]> git.p6c8.net - policy-templates.git/blob - README.md
Add UserMessaging->Locked to documentation
[policy-templates.git] / README.md
1 **These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
2
3 **You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
4
5 Official policy documentation has been moved to https://mozilla.github.io/policy-templates/.
6
7 I'm maintaining things in the README.md until we can update links in Firefox.
8
9 Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
10
11 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
12
13 ```
14 {
15 "policies": {
16 "Authentication": {
17 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
18 }
19 "Authentication_Comment": "These domains are required for us"
20 }
21 }
22 ```
23
24 | Policy Name | Description
25 | --- | --- |
26 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
27 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
28 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
29 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
30 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
31 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
32 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
33 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
34 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
35 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
36 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
37 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
38 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
39 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
40 | **[`Certificates`](#certificates)** |
41 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
42 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
43 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
44 | **[`Cookies`](#cookies)** | Configure cookie preferences.
45 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
46 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
47 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
48 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
49 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
50 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
51 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
52 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
53 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
54 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
55 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
56 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
57 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
58 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
59 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
60 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
61 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
62 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
63 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
64 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
65 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
66 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
67 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
68 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
69 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
70 | **[`DisplayBookmarksToolbar (Deprecated)`](#displaybookmarkstoolbar-deprecated)** | Set the initial state of the bookmarks toolbar.
71 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
72 | **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
73 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
74 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
75 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
76 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
77 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
78 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
79 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
80 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
81 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
82 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
83 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
84 | **[`FlashPlugin (Deprecated)`](#flashplugin-deprecated)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
85 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
86 | **[`Handlers`](#handlers)** | Configure default application handlers.
87 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
88 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
89 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
90 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
91 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
92 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
93 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
94 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
95 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
96 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
97 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
98 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
99 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
100 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
101 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
102 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
103 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
104 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
105 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
106 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
107 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
108 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
109 | **[`Preferences`](#preferences)** | Set and lock preferences.
110 | **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
111 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
112 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
113 | **[`Proxy`](#proxy)** | Configure proxy settings.
114 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
115 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
116 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
117 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
118 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
119 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
120 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
121 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
122 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
123 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
124 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
125 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
126 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
127 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
128 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
129 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
130 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
131 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
132 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
133 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
134
135 ### 3rdparty
136
137 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
138
139 For GPO and Intune, the extension developer should provide an ADMX file.
140
141 **Compatibility:** Firefox 68\
142 **CCK2 Equivalent:** N/A\
143 **Preferences Affected:** N/A
144
145 #### macOS
146 ```
147 <dict>
148 <key>3rdparty</key>
149 <dict>
150 <key>Extensions</key>
151 <dict>
152 <key>uBlock0@raymondhill.net</key>
153 <dict>
154 <key>adminSettings</key>
155 <dict>
156 <key>selectedFilterLists</key>
157 <array>
158 <string>ublock-privacy</string>
159 <string>ublock-badware</string>
160 <string>ublock-filters</string>
161 <string>user-filters</string>
162 </array>
163 </dict>
164 </dict>
165 </dict>
166 </dict>
167 </dict>
168 ```
169 #### policies.json
170 ```
171 {
172 "policies": {
173 "3rdparty": {
174 "Extensions": {
175 "uBlock0@raymondhill.net": {
176 "adminSettings": {
177 "selectedFilterLists": [
178 "ublock-privacy",
179 "ublock-badware",
180 "ublock-filters",
181 "user-filters"
182 ]
183 }
184 }
185 }
186 }
187 }
188 }
189 ```
190
191 ### AllowedDomainsForApps
192
193 Define domains allowed to access Google Workspace.
194
195 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
196
197 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
198
199 **Compatibility:** Firefox 89, Firefox ESR 78.11\
200 **CCK2 Equivalent:** N/A\
201 **Preferences Affected:** N/A
202
203 #### Windows (GPO)
204 ```
205 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
206 ```
207 #### Windows (Intune)
208 OMA-URI:
209 ```
210 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
211 ```
212 Value (string):
213 ```
214 <enabled/>
215 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
216 ```
217 #### macOS
218 ```
219 <dict>
220 <key>AllowedDomainsForApps</key>
221 <string>managedfirefox.com,example.com</string>
222 </dict>
223 ```
224 #### policies.json
225 ```
226 {
227 "policies": {
228 "AllowedDomainsForApps": "managedfirefox.com,example.com"
229 }
230 }
231 ```
232 ### AppAutoUpdate
233
234 Enable or disable **automatic** application update.
235
236 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
237
238 If set to false, application updates are downloaded but the user can choose when to install the update.
239
240 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
241
242 **Compatibility:** Firefox 75, Firefox ESR 68.7\
243 **CCK2 Equivalent:** N/A\
244 **Preferences Affected:** `app.update.auto`
245
246 #### Windows (GPO)
247 ```
248 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
249 ```
250 #### Windows (Intune)
251 OMA-URI:
252 ```
253 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
254 ```
255 Value (string):
256 ```
257 <enabled/> or <disabled/>
258 ```
259 #### macOS
260 ```
261 <dict>
262 <key>AppAutoUpdate</key>
263 <true/> | <false/>
264 </dict>
265 ```
266 #### policies.json
267 ```
268 {
269 "policies": {
270 "AppAutoUpdate": true | false
271 }
272 }
273 ```
274 ### AppUpdatePin
275
276 Prevent Firefox from being updated beyond the specified version.
277
278 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
279
280 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
281
282 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
283
284 **Compatibility:** Firefox 102,\
285 **CCK2 Equivalent:** N/A\
286 **Preferences Affected:** N/A
287
288 #### Windows (GPO)
289 ```
290 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
291 ```
292 #### Windows (Intune)
293 OMA-URI:
294 ```
295 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
296 ```
297 Value (string):
298 ```
299 <enabled/>
300 <data id="AppUpdatePin" value="106."/>
301 ```
302 #### macOS
303 ```
304 <dict>
305 <key>AppUpdatePin</key>
306 <string>106.</string>
307 </dict>
308 ```
309 #### policies.json
310 ```
311 {
312 "policies": {
313 "AppUpdatePin": "106."
