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4718 **CCK2 Equivalent:** `noMasterPassword`\
4719 **Preferences Affected:** N/A
4720
4721 #### Windows (GPO)
4722 ```
4723 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4724 ```
4725 #### Windows (Intune)
4726 OMA-URI:
4727 ```
4728 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4729 ```
4730 Value (string):
4731 ```
4732 <enabled/> or <disabled/>
4733 ```
4734 #### macOS
4735 ```
4736 <dict>
4737 <key>PrimaryPassword</key>
4738 <true/> | <false/>
4739 </dict>
4740 ```
4741 #### policies.json
4742 ```
4743 {
4744 "policies": {
4745 "PrimaryPassword": true | false
4746 }
4747 }
4748 ```
4749 ### PromptForDownloadLocation
4750 Ask where to save each file before downloading.
4751
4752 **Compatibility:** Firefox 68, Firefox ESR 68\
4753 **CCK2 Equivalent:** N/A\
4754 **Preferences Affected:** `browser.download.useDownloadDir`
4755
4756 #### Windows (GPO)
4757 ```
4758 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4759 ```
4760 #### Windows (Intune)
4761 OMA-URI:
4762 ```
4763 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4764 ```
4765 Value (string):
4766 ```
4767 <enabled/> or <disabled/>
4768 ```
4769 #### macOS
4770 ```
4771 <dict>
4772 <key>PromptForDownloadLocation</key>
4773 <true/> | <false/>
4774 </dict>
4775 ```
4776 #### policies.json
4777 ```
4778 {
4779 "policies": {
4780 "PromptForDownloadLocation": true | false
4781 }
4782 }
4783 ```
4784 ### Proxy
4785 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
4786 To specify ports, append them to the hostnames with a colon (:).
4787
4788 Unless you lock this policy, changes the user already has in place will take effect.
4789
4790 `Mode` is the proxy method being used.
4791
4792 `Locked` is whether or not proxy settings can be changed.
4793
4794 `HTTPProxy` is the HTTP proxy server.
4795
4796 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
4797
4798 `SSLProxy` is the SSL proxy server.
4799
4800 `FTPProxy` is the FTP proxy server.
4801
4802 `SOCKSProxy` is the SOCKS proxy server
4803
4804 `SOCKSVersion` is the SOCKS version (4 or 5)
4805
4806 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
4807
4808 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
4809
4810 `AutoLogin` means do not prompt for authentication if password is saved.
4811
4812 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
4813
4814 **Compatibility:** Firefox 60, Firefox ESR 60\
4815 **CCK2 Equivalent:** `networkProxy*`\
4816 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
4817
4818 #### Windows (GPO)
4819 ```
4820 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
4821 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
4822 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
4823 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
4824 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
4825 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
4826 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
4827 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
4828 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
4829 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
4830 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
4831 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
4832 ```
4833 #### Windows (Intune)