314 }
315 }
316 ```
317 ### AppUpdateURL
318
319 Change the URL for application update if you are providing Firefox updates from a custom update server.
320
321 **Compatibility:** Firefox 62, Firefox ESR 60.2\
322 **CCK2 Equivalent:** N/A\
323 **Preferences Affected:** `app.update.url`
324
325 #### Windows (GPO)
326 ```
327 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
328 ```
329 #### Windows (Intune)
330 OMA-URI:
331 ```
332 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
333 ```
334 Value (string):
335 ```
336 <enabled/>
337 <data id="AppUpdateURL" value="https://yoursite.com"/>
338 ```
339 #### macOS
340 ```
341 <dict>
342 <key>AppUpdateURL</key>
343 <string>https://yoursite.com</string>
344 </dict>
345 ```
346 #### policies.json
347 ```
348 {
349 "policies": {
350 "AppUpdateURL": "https://yoursite.com"
351 }
352 }
353 ```
354 ### Authentication
355
356 Configure sites that support integrated authentication.
357
358 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
359
360 `PrivateBrowsing` enables integrated authentication in private browsing.
361
362 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
363 **CCK2 Equivalent:** N/A\
364 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
365
366 #### Windows (GPO)
367 ```
368 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
369 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
370 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
371 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
372 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
373 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
374 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
375 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
376 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
377 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
378 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
379 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
380 ```
381 #### Windows (Intune)
382 OMA-URI:
383 ```
384 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
385 ```
386 Value (string):
387 ```
388 <enabled/>
389 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
390 ```
391 OMA-URI:
392 ```
393 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
394 ```
395 Value (string):
396 ```
397 <enabled/>
398 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
399 ```
400 OMA-URI:
401 ```
402 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
403 ```
404 Value (string):
405 ```
406 <enabled/>
407 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
408 ```
409 OMA-URI:
410 ```
411 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
412 ```
413 Value (string):
414 ```
415 <enabled/>
416 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
417 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
418 ```
419 OMA-URI:
420 ```
421 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
422 ```
423 Value (string):
424 ```
425 <enabled/> or <disabled/>
426 ```
427 OMA-URI:
428 ```
429 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
430 ```
431 Value (string):
432 ```
433 <enabled/> or <disabled/>
434 ```
435 #### macOS
436 ```
437 <dict>
438 <key>Authentication</key>
439 <dict>
440 <key>SPNEGO</key>
441 <array>
442 <string>mydomain.com</string>
443 <string>https://myotherdomain.com</string>
444 </array>
445 <key>Delegated</key>
446 <array>
447 <string>mydomain.com</string>
448 <string>https://myotherdomain.com</string>
449 </array>
450 <key>NTLM</key>
451 <array>
452 <string>mydomain.com</string>
453 <string>https://myotherdomain.com</string>
454 </array>
455 <key>AllowNonFQDN</key>
456 <dict>
457 <key>SPNEGO</key>
458 <true/> | <false/>
459 <key>NTLM</key>
460 <true/> | <false/>
461 </dict>
462 <key>AllowProxies</key>
463 <dict>
464 <key>SPNEGO</key>
465 <true/> | <false/>
466 <key>NTLM</key>
467 <true/> | <false/>
468 </dict>
469 <key>Locked</key>
470 <true/> | <false/>
471 <key>PrivateBrowsing</key>
472 <true/> | <false/>
473 </dict>
474 </dict>
475 ```
476 #### policies.json
477 ```
478 {
479 "policies": {
480 "Authentication": {
481 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
482 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
483 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
484 "AllowNonFQDN": {
485 "SPNEGO": true | false,
486 "NTLM": true | false
487 },
488 "AllowProxies": {
489 "SPNEGO": true | false,
490 "NTLM": true | false
491 },
492 "Locked": true | false,
493 "PrivateBrowsing": true | false
494 }
495 }
496 }
497 ```
498 ### AutoLaunchProtocolsFromOrigins
499 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
500
501 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
502
503 The schema is:
504 ```
505 {
506 "items": {
507 "properties": {
508 "allowed_origins": {
509 "items": {
510 "type": "string"
511 },
512 "type": "array"
513 },
514 "protocol": {
515 "type": "string"
516 }
517 },
518 "required": [
519 "protocol",
520 "allowed_origins"
521 ],
522 "type": "object"
523 },
524 "type": "array"
525 }
526 ```
527 **Compatibility:** Firefox 90, Firefox ESR 78.12\
528 **CCK2 Equivalent:** N/A\
529 **Preferences Affected:** N/A
530
531 #### Windows (GPO)
532 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
533 ```
534 [
535 {
536 "protocol": "zoommtg",
537 "allowed_origins": [
538 "https://somesite.zoom.us"
539 ]
540 }
541 ]
542 ```
543 #### Windows (Intune)
544 OMA-URI:
545 ```
546 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
547 ```
548 Value (string):
549 ```
550 <enabled/>
551 <data id="JSON" value='
552 [
553 {
554 "protocol": "zoommtg",
555 "allowed_origins": [
556 "https://somesite.zoom.us"
557 ]
558 }
559 ]'/>
560 ```
561 #### macOS
562 ```
563 <dict>
564 <key>AutoLaunchProtocolsFromOrigins</key>
565 <array>
566 <dict>
567 <key>protocol</key>
568 <string>zoommtg</string>
569 <key>allowed_origins</key>
570 <array>
571 <string>https://somesite.zoom.us</string>
572 </array>
573 </dict>
574 </array>
575 </dict>
576 ```
577 #### policies.json
578 ```
579 {
580 "policies": {
581 "AutoLaunchProtocolsFromOrigins": [{
582 "protocol": "zoommtg",
583 "allowed_origins": [
584 "https://somesite.zoom.us"
585 ]
586 }]
587 }
588 }
589 ```
590 ### BackgroundAppUpdate
591
592 Enable or disable **automatic** application update **in the background**, when the application is not running.
593
594 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
595
596 If set to false, the application will not try to install updates when the application is not running.
597
598 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
599
600 **Compatibility:** Firefox 90 (Windows only)\
601 **CCK2 Equivalent:** N/A\
602 **Preferences Affected:** `app.update.background.enabled`
603
604 #### Windows (GPO)
605 ```
606 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
607 ```
608 #### Windows (Intune)