4834 **Note**
4835 These setttings were moved to a category to make them easier to configure via Intune.
4836
4837 OMA-URI:
4838 ```
4839 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
4840 ```
4841 Value (string):
4842 ```
4843 <enabled/> or <disabled/>
4844 ```
4845 OMA-URI:
4846 ```
4847 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
4848 ```
4849 Value (string):
4850 ```
4851 <enabled/>
4852 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4853 ```
4854 OMA-URI:
4855 ```
4856 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
4857 ```
4858 Value (string):
4859 ```
4860 <enabled/>
4861 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
4862 ```
4863 OMA-URI:
4864 ```
4865 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
4866 ```
4867 Value (string):
4868 ```
4869 <enabled/> or <disabled/>
4870 ```
4871 OMA-URI:
4872 ```
4873 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
4874 ```
4875 Value (string):
4876 ```
4877 <enabled/>
4878 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
4879 ```
4880 OMA-URI:
4881 ```
4882 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
4883 ```
4884 Value (string):
4885 ```
4886 <enabled/>
4887 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
4888 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
4889 ```
4890 OMA-URI:
4891 ```
4892 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
4893 ```
4894 Value (string):
4895 ```
4896 <enabled/>
4897 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4898 ```
4899 OMA-URI:
4900 ```
4901 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
4902 ```
4903 Value (string):
4904 ```
4905 <enabled/>
4906 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
4907 ```
4908 OMA-URI:
4909 ```
4910 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
4911 ```
4912 Value (string):
4913 ```
4914 <enabled/> or <disabled/>
4915 ```
4916 OMA-URI:
4917 ```
4918 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
4919 ```
4920 Value (string):
4921 ```
4922 <enabled/> or <disabled/>
4923 ```
4924 OMA-URI (Old way):
4925 ```
4926 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
4927 ```
4928 Value (string):
4929 ```
4930 <enabled/>
4931 <data id="ProxyLocked" value="true | false"/>
4932 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4933 <data id="HTTPProxy" value="httpproxy.example.com"/>
4934 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
4935 <data id="SSLProxy" value="sslproxy.example.com"/>
4936 <data id="FTPProxy" value="ftpproxy.example.com"/>
4937 <data id="SOCKSProxy" value="socksproxy.example.com"/>
4938 <data id="SOCKSVersion" value="4 | 5"/>
4939 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4940 <data id="Passthrough" value="<local>"/>
4941 <data id="AutoLogin" value="true | false"/>
4942 <data id="UseProxyForDNS" value="true | false"/>
4943 ```
4944 #### macOS
4945 ```
4946 <dict>
4947 <key>Proxy</key>
4948 <dict>
4949 <key>Mode</key>
4950 <string>none | system | manual | autoDetect | autoConfig</string>
4951 <key>Locked</key>
4952 <true> | </false>
4953 <key>HTTPProxy</key>
4954 <string>https://httpproxy.example.com</string>
4955 <key>UseHTTPProxyForAllProtocols</key>
4956 <true> | </false>
4957 <key>SSLProxy</key>
4958 <string>https://sslproxy.example.com</string>
4959 <key>FTPProxy</key>
4960 <string>https://ftpproxy.example.com</string>
4961 <key>SOCKSProxy</key>
4962 <string>https://socksproxy.example.com</string>
4963 <key>SOCKSVersion</key>
4964 <string>4 | 5</string>
4965 <key>Passthrough</key>
4966 <string>&lt;local>&gt;</string>
4967 <key>AutoConfigURL</key>
4968 <string>URL_TO_AUTOCONFIG</string>
4969 <key>AutoLogin</key>
4970 <true> | </false>
4971 <key>UseProxyForDNS</key>
4972 <true> | </false>
4973 </dict>
4974 </dict>
4975 ```
4976 #### policies.json
4977 ```
4978 {
4979 "policies": {
4980 "Proxy": {
4981 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
4982 "Locked": true | false,
4983 "HTTPProxy": "hostname",
4984 "UseHTTPProxyForAllProtocols": true | false,
4985 "SSLProxy": "hostname",
4986 "FTPProxy": "hostname",
4987 "SOCKSProxy": "hostname",
4988 "SOCKSVersion": 4 | 5,
4989 "Passthrough": "<local>",
4990 "AutoConfigURL": "URL_TO_AUTOCONFIG",
4991 "AutoLogin": true | false,
4992 "UseProxyForDNS": true | false
4993 }
4994 }
4995 }
4996 ```
4997 ### RequestedLocales
4998 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
4999
5000 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5001
5002 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5003 **CCK2 Equivalent:** N/A\
5004 **Preferences Affected:** N/A
5005 #### Windows (GPO)
5006 ```