609 OMA-URI:
610 ```
611 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
612 ```
613 Value (string):
614 ```
615 <enabled/> or <disabled/>
616 ```
617 #### macOS
618 ```
619 <dict>
620 <key>BackgroundAppUpdate</key>
621 <true/> | <false/>
622 </dict>
623 ```
624 #### policies.json
625 ```
626 {
627 "policies": {
628 "BackgroundAppUpdate": true | false
629 }
630 }
631 ```
632 ### BlockAboutAddons
633
634 Block access to the Add-ons Manager (about:addons).
635
636 **Compatibility:** Firefox 60, Firefox ESR 60\
637 **CCK2 Equivalent:** `disableAddonsManager`\
638 **Preferences Affected:** N/A
639
640 #### Windows (GPO)
641 ```
642 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
643 ```
644 #### Windows (Intune)
645 OMA-URI:
646 ```
647 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
648 ```
649 Value (string):
650 ```
651 <enabled/> or <disabled/>
652 ```
653 #### macOS
654 ```
655 <dict>
656 <key>BlockAboutAddons</key>
657 <true/> | <false/>
658 </dict>
659 ```
660 #### policies.json
661 ```
662 {
663 "policies": {
664 "BlockAboutAddons": true | false
665 }
666 }
667 ```
668 ### BlockAboutConfig
669
670 Block access to about:config.
671
672 **Compatibility:** Firefox 60, Firefox ESR 60\
673 **CCK2 Equivalent:** `disableAboutConfig`\
674 **Preferences Affected:** N/A
675
676 #### Windows (GPO)
677 ```
678 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
679 ```
680 #### Windows (Intune)
681 OMA-URI:
682 ```
683 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
684 ```
685 Value (string):
686 ```
687 <enabled/> or <disabled/>
688 ```
689 #### macOS
690 ```
691 <dict>
692 <key>BlockAboutConfig</key>
693 <true/> | <false/>
694 </dict>
695 ```
696 #### policies.json
697 ```
698 {
699 "policies": {
700 "BlockAboutConfig": true | false
701 }
702 }
703 ```
704 ### BlockAboutProfiles
705
706 Block access to About Profiles (about:profiles).
707
708 **Compatibility:** Firefox 60, Firefox ESR 60\
709 **CCK2 Equivalent:** `disableAboutProfiles`\
710 **Preferences Affected:** N/A
711
712 #### Windows (GPO)
713 ```
714 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
715 ```
716 #### Windows (Intune)
717 OMA-URI:
718 ```
719 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
720 ```
721 Value (string):
722 ```
723 <enabled/> or <disabled/>
724 ```
725 #### macOS
726 ```
727 <dict>
728 <key>BlockAboutProfiles</key>
729 <true/> | <false/>
730 </dict>
731 ```
732 #### policies.json
733 ```
734 {
735 "policies": {
736 "BlockAboutProfiles": true | false
737 }
738 }
739 ```
740 ### BlockAboutSupport
741
742 Block access to Troubleshooting Information (about:support).
743
744 **Compatibility:** Firefox 60, Firefox ESR 60\
745 **CCK2 Equivalent:** `disableAboutSupport`\
746 **Preferences Affected:** N/A
747
748 #### Windows (GPO)
749 ```
750 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
751 ```
752 #### Windows (Intune)
753 OMA-URI:
754 ```
755 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
756 ```
757 Value (string):
758 ```
759 <enabled/> or <disabled/>
760 ```
761 #### macOS
762 ```
763 <dict>
764 <key>BlockAboutSupport</key>
765 <true/> | <false/>
766 </dict>
767 ```
768 #### policies.json
769 ```
770 {
771 "policies": {
772 "BlockAboutSupport": true | false
773 }
774 }
775 ```
776 ### Bookmarks
777
778 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
779
780 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
781
782 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
783
784 **Compatibility:** Firefox 60, Firefox ESR 60\
785 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
786 **Preferences Affected:** N/A
787
788 #### Windows (GPO)
789 ```
790 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
791 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
792 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
793 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
794 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
795
796 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
797 ```
798 []
799 ```
800
801 ```
802 #### Windows (Intune)
803 OMA-URI:
804 ```
805 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
806 ```
807 Value (string):
808 ```
809 <enabled/>
810 <data id="BookmarkTitle" value="Example"/>
811 <data id="BookmarkURL" value="https://example.com"/>
812 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
813 <data id="BookmarkPlacement" value="toolbar | menu"/>
814 <data id="BookmarkFolder" value="FolderName"/>
815 ```
816 OMA-URI:
817 ```
818 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
819 ```
820 Value (string):
821 ```
822 <enabled/>
823 <data id="JSON" value='[]'/>
824 ```
825 #### macOS
826 ```
827 <dict>
828 <key>Bookmarks</key>
829 <array>
830 <dict>
831 <key>Title</key>
832 <string>Example</string>
833 <key>URL</key>
834 <string>https://example.com</string>
835 <key>Favicon</key>
836 <string>https://example.com/favicon.ico</string>
837 <key>Placement</key>
838 <string>toolbar | menu</string>
839 <key>Folder</key>
840 <string>FolderName</string>
841 </dict>
842 </array>
843 </dict>
844 ```
845 #### policies.json
846 ```
847 {
848 "policies": {
849 "Bookmarks": [
850 {
851 "Title": "Example",
852 "URL": "https://example.com",
853 "Favicon": "https://example.com/favicon.ico",
854 "Placement": "toolbar" | "menu",
855 "Folder": "FolderName"
856 }
857 ]
858 }
859 }
860 ```
861 ### CaptivePortal
862 Enable or disable the detection of captive portals.
863
864 **Compatibility:** Firefox 67, Firefox ESR 60.7\
865 **CCK2 Equivalent:** N/A\
866 **Preferences Affected:** `network.captive-portal-service.enabled`
867
868 #### Windows (GPO)
869 ```
870 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
871 ```
872 #### Windows (Intune)
873 OMA-URI:
874 ```
875 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
876 ```
877 Value (string):
878 ```
879 <enabled/> or <disabled/>
880 ```
881 #### macOS
882 ```
883 <dict>
884 <key>CaptivePortal</key>
885 <true/> | <false/>
886 </dict>
887 ```
888 #### policies.json
889 ```
890 {
891 "policies": {
892 "CaptivePortal": true | false
893 }
894 }
895 ```
896 ### Certificates
897
898 ### Certificates | ImportEnterpriseRoots
899
900 Trust certificates that have been added to the operating system certificate store by a user or administrator.
901
902 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
903
904 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
905
906 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
907 **CCK2 Equivalent:** N/A\
908 **Preferences Affected:** `security.enterprise_roots.enabled`
909
910 #### Windows (GPO)
911 ```
912 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
913 ```
914 #### Windows (Intune)
915 OMA-URI:
916 ```
917 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
918 ```
919 Value (string):
920 ```
921 <enabled/> or <disabled/>
922 ```
923 #### macOS
924 ```
925 <dict>
926 <key>Certificates</key>
927 <dict>
928 <key>ImportEnterpriseRoots</key>
929 <true/> | <false/>
930 </dict>
931 </dict>
932 ```
933 #### policies.json
934 ```
935 {
936 "policies": {
937 "Certificates": {
938 "ImportEnterpriseRoots": true | false
939 }
940 }
941 }
942 ```
943 ### Certificates | Install
944
945 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
946
947 - Windows
948 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
949 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
950 - macOS
951 - /Library/Application Support/Mozilla/Certificates
952 - ~/Library/Application Support/Mozilla/Certificates
953 - Linux
954 - /usr/lib/mozilla/certificates
955 - /usr/lib64/mozilla/certificates
956 - ~/.mozilla/certificates
957
958 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
959
960 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
961
962 Certificates are installed using the trust string `CT,CT,`.
963
964 Binary (DER) and ASCII (PEM) certificates are both supported.
965
966 **Compatibility:** Firefox 64, Firefox ESR 64\
967 **CCK2 Equivalent:** `certs.ca`\
968 **Preferences Affected:** N/A
969
970 #### Windows (GPO)
971 ```
972 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
973 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
974 ```
975 #### Windows (Intune)
976 OMA-URI:
977 ```
978 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
979 ```
980 Value (string):
981 ```
982 <enabled/>
983 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
984 ```
985 #### macOS
986 ```
987 <dict>
988 <key>Certificates</key>
989 <dict>
990 <key>Install</key>
991 <array>
992 <string>cert1.der</string>
993 <string>/Users/username/cert2.pem</string>
994 </array>
995 </dict>
996 </dict>
997 ```
998 #### policies.json
999 ```
1000 {
1001 "policies": {
1002 "Certificates": {
1003 "Install": ["cert1.der", "/home/username/cert2.pem"]
1004 }
1005 }
1006 }
1007 ```
1008 ### Containers
1009 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1010
1011 Currently you can set the initial set of containers.
1012
1013 For each container, you can specify the name, icon, and color.
1014
1015 | Name | Description |
1016 | --- | --- |
1017 | `name`| Name of container
1018 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1019 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1020
1021 **Compatibility:** Firefox 113\
1022 **CCK2 Equivalent:** N/A\
1023 **Preferences Affected:** N/A
1024
1025 #### Windows (GPO)
1026 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1027 ```
1028 {
1029 "Default": [
1030 {
1031 "name": "My container",
1032 "icon": "pet",
1033 "color": "turquoise"
1034 }
1035 ]
1036 }
1037 ```
1038 #### Windows (Intune)
1039 OMA-URI:
1040 ```
1041 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1042 ```
1043 Value (string):
1044 ```
1045 <enabled/>
1046 <data id="JSON" value='
1047 {
1048 "Default": [
1049 {
1050 "name": "My container",
1051 "icon": "pet",
1052 "color": "turquoise"
1053 }
1054 ]
1055 }
1056 '/>
1057 ```
1058 #### macOS
1059 ```
1060 <dict>
1061 <key>Default</key>
1062 <dict>
1063 <key>Containers</key>
1064 <array>
1065 <dict>
1066 <key>name</key>
1067 <string>My container</string>
1068 <key>icon</key>
1069 <string>pet</string>
1070 <key>color</key>
1071 <string>turquoise</string>
1072 </dict>
1073 </array>
1074 </dict>
1075 </dict>
1076 ```
1077 #### policies.json
1078 ```
1079 {
1080 "policies": {
1081 "Containers": {
1082 "Default": [
1083 {
1084 "name": "My container",
1085 "icon": "pet",
1086 "color": "turquoise"
1087 }
1088 ]
1089 }
1090 }
1091 }
1092 ```
1093 ### Cookies
1094 Configure cookie preferences.
1095
1096 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1097
1098 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1099
1100 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1101
1102 `Behavior` sets the default behavior for cookies based on the values below.
1103
1104 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1105
1106 | Value | Description
1107 | --- | --- |
1108 | accept | Accept all cookies
1109 | reject-foreign | Reject third party cookies
1110 | reject | Reject all cookies
1111 | limit-foreign | Reject third party cookies for sites you haven't visited
1112 | reject-tracker | Reject cookies for known trackers (default)
1113 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1114
1115 `Default` (Deprecated) determines whether cookies are accepted at all.
1116
1117 `AcceptThirdParty` (Deprecated) determines how third-party cookies are handled.
1118
1119 `ExpireAtSessionEnd` determines when cookies expire.
1120
1121 `RejectTracker` (Deprecated) only rejects cookies for trackers.
1122
1123 `Locked` prevents the user from changing cookie preferences.