5007 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5008 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5009
5010 or
5011
5012 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5013 ```
5014 #### Windows (Intune)
5015 OMA-URI:
5016 ```
5017 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5018 ```
5019 Value (string):
5020 ```
5021 <enabled/>
5022 <data id="Preferences_String" value="de,en-US"/>
5023 ```
5024 #### macOS
5025 ```
5026 <dict>
5027 <key>RequestedLocales</key>
5028 <array>
5029 <string>de</string>
5030 <string>en-US</string>
5031 </array>
5032 </dict>
5033
5034 or
5035
5036 <dict>
5037 <key>RequestedLocales</key>
5038 <string>de,en-US</string>
5039 </dict>
5040
5041 ```
5042 #### policies.json
5043 ```
5044 {
5045 "policies": {
5046 "RequestedLocales": ["de", "en-US"]
5047 }
5048 }
5049
5050 or
5051
5052 {
5053 "policies": {
5054 "RequestedLocales": "de,en-US"
5055 }
5056 }
5057 ```
5058 <a name="SanitizeOnShutdown"></a>
5059
5060 ### SanitizeOnShutdown (Selective)
5061 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5062
5063 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5064
5065 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5066 **CCK2 Equivalent:** N/A\
5067 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5068 #### Windows (GPO)
5069 ```
5070 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5071 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5072 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5073 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5074 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5075 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5076 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5077 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5078 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5079 ```
5080 #### Windows (Intune)
5081 OMA-URI:
5082 ```
5083 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5084 ```
5085 Value (string):
5086 ```
5087 <enabled/> or <disabled/>
5088 ```
5089 OMA-URI:
5090 ```
5091 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5092 ```
5093 Value (string):
5094 ```
5095 <enabled/> or <disabled/>
5096 ```
5097 OMA-URI:
5098 ```
5099 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5100 ```
5101 Value (string):
5102 ```
5103 <enabled/> or <disabled/>
5104 ```
5105 OMA-URI:
5106 ```
5107 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5108 ```
5109 Value (string):
5110 ```
5111 <enabled/> or <disabled/>
5112 ```
5113 OMA-URI:
5114 ```
5115 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5116 ```
5117 Value (string):
5118 ```
5119 <enabled/> or <disabled/>
5120 ```
5121 OMA-URI:
5122 ```
5123 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5124 ```
5125 Value (string):
5126 ```
5127 <enabled/> or <disabled/>
5128 ```
5129 OMA-URI:
5130 ```
5131 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5132 ```
5133 Value (string):
5134 ```
5135 <enabled/> or <disabled/>
5136 ```
5137 OMA-URI:
5138 ```
5139 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5140 ```
5141 Value (string):
5142 ```
5143 <enabled/> or <disabled/>
5144 ```
5145 OMA-URI:
5146 ```
5147 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5148 ```
5149 Value (string):
5150 ```
5151 <enabled/> or <disabled/>
5152 ```
5153 #### macOS
5154 ```
5155 <dict>
5156 <key>SanitizeOnShutdown</key>
5157 <dict>
5158 <key>Cache</key>
5159 <true/> | <false/>
5160 <key>Cookies</key>
5161 <true/> | <false/>
5162 <key>Downloads</key>
5163 <true/> | <false/>
5164 <key>FormData</key>
5165 <true/> | <false/>
5166 <key>History</key>
5167 <true/> | <false/>
5168 <key>Sessions</key>
5169 <true/> | <false/>
5170 <key>SiteSettings</key>
5171 <true/> | <false/>
5172 <key>OfflineApps</key>
5173 <true/> | <false/>
5174 <key>Locked</key>
5175 <true/> | <false/>
5176 </dict>
5177 </dict>
5178 ```
5179 #### policies.json
5180 ```
5181 {
5182 "policies": {
5183 "SanitizeOnShutdown": {
5184 "Cache": true | false,
5185 "Cookies": true | false,
5186 "Downloads": true | false,
5187 "FormData": true | false,
5188 "History": true | false,
5189 "Sessions": true | false,
5190 "SiteSettings": true | false,
5191 "OfflineApps": true | false,
5192 "Locked": true | false
5193 }
5194 }
5195 }
5196 ```
5197 ### SanitizeOnShutdown (All)
5198 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5199
5200 **Compatibility:** Firefox 60, Firefox ESR 60\
5201 **CCK2 Equivalent:** N/A\
5202 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5203 #### Windows (GPO)
5204 ```
5205 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5206 ```
5207 #### Windows (Intune)
5208 OMA-URI:
5209 ```
5210 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5211 ```
5212 Value (string):
5213 ```
5214 <enabled/> or <disabled/>
5215 ```
5216 #### macOS
5217 ```
5218 <dict>
5219 <key>SanitizeOnShutdown</key>
5220 <true/> | <false/>
5221 </dict>
5222 ```
5223 #### policies.json
5224 ```
5225 {
5226 "policies": {
5227 "SanitizeOnShutdown": true | false
5228 }
5229 }
5230 ```
5231 ### SearchBar
5232 Set whether or not search bar is displayed.
5233
5234 **Compatibility:** Firefox 60, Firefox ESR 60\
5235 **CCK2 Equivalent:** `showSearchBar`\
5236 **Preferences Affected:** N/A
5237
5238 #### Windows (GPO)
5239 ```
5240 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5241 ```
5242
5243 #### Windows (Intune)
5244 OMA-URI:
5245 ```
5246 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5247 ```
5248 Value (string):
5249 ```
5250 <enabled/>
5251 <data id="SearchBar" value="unified | separate"/>
5252 ```
5253 #### macOS
5254 ```
5255 <dict>
5256 <key>SearchBar</key>
5257 <string>unified | separate</string>
5258 </dict>
5259 ```
5260 #### policies.json
5261 ```
5262 {
5263 "policies": {
5264 "SearchBar": "unified" | "separate"
5265 }
5266 }
5267 ```
5268 <a name="SearchEngines"></a>
5269
5270 ### SearchEngines (This policy is only available on the ESR.)
5271
5272 ### SearchEngines | Add
5273
5274 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5275
5276 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5277
5278 `Name` is the name of the search engine.
5279
5280 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5281
5282 `Method` is either GET or POST
5283
5284 `IconURL` is a URL for the icon to use.
5285
5286 `Alias` is a keyword to use for the engine.
5287
5288 `Description` is a description of the search engine.
5289
5290 `PostData` is the POST data as name value pairs separated by &.
5291
5292 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5293
5294 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5295
5296 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5297 **CCK2 Equivalent:** `searchplugins`\
5298 **Preferences Affected:** N/A
5299
5300 #### Windows (GPO)
5301 ```
5302 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5303 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5304 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5305 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5306 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5307 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5308 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5309 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5310 ```
5311 #### Windows (Intune)
5312 OMA-URI:
5313 ```
5314 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5315 ```
5316 Value (string):
5317 ```
5318 <enabled/>
5319 <data id="SearchEngine_Name" value="Example1"/>
5320 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5321 <data id="SearchEngine_Method" value="GET | POST"/>
5322 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5323 <data id="SearchEngine_Alias" value="example"/>
5324 <data id="SearchEngine_Description" value="Example Description"/>
5325 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5326 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5327 ```
5328 #### macOS
5329 ```
5330 <dict>
5331 <key>SearchEngines</key>
5332 <dict>
5333 <key>Add</key>
5334 <array>
5335 <dict>
5336 <key>Name</key>
5337 <string>Example1</string>
5338 <key>URLTemplate</key>
5339 <string>https://www.example.org/q={searchTerms}</string>
5340 <key>Method</key>
5341 <string>GET | POST </string>
5342 <key>IconURL</key>
5343 <string>https://www.example.org/favicon.ico</string>
5344 <key>Alias</key>
5345 <string>example</string>
5346 <key>Description</key>
5347 <string>Example Description</string>
5348 <key>SuggestURLTemplate</key>
5349 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5350 <key>PostData</key>
5351 <string>name=value&q={searchTerms}</string>
5352 </dict>
5353 <array>
5354 </dict>
5355 </dict>
5356 ```
5357 #### policies.json
5358 ```
5359 {
5360 "policies": {
5361 "SearchEngines": {
5362 "Add": [
5363 {
5364 "Name": "Example1",
5365 "URLTemplate": "https://www.example.org/q={searchTerms}",
5366 "Method": "GET" | "POST",
5367 "IconURL": "https://www.example.org/favicon.ico",
5368 "Alias": "example",
5369 "Description": "Description",
5370 "PostData": "name=value&q={searchTerms}",
5371 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5372 }
5373 ]