1124
1125 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1126 **CCK2 Equivalent:** N/A\
1127 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1128
1129 #### Windows (GPO)
1130 ```
1131 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1132 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1133 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1134 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1135 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1136 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1137 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1138 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1139 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1140 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1141 ```
1142 #### Windows (Intune)
1143 OMA-URI:
1144 ```
1145 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1146 ```
1147 Value (string):
1148 ```
1149 <enabled/>
1150 <data id="Permissions" value="1&#xF000;https://example.com"/>
1151 ```
1152 OMA-URI:
1153 ```
1154 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1155 ```
1156 Value (string):
1157 ```
1158 <enabled/>
1159 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1160 ```
1161 OMA-URI:
1162 ```
1163 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1164 ```
1165 Value (string):
1166 ```
1167 <enabled/>
1168 <data id="Permissions" value="1&#xF000;https://example.org"/>
1169 ```
1170 OMA-URI:
1171 ```
1172 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1173 ```
1174 Value (string):
1175 ```
1176 <enabled/> or <disabled/>
1177 ```
1178 OMA-URI:
1179 ```
1180 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1181 ```
1182 Value (string):
1183 ```
1184 <enabled/>
1185 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1186 ```
1187 OMA-URI:
1188 ```
1189 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1190 ```
1191 Value (string):
1192 ```
1193 <enabled/> or <disabled/>
1194 ```
1195 OMA-URI:
1196 ```
1197 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1198 ```
1199 Value (string):
1200 ```
1201 <enabled/> or <disabled/>
1202 ```
1203 OMA-URI:
1204 ```
1205 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1206 ```
1207 Value (string):
1208 ```
1209 <enabled/> or <disabled/>
1210 ```
1211 OMA-URI:
1212 ```
1213 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1214 ```
1215 Value (string):
1216 ```
1217 <enabled/>
1218 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1219 ```
1220 OMA-URI:
1221 ```
1222 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1223 ```
1224 Value (string):
1225 ```
1226 <enabled/>
1227 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1228 ```
1229 #### macOS
1230 ```
1231 <dict>
1232 <key>Cookies</key>
1233 <dict>
1234 <key>Allow</key>
1235 <array>
1236 <string>http://example.com</string>
1237 </array>
1238 <key>AllowSession</key>
1239 <array>
1240 <string>http://example.edu</string>
1241 </array>
1242 <key>Block</key>
1243 <array>
1244 <string>http://example.org</string>
1245 </array>
1246 <key>Default</key>
1247 <true/> | <false/>
1248 <key>AcceptThirdParty</key>
1249 <string>always | never | from-visited</string>
1250 <key>ExpireAtSessionEnd</key>
1251 <true/> | <false/>
1252 <key>RejectTracker</key>
1253 <true/> | <false/>
1254 <key>Locked</key>
1255 <true/> | <false/>
1256 <key>Behavior</key>
1257 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1258 <key>BehaviorPrivateBrowsing</key>
1259 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1260 </dict>
1261 </dict>
1262 ```
1263 #### policies.json
1264 ```
1265 {
1266 "policies": {
1267 "Cookies": {
1268 "Allow": ["http://example.org/"],
1269 "AllowSession": ["http://example.edu/"],
1270 "Block": ["http://example.edu/"],
1271 "Default": true | false,
1272 "AcceptThirdParty": "always" | "never" | "from-visited",
1273 "ExpireAtSessionEnd": true | false,
1274 "RejectTracker": true | false,
1275 "Locked": true | false,
1276 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1277 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1278 }
1279 }
1280 }
1281 ```
1282 ### DefaultDownloadDirectory
1283 Set the default download directory.
1284
1285 You can use ${home} for the native home directory.
1286
1287 **Compatibility:** Firefox 68, Firefox ESR 68\
1288 **CCK2 Equivalent:** N/A\
1289 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1290
1291 #### Windows (GPO)
1292 ```
1293 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1294 ```
1295 #### Windows (Intune)
1296 OMA-URI:
1297 ```
1298 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1299 ```
1300 Value (string):
1301 ```
1302 <enabled/>
1303 <data id="Preferences_String" value="${home}\Downloads"/>
1304 ```
1305 #### macOS
1306 ```
1307 <dict>
1308 <key>DefaultDownloadDirectory</key>
1309 <string>${home}/Downloads</string>
1310 </dict>
1311 ```
1312 #### policies.json (macOS and Linux)
1313 ```
1314 {
1315 "policies": {
1316 "DefaultDownloadDirectory": "${home}/Downloads"
1317 }
1318 }
1319 ```
1320 #### policies.json (Windows)
1321 ```
1322 {
1323 "policies": {
1324 "DefaultDownloadDirectory": "${home}\\Downloads"
1325 }
1326 }
1327 ```
1328 ### DisableAppUpdate
1329 Turn off application updates within Firefox.
1330
1331 **Compatibility:** Firefox 60, Firefox ESR 60\
1332 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1333 **Preferences Affected:** N/A
1334
1335 #### Windows (GPO)
1336 ```
1337 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1338 ```
1339 #### Windows (Intune)
1340 OMA-URI:
1341 ```
1342 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1343 ```
1344 Value (string):
1345 ```
1346 <enabled/> or <disabled/>
1347 ```
1348 #### macOS
1349 ```
1350 <dict>
1351 <key>DisableAppUpdate</key>
1352 <true/> | <false/>
1353 </dict>
1354 ```
1355 #### policies.json
1356 ```
1357 {
1358 "policies": {
1359 "DisableAppUpdate": true | false
1360 }
1361 }
1362 ```
1363 ### DisableBuiltinPDFViewer
1364 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1365
1366 **Compatibility:** Firefox 60, Firefox ESR 60\
1367 **CCK2 Equivalent:** `disablePDFjs`\
1368 **Preferences Affected:** `pdfjs.disabled`
1369
1370 #### Windows (GPO)
1371 ```
1372 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1373 ```
1374 #### Windows (Intune)