5374 }
5375 }
5376 }
5377 ```
5378 ### SearchEngines | Default
5379
5380 Set the default search engine. This policy is only available on the ESR.
5381
5382 **Compatibility:** Firefox ESR 60\
5383 **CCK2 Equivalent:** `defaultSearchEngine`\
5384 **Preferences Affected:** N/A
5385
5386 #### Windows (GPO)
5387 ```
5388 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5389 ```
5390 #### Windows (Intune)
5391 OMA-URI:
5392 ```
5393 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5394 ```
5395 Value (string):
5396 ```
5397 <enabled/>
5398 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5399 ```
5400 #### macOS
5401 ```
5402 <dict>
5403 <key>SearchEngines</key>
5404 <dict>
5405 <key>Default</key>
5406 <string>NAME_OF_SEARCH_ENGINE</string>
5407 </dict>
5408 </dict>
5409 ```
5410 #### policies.json
5411 ```
5412 {
5413 "policies": {
5414 "SearchEngines": {
5415 "Default": "NAME_OF_SEARCH_ENGINE"
5416 }
5417 }
5418 }
5419 ```
5420 ### SearchEngines | PreventInstalls
5421
5422 Prevent installing search engines from webpages.
5423
5424 **Compatibility:** Firefox ESR 60\
5425 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5426 **Preferences Affected:** N/A
5427
5428 #### Windows (GPO)
5429 ```
5430 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5431 ```
5432 #### Windows (Intune)
5433 OMA-URI:
5434 ```
5435 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5436 ```
5437 Value (string):
5438 ```
5439 <enabled/> or <disabled/>
5440 ```
5441 #### macOS
5442 ```
5443 <dict>
5444 <key>SearchEngines</key>
5445 <dict>
5446 <key>PreventInstalls</key>
5447 <true/> | <false/>
5448 </dict>
5449 </dict>
5450 ```
5451 #### policies.json
5452 ```
5453 {
5454 "policies": {
5455 "SearchEngines": {
5456 "PreventInstalls": true | false
5457 }
5458 }
5459 }
5460 ```
5461 ### SearchEngines | Remove
5462
5463 Hide built-in search engines. This policy is only available on the ESR.
5464
5465 **Compatibility:** Firefox ESR 60.2\
5466 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5467 **Preferences Affected:** N/A
5468
5469 #### Windows (GPO)
5470 ```
5471 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5472 ```
5473 #### Windows (Intune)
5474 OMA-URI:
5475 ```
5476 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5477 ```
5478 Value (string):
5479 ```
5480 <enabled/>
5481 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5482 ```
5483 #### macOS
5484 ```
5485 <dict>
5486 <key>SearchEngines</key>
5487 <dict>
5488 <key>Remove</key>
5489 <array>
5490 <string>NAME_OF_SEARCH_ENGINE</string>
5491 </array>
5492 </dict>
5493 </dict>
5494 ```
5495 #### policies.json
5496 ```
5497 {
5498 "policies": {
5499 "SearchEngines": {
5500 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5501 }
5502 }
5503 }
5504 ```
5505 ### SearchSuggestEnabled
5506
5507 Enable search suggestions.
5508
5509 **Compatibility:** Firefox 68, Firefox ESR 68\
5510 **CCK2 Equivalent:** N/A\
5511 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5512
5513 #### Windows (GPO)
5514 ```
5515 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5516 ```
5517 #### Windows (Intune)