1375 OMA-URI:
1376 ```
1377 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1378 ```
1379 Value (string):
1380 ```
1381 <enabled/> or <disabled/>
1382 ```
1383 #### macOS
1384 ```
1385 <dict>
1386 <key>DisableBuiltinPDFViewer</key>
1387 <true/> | <false/>
1388 </dict>
1389 ```
1390 #### policies.json
1391 ```
1392 {
1393 "policies": {
1394 "DisableBuiltinPDFViewer": true | false
1395 }
1396 }
1397 ```
1398 ### DisabledCiphers
1399 Disable specific cryptographic ciphers, listed below.
1400
1401 ```
1402 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1403 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1404 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1405 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1406 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1407 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1408 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1409 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1410 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1411 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1412 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1413 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1414 TLS_RSA_WITH_AES_128_GCM_SHA256
1415 TLS_RSA_WITH_AES_256_GCM_SHA384
1416 TLS_RSA_WITH_AES_128_CBC_SHA
1417 TLS_RSA_WITH_AES_256_CBC_SHA
1418 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1419 ```
1420
1421 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1422
1423 ---
1424 **Note:**
1425
1426 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1427
1428 ---
1429 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1430 **CCK2 Equivalent:** N/A\
1431 **Preferences Affected:** N/A
1432
1433 #### Windows (GPO)
1434 ```
1435 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1436 ```
1437 #### Windows (Intune)
1438 OMA-URI:
1439 ```
1440 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1441
1442 ```
1443 Value (string):
1444 ```
1445 <enabled/> or <disabled/>
1446 ```
1447 #### macOS
1448 ```
1449 <dict>
1450 <key>DisabledCiphers</key>
1451 <dict>
1452 <key>CIPHER_NAME</key>
1453 <true/> | <false/>
1454 </dict>
1455 </dict>
1456 ```
1457 #### policies.json
1458 ```
1459 {
1460 "policies": {
1461 "DisabledCiphers": {
1462 "CIPHER_NAME": true | false,
1463 }
1464 }
1465 }
1466 ```
1467 ### DisableDefaultBrowserAgent
1468 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1469
1470 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1471
1472 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1473 **CCK2 Equivalent:** N/A\
1474 **Preferences Affected:** N/A
1475
1476 #### Windows (GPO)
1477 ```
1478 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1479 ```
1480 #### Windows (Intune)
1481 OMA-URI:
1482 ```
1483 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1484 ```
1485 Value (string):
1486 ```
1487 <enabled/> or <disabled/>
1488 ```
1489 #### policies.json
1490 ```
1491 {
1492 "policies": {
1493 "DisableDefaultBrowserAgent": true | false
1494 }
1495 }
1496 ```
1497 ### DisableDeveloperTools
1498 Remove access to all developer tools.
1499
1500 **Compatibility:** Firefox 60, Firefox ESR 60\
1501 **CCK2 Equivalent:** `removeDeveloperTools`\
1502 **Preferences Affected:** `devtools.policy.disabled`
1503
1504 #### Windows (GPO)
1505 ```
1506 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1507 ```
1508 #### Windows (Intune)
1509 OMA-URI:
1510 ```
1511 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1512 ```
1513 Value (string):
1514 ```
1515 <enabled/> or <disabled/>
1516 ```
1517 #### macOS
1518 ```
1519 <dict>
1520 <key>DisableDeveloperTools</key>
1521 <true/> | <false/>
1522 </dict>
1523 ```
1524 #### policies.json
1525 ```
1526 {
1527 "policies": {
1528 "DisableDeveloperTools": true | false
1529 }
1530 }
1531 ```
1532 ### DisableFeedbackCommands
1533 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1534
1535 **Compatibility:** Firefox 60, Firefox ESR 60\
1536 **CCK2 Equivalent:** N/A\
1537 **Preferences Affected:** N/A
1538
1539 #### Windows (GPO)
1540 ```
1541 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1542 ```
1543 #### Windows (Intune)
1544 OMA-URI:
1545 ```
1546 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1547 ```
1548 Value (string):
1549 ```
1550 <enabled/> or <disabled/>
1551 ```
1552 #### macOS
1553 ```
1554 <dict>
1555 <key>DisableFeedbackCommands</key>
1556 <true/> | <false/>
1557 </dict>
1558 ```
1559 #### policies.json
1560 ```
1561 {
1562 "policies": {
1563 "DisableFeedbackCommands": true | false
1564 }
1565 }
1566 ```
1567 ### DisableFirefoxAccounts
1568 Disable Firefox Accounts integration (Sync).
1569
1570 **Compatibility:** Firefox 60, Firefox ESR 60\
1571 **CCK2 Equivalent:** `disableSync`\
1572 **Preferences Affected:** `identity.fxaccounts.enabled`
1573
1574 #### Windows (GPO)
1575 ```
1576 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1577 ```
1578 #### Windows (Intune)
1579 OMA-URI:
1580 ```
1581 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1582 ```
1583 Value (string):
1584 ```
1585 <enabled/> or <disabled/>
1586 ```
1587 #### macOS
1588 ```
1589 <dict>
1590 <key>DisableFirefoxAccounts</key>
1591 <true/> | <false/>
1592 </dict>
1593 ```
1594 #### policies.json
1595 ```
1596 {
1597 "policies": {
1598 "DisableFirefoxAccounts": true | false
1599 }
1600 }
1601 ```
1602 ### DisableFirefoxScreenshots
1603 Remove access to Firefox Screenshots.
1604
1605 **Compatibility:** Firefox 60, Firefox ESR 60\
1606 **CCK2 Equivalent:** N/A\
1607 **Preferences Affected:** `extensions.screenshots.disabled`
1608
1609 #### Windows (GPO)
1610 ```
1611 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1612 ```
1613 #### Windows (Intune)
1614 OMA-URI:
1615 ```
1616 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1617 ```
1618 Value (string):
1619 ```
1620 <enabled/> or <disabled/>
1621 ```
1622 #### macOS
1623 ```
1624 <dict>
1625 <key>DisableFirefoxScreenshots</key>
1626 <true/> | <false/>
1627 </dict>
1628 ```
1629 #### policies.json
1630 ```
1631 {
1632 "policies": {
1633 "DisableFirefoxScreenshots": true | false
1634 }
1635 }
1636 ```
1637 ### DisableFirefoxStudies
1638 Disable Firefox studies (Shield).
1639
1640 **Compatibility:** Firefox 60, Firefox ESR 60\
1641 **CCK2 Equivalent:** N/A\
1642 **Preferences Affected:** N/A
1643
1644 #### Windows (GPO)
1645 ```
1646 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1647 ```
1648 #### Windows (Intune)
1649 OMA-URI:
1650 ```
1651 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1652 ```
1653 Value (string):
1654 ```
1655 <enabled/> or <disabled/>
1656 ```
1657 #### macOS
1658 ```
1659 <dict>
1660 <key>DisableFirefoxStudies</key>
1661 <true/> | <false/>
1662 </dict>
1663 ```
1664 #### policies.json
1665 ```
1666 {
1667 "policies": {
1668 "DisableFirefoxStudies": true | false
1669 }
1670 }
1671 ```
1672 ### DisableForgetButton
1673 Disable the "Forget" button.
1674
1675 **Compatibility:** Firefox 60, Firefox ESR 60\
1676 **CCK2 Equivalent:** `disableForget`\
1677 **Preferences Affected:** N/A
1678
1679 #### Windows (GPO)
1680 ```
1681 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1682 ```
1683 #### Windows (Intune)