5518 OMA-URI:
5519 ```
5520 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5521 ```
5522 Value (string):
5523 ```
5524 <enabled/> or <disabled/>
5525 ```
5526 #### macOS
5527 ```
5528 <dict>
5529 <key>SearchSuggestEnabled</key>
5530 <true/> | <false/>
5531 </dict>
5532 ```
5533 #### policies.json
5534 ```
5535 {
5536 "policies": {
5537 "SearchSuggestEnabled": true | false
5538 }
5539 }
5540 ```
5541 ### SecurityDevices
5542
5543 Add or delete PKCS #11 modules.
5544
5545 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5546 **CCK2 Equivalent:** N/A\
5547 **Preferences Affected:** N/A
5548
5549 #### Windows (GPO)
5550 ```
5551 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5552 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5553 ```
5554 #### Windows (Intune)
5555 OMA-URI:
5556 ```
5557 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5558 ```
5559 Value (string):
5560 ```
5561 <enabled/>
5562 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5563 ```
5564 OMA-URI:
5565 ```
5566 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5567 ```
5568 Value (string):
5569 ```
5570 <enabled/>
5571 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5572 ```
5573 #### macOS
5574 ```
5575 <dict>
5576 <key>SecurityDevices</key>
5577 <dict>
5578 <key>Add<key>
5579 <dict>
5580 <key>NAME_OF_DEVICE_TO_ADD</key>
5581 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5582 </dict>
5583 <key>Delete</add>
5584 <array>
5585 <string>NAME_OF_DEVICE_TO_DELETE</string>
5586 </array>
5587 </dict>
5588 </dict>
5589 ```
5590 #### policies.json
5591 ```
5592 {
5593 "policies": {
5594 "SecurityDevices": {
5595 "Add": {
5596 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5597 },
5598 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5599 }
5600 }
5601 }
5602 ```
5603 ### SecurityDevices (Deprecated)
5604
5605 Install PKCS #11 modules.
5606
5607 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5608 **CCK2 Equivalent:** `certs.devices`\
5609 **Preferences Affected:** N/A
5610
5611 #### Windows (GPO)
5612 ```
5613 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5614 ```
5615 #### Windows (Intune)
5616 OMA-URI:
5617 ```
5618 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5619 ```
5620 Value (string):
5621 ```
5622 <enabled/>
5623 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5624 ```
5625 #### macOS
5626 ```
5627 <dict>
5628 <key>SecurityDevices</key>
5629 <dict>
5630 <key>NAME_OF_DEVICE</key>
5631 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5632 </dict>
5633 </dict>
5634 ```
5635 #### policies.json
5636 ```
5637 {
5638 "policies": {
5639 "SecurityDevices": {
5640 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5641 }
5642 }
5643 }
5644 ```
5645 ### ShowHomeButton
5646 Show the home button on the toolbar.
5647
5648 Future versions of Firefox will not show the home button by default.
5649
5650 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5651 **CCK2 Equivalent:** N/A\
5652 **Preferences Affected:** N/A
5653
5654 #### Windows (GPO)
5655 ```
5656 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5657 ```
5658 #### Windows (Intune)
5659 OMA-URI:
5660 ```
5661 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5662 ```
5663 Value (string):
5664 ```
5665 <enabled/> or <disabled/>
5666 ```
5667 #### macOS
5668 ```
5669 <dict>
5670 <key>ShowHomeButton</key>
5671 <true/> | <false/>
5672 </dict>
5673 ```
5674 #### policies.json
5675 ```
5676 {
5677 "policies": {
5678 "ShowHomeButton": true | false
5679 }
5680 }
5681 ```
5682 ### SSLVersionMax
5683
5684 Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
5685
5686 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5687 **CCK2 Equivalent:** N/A\
5688 **Preferences Affected:** `security.tls.version.max`
5689
5690 #### Windows (GPO)
5691 ```
5692 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5693 ```
5694 #### Windows (Intune)