1684 OMA-URI:
1685 ```
1686 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1687 ```
1688 Value (string):
1689 ```
1690 <enabled/> or <disabled/>
1691 ```
1692 #### macOS
1693 ```
1694 <dict>
1695 <key>DisableForgetButton</key>
1696 <true/> | <false/>
1697 </dict>
1698 ```
1699 #### policies.json
1700 ```
1701 {
1702 "policies": {
1703 "DisableForgetButton": true | false
1704 }
1705 }
1706 ```
1707 ### DisableFormHistory
1708 Turn off saving information on web forms and the search bar.
1709
1710 **Compatibility:** Firefox 60, Firefox ESR 60\
1711 **CCK2 Equivalent:** `disableFormFill`\
1712 **Preferences Affected:** `browser.formfill.enable`
1713
1714 #### Windows (GPO)
1715 ```
1716 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1717 ```
1718 #### Windows (Intune)
1719 OMA-URI:
1720 ```
1721 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1722 ```
1723 Value (string):
1724 ```
1725 <enabled/> or <disabled/>
1726 ```
1727 #### macOS
1728 ```
1729 <dict>
1730 <key>DisableFormHistory</key>
1731 <true/> | <false/>
1732 </dict>
1733 ```
1734 #### policies.json
1735 ```
1736 {
1737 "policies": {
1738 "DisableFormHistory": true | false
1739 }
1740 }
1741 ```
1742 ### DisableMasterPasswordCreation
1743 Remove the master password functionality.
1744
1745 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1746
1747 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1748
1749 **Compatibility:** Firefox 60, Firefox ESR 60\
1750 **CCK2 Equivalent:** `noMasterPassword`\
1751 **Preferences Affected:** N/A
1752
1753 #### Windows (GPO)
1754 ```
1755 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1756 ```
1757 #### Windows (Intune)
1758 OMA-URI:
1759 ```
1760 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1761 ```
1762 Value (string):
1763 ```
1764 <enabled/> or <disabled/>
1765 ```
1766 #### macOS
1767 ```
1768 <dict>
1769 <key>DisableMasterPasswordCreation</key>
1770 <true/> | <false/>
1771 </dict>
1772 ```
1773 #### policies.json
1774 ```
1775 {
1776 "policies": {
1777 "DisableMasterPasswordCreation": true | false
1778 }
1779 }
1780 ```
1781 ### DisablePasswordReveal
1782 Do not allow passwords to be shown in saved logins
1783
1784 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1785 **CCK2 Equivalent:** N/A
1786 **Preferences Affected:** N/A
1787
1788 #### Windows (GPO)
1789 ```
1790 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1791 ```
1792 #### Windows (Intune)
1793 OMA-URI:
1794 ```
1795 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1796 ```
1797 Value (string):
1798 ```
1799 <enabled/> or <disabled/>
1800 ```
1801 #### macOS
1802 ```
1803 <dict>
1804 <key>DisablePasswordReveal</key>
1805 <true/> | <false/>
1806 </dict>
1807 ```
1808 #### policies.json
1809 ```
1810 {
1811 "policies": {
1812 "DisablePasswordReveal": true | false
1813 }
1814 }
1815 ```
1816 ### DisablePocket
1817 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1818
1819 **Compatibility:** Firefox 60, Firefox ESR 60\
1820 **CCK2 Equivalent:** `disablePocket`\
1821 **Preferences Affected:** `extensions.pocket.enabled`
1822
1823 #### Windows (GPO)
1824 ```
1825 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1826 ```
1827 #### Windows (Intune)
1828 OMA-URI:
1829 ```
1830 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1831 ```
1832 Value (string):
1833 ```
1834 <enabled/> or <disabled/>
1835 ```
1836 #### macOS
1837 ```
1838 <dict>
1839 <key>DisablePocket</key>
1840 <true/> | <false/>
1841 </dict>
1842 ```
1843 #### policies.json
1844 ```
1845 {
1846 "policies": {
1847 "DisablePocket": true | false
1848 }
1849 }
1850 ```
1851 ### DisablePrivateBrowsing
1852 Remove access to private browsing.
1853
1854 **Compatibility:** Firefox 60, Firefox ESR 60\
1855 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1856 **Preferences Affected:** N/A
1857
1858 #### Windows (GPO)
1859 ```
1860 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1861 ```
1862 #### Windows (Intune)
1863 OMA-URI:
1864 ```
1865 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1866 ```
1867 Value (string):
1868 ```
1869 <enabled/> or <disabled/>
1870 ```
1871 #### macOS
1872 ```
1873 <dict>
1874 <key>DisablePrivateBrowsing</key>
1875 <true/> | <false/>
1876 </dict>
1877 ```
1878 #### policies.json
1879 ```
1880 {
1881 "policies": {
1882 "DisablePrivateBrowsing": true | false
1883 }
1884 }
1885 ```
1886 ### DisableProfileImport
1887 Disables the "Import data from another browser" option in the bookmarks window.
1888
1889 **Compatibility:** Firefox 60, Firefox ESR 60\
1890 **CCK2 Equivalent:** N/A\
1891 **Preferences Affected:** N/A
1892
1893 #### Windows (GPO)
1894 ```
1895 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1896 ```
1897 #### Windows (Intune)
1898 OMA-URI:
1899 ```
1900 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1901 ```
1902 Value (string):
1903 ```
1904 <enabled/> or <disabled/>
1905 ```
1906 #### macOS
1907 ```
1908 <dict>
1909 <key>DisableProfileImport</key>
1910 <true/> | <false/>
1911 </dict>
1912 ```
1913 #### policies.json
1914 ```
1915 {
1916 "policies": {
1917 "DisableProfileImport": true | false
1918 }
1919 }
1920 ```
1921 ### DisableProfileRefresh
1922 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1923
1924 **Compatibility:** Firefox 60, Firefox ESR 60\
1925 **CCK2 Equivalent:** `disableResetFirefox`\
1926 **Preferences Affected:** `browser.disableResetPrompt`
1927
1928 #### Windows (GPO)
1929 ```
1930 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1931 ```
1932 #### Windows (Intune)