5695 OMA-URI:
5696 ```
5697 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5698 ```
5699 Value (string):
5700 ```
5701 <enabled/>
5702 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5703 ```
5704 #### macOS
5705 ```
5706 <dict>
5707 <key>SSLVersionMax</key>
5708 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5709 </dict>
5710 ```
5711
5712 #### policies.json
5713 ```
5714 {
5715 "policies": {
5716 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5717 }
5718 }
5719 ```
5720 ### SSLVersionMin
5721
5722 Set and lock the minimum version of TLS. (Firefox defaults to a minimum of TLS 1.2.)
5723
5724 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5725 **CCK2 Equivalent:** N/A\
5726 **Preferences Affected:** `security.tls.version.min`
5727
5728 #### Windows (GPO)
5729 ```
5730 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5731 ```
5732 #### Windows (Intune)
5733 OMA-URI:
5734 ```
5735 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5736 ```
5737 Value (string):
5738 ```
5739 <enabled/>
5740 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5741 ```
5742 #### macOS
5743 ```
5744 <dict>
5745 <key>SSLVersionMin</key>
5746 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5747 </dict>
5748 ```
5749
5750 #### policies.json
5751 ```
5752 {
5753 "policies": {
5754 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5755 }
5756 }
5757 ```
5758 ### SupportMenu
5759 Add a menuitem to the help menu for specifying support information.
5760
5761 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5762 **CCK2 Equivalent:** helpMenu\
5763 **Preferences Affected:** N/A
5764
5765 #### Windows (GPO)
5766 ```
5767 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5768 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5769 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5770 ```
5771 #### Windows (Intune)
5772 OMA-URI:
5773 ```
5774 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5775 ```
5776 Value (string):
5777 ```
5778 <enabled/>
5779 <data id="SupportMenuTitle" value="Support Menu"/>
5780 <data id="SupportMenuURL" value="http://example.com/support"/>
5781 <data id="SupportMenuAccessKey" value="S"/>
5782 ```
5783 #### macOS
5784 ```
5785 <dict>
5786 <key>SupportMenu</key>
5787 <dict>
5788 <key>Title</key>
5789 <string>SupportMenu</string>
5790 <key>URL</key>
5791 <string>http://example.com/support</string>
5792 <key>AccessKey</key>
5793 <string>S</string>
5794 </dict>
5795 </dict>
5796 ```
5797 #### policies.json
5798 ```
5799 {
5800 "policies": {
5801 "SupportMenu": {
5802 "Title": "Support Menu",
5803 "URL": "http://example.com/support",
5804 "AccessKey": "S"
5805 }
5806 }
5807 }
5808 ```
5809 ### StartDownloadsInTempDirectory
5810 Force downloads to start off in a local, temporary location rather than the default download directory.
5811
5812 **Compatibility:** Firefox 102\
5813 **CCK2 Equivalent:** N/A\
5814 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
5815
5816 #### Windows (GPO)
5817 ```
5818 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
5819 ```
5820 #### Windows (Intune)
5821 OMA-URI:
5822 ```
5823 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
5824 ```
5825 Value (string):
5826 ```
5827 <enabled/> or <disabled/>
5828 ```
5829 #### macOS
5830 ```
5831 <dict>
5832 <key>StartDownloadsInTempDirectory</key>
5833 <true/> | <false/>
5834 </dict>
5835 ```
5836 #### policies.json
5837 ```
5838 {
5839 "policies": {
5840 "StartDownloadsInTempDirectory": true | false
5841 }
5842 ```
5843 ### UserMessaging
5844
5845 Prevent Firefox from messaging the user in certain situations.
5846
5847 `WhatsNew` Remove the "What's New" icon and menuitem.
5848
5849 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
5850
5851 `FeatureRecommendations` If false, don't recommend browser features.
5852
5853 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
5854
5855 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
5856
5857 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
5858
5859 `Locked` prevents the user from changing user messaging preferences.
5860
5861 **Compatibility:** Firefox 75, Firefox ESR 68.7\
5862 **CCK2 Equivalent:** N/A\
5863 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
5864
5865 #### Windows (GPO)
5866 ```
5867 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
5868 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
5869 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
5870 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
5871 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
5872 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
5873 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
5874 ```
5875 #### Windows (Intune)
5876 OMA-URI:
5877 ```
5878 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
5879 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
5880 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
5881 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
5882 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
5883 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
5884 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
5885 ```
5886 Value (string):
5887 ```
5888 <enabled/> or <disabled/>
5889 ```
5890 #### macOS
5891 ```
5892 <dict>
5893 <key>UserMessaging</key>
5894 <dict>
5895 <key>WhatsNew</key>
5896 <true/> | <false/>
5897 <key>ExtensionRecommendations</key>
5898 <true/> | <false/>
5899 <key>FeatureRecommendations</key>
5900 <true/> | <false/>
5901 <key>UrlbarInterventions</key>
5902 <true/> | <false/>
5903 <key>SkipOnboarding</key>
5904 <true/> | <false/>
5905 <key>MoreFromMozilla</key>
5906 <true/> | <false/>
5907 <key>Locked</key>
5908 <true/> | <false/>
5909 </dict>
5910 </dict>
5911 ```
5912 #### policies.json
5913 ```
5914 {
5915 "policies": {
5916 "UserMessaging": {
5917 "WhatsNew": true | false,
5918 "ExtensionRecommendations": true | false,
5919 "FeatureRecommendations": true | false,
5920 "UrlbarInterventions": true | false,
5921 "SkipOnboarding": true | false,
5922 "MoreFromMozilla": true | false,
5923 "Locked": true | false
5924 }
5925 }
5926 }
5927 ```
5928 ### UseSystemPrintDialog
5929 Use the system print dialog instead of the print preview window.
5930
5931 **Compatibility:** Firefox 102\
5932 **CCK2 Equivalent:** N/A\
5933 **Preferences Affected:** `print.prefer_system_dialog`
5934
5935 #### Windows (GPO)
5936 ```
5937 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
5938 ```
5939 #### Windows (Intune)
5940 OMA-URI:
5941 ```
5942 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
5943 ```
5944 Value (string):
5945 ```
5946 <enabled/> or <disabled/>
5947 ```
5948 #### macOS
5949 ```
5950 <dict>
5951 <key>UseSystemPrintDialog</key>
5952 <true/> | <false/>
5953 </dict>
5954 ```
5955 #### policies.json
5956 ```
5957 {
5958 "policies": {
5959 "UseSystemPrintDialog": true | false
5960 }
5961 }
5962 ```
5963 ### WebsiteFilter
5964 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
5965 The arrays are limited to 1000 entries each.
5966
5967 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
5968
5969 For specific protocols, use `https://*/*` or `http://*/*`.
5970
5971 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
5972
5973 **Compatibility:** Firefox 60, Firefox ESR 60\
5974 **CCK2 Equivalent:** N/A\
5975 **Preferences Affected:** N/A
5976
5977 #### Windows (GPO)
5978 ```
5979 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
5980 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
5981 ```
5982 #### Windows (Intune)
5983 OMA-URI:
5984 ```
5985 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
5986 ```
5987 Value (string):
5988 ```
5989 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
5990 ```
5991 OMA-URI:
5992 ```
5993 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
5994 ```
5995 Value (string):
5996 ```
5997 <enabled/>
5998 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
5999 ```
6000 #### macOS
6001 ```
6002 <dict>
6003 <key>WebsiteFilter</key>
6004 <dict>
6005 <key>Block</key>
6006 <array>
6007 <string><all_urls></string>
6008 </array>
6009 <key>Exceptions</key>
6010 <array>
6011 <string>http://example.org/*</string>
6012 </array>
6013 </dict>
6014
6015 </dict>
6016 ```
6017 #### policies.json
6018 ```
6019 {
6020 "policies": {
6021 "WebsiteFilter": {
6022 "Block": ["<all_urls>"],
6023 "Exceptions": ["http://example.org/*"]
6024 }
6025 }
6026 }
6027 ```
6028 ### WindowsSSO
6029 Allow Windows single sign-on for Microsoft, work, and school accounts.
6030
6031 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6032
6033 **Compatibility:** Firefox 91\
6034 **CCK2 Equivalent:** N/A\
6035 **Preferences Affected:** `network.http.windows-sso.enabled`
6036
6037 #### Windows (GPO)
6038 ```
6039 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6040 ```
6041 #### Windows (Intune)
6042 OMA-URI:
6043 ```
6044 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6045 ```
6046 Value (string):
6047 ```
6048 <enabled/> or <disabled/>
6049 ```
6050 #### policies.json
6051 ```
6052 {
6053 "policies": {
6054 "WindowsSSO": true | false
6055 }
6056 }
6057 ```
6058

patrick-canterino.de