1933 OMA-URI:
1934 ```
1935 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1936 ```
1937 Value (string):
1938 ```
1939 <enabled/> or <disabled/>
1940 ```
1941 #### macOS
1942 ```
1943 <dict>
1944 <key>DisableProfileRefresh</key>
1945 <true/> | <false/>
1946 </dict>
1947 ```
1948 #### policies.json
1949 ```
1950 {
1951 "policies": {
1952 "DisableProfileRefresh": true | false
1953 }
1954 }
1955 ```
1956 ### DisableSafeMode
1957 Disable safe mode within the browser.
1958
1959 On Windows, this disables safe mode via the command line as well.
1960
1961 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1962 **CCK2 Equivalent:** `disableSafeMode`\
1963 **Preferences Affected:** N/A
1964
1965 #### Windows (GPO)
1966 ```
1967 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1968 ```
1969 #### Windows (Intune)
1970 OMA-URI:
1971 ```
1972 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1973 ```
1974 Value (string):
1975 ```
1976 <enabled/> or <disabled/>
1977 ```
1978 #### macOS
1979 ```
1980 <dict>
1981 <key>DisableSafeMode</key>
1982 <true/> | <false/>
1983 </dict>
1984 ```
1985 #### policies.json
1986 ```
1987 {
1988 "policies": {
1989 "DisableSafeMode": true | false
1990 }
1991 }
1992 ```
1993 ### DisableSecurityBypass
1994 Prevent the user from bypassing security in certain cases.
1995
1996 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1997
1998 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1999
2000 **Compatibility:** Firefox 60, Firefox ESR 60\
2001 **CCK2 Equivalent:** N/A\
2002 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
2003
2004 #### Windows (GPO)
2005 ```
2006 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2007 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2008 ```
2009 #### Windows (Intune)
2010 OMA-URI:
2011 ```
2012 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2013 ```
2014 Value (string):
2015 ```
2016 <enabled/> or <disabled/>
2017 ```
2018 OMA-URI:
2019 ```
2020 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2021 ```
2022 Value (string):
2023 ```
2024 <enabled/> or <disabled/>
2025 ```
2026
2027 #### macOS
2028 ```
2029 <dict>
2030 <key>DisableSecurityBypass</key>
2031 <dict>
2032 <key>InvalidCertificate</key>
2033 <true/> | <false/>
2034 <key>SafeBrowsing</key>
2035 <true/> | <false/>
2036 </dict>
2037 </dict>
2038 ```
2039 #### policies.json
2040 ```
2041 {
2042 "policies": {
2043 "DisableSecurityBypass": {
2044 "InvalidCertificate": true | false,
2045 "SafeBrowsing": true | false
2046 }
2047 }
2048 }
2049 ```
2050 ### DisableSetDesktopBackground
2051 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2052
2053 **Compatibility:** Firefox 60, Firefox ESR 60\
2054 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2055 **Preferences Affected:** N/A
2056
2057 #### Windows (GPO)
2058 ```
2059 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2060 ```
2061 #### Windows (Intune)
2062 OMA-URI:
2063 ```
2064 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2065 ```
2066 Value (string):
2067 ```
2068 <enabled/> or <disabled/>
2069 ```
2070 #### macOS
2071 ```
2072 <dict>
2073 <key>DisableSetDesktopBackground</key>
2074 <true/> | <false/>
2075 </dict>
2076 ```
2077 #### policies.json
2078 ```
2079 {
2080 "policies": {
2081 "DisableSetDesktopBackground": true | false
2082 }
2083 }
2084 ```
2085 ### DisableSystemAddonUpdate
2086 Prevent system add-ons from being installed or updated.
2087
2088 **Compatibility:** Firefox 60, Firefox ESR 60\
2089 **CCK2 Equivalent:** N/A\
2090 **Preferences Affected:** N/A
2091
2092 #### Windows (GPO)
2093 ```
2094 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2095 ```
2096 #### Windows (Intune)
2097 OMA-URI:
2098 ```
2099 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2100 ```
2101 Value (string):
2102 ```
2103 <enabled/> or <disabled/>
2104 ```
2105 #### macOS
2106 ```
2107 <dict>
2108 <key>DisableSystemAddonUpdate</key>
2109 <true/> | <false/>
2110 </dict>
2111 ```
2112 #### policies.json
2113 ```
2114 {
2115 "policies": {
2116 "DisableSystemAddonUpdate": true | false
2117 }
2118 }
2119 ```
2120 ### DisableTelemetry
2121 Prevent the upload of telemetry data.
2122
2123 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2124
2125 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2126
2127 **Compatibility:** Firefox 60, Firefox ESR 60\
2128 **CCK2 Equivalent:** `disableTelemetry`\
2129 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2130
2131 #### Windows (GPO)
2132 ```
2133 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2134 ```
2135 #### Windows (Intune)
2136 OMA-URI:
2137 ```
2138 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2139 ```
2140 Value (string):
2141 ```
2142 <enabled/> or <disabled/>
2143 ```
2144 #### macOS
2145 ```
2146 <dict>
2147 <key>DisableTelemetry</key>
2148 <true/> | <false/>
2149 </dict>
2150 ```
2151 #### policies.json
2152 ```
2153 {
2154 "policies": {
2155 "DisableTelemetry": true | false
2156 }
2157 }
2158 ```
2159 ### DisableThirdPartyModuleBlocking
2160 Do not allow blocking third-party modules from the `about:third-party` page.
2161
2162 This policy only works on Windows through GPO (not policies.json).
2163
2164 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2165 **CCK2 Equivalent:** N/A\
2166 **Preferences Affected:** N/A
2167
2168 #### Windows (GPO)
2169 ```
2170 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2171 ```
2172 #### Windows (Intune)
2173 OMA-URI:
2174 ```
2175 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2176 ```
2177 Value (string):
2178 ```
2179 <enabled/> or <disabled/>
2180 ```
2181 ### DisplayBookmarksToolbar
2182 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2183
2184 `always` means the bookmarks toolbar is always shown.
2185
2186 `never` means the bookmarks toolbar is not shown.
2187
2188 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2189
2190 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2191 **CCK2 Equivalent:** N/A\
2192 **Preferences Affected:** N/A
2193
2194 #### Windows (GPO)
2195 ```
2196 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2197 ```
2198 #### Windows (Intune)
2199 OMA-URI:
2200 ```
2201 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2202 ```
2203 Value (string):
2204 ```
2205 <enabled/>
2206 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2207 ```
2208 #### macOS
2209 ```
2210 <dict>
2211 <key>DisplayBookmarksToolbar</key>
2212 <string>always | never | newtab</string>
2213 </dict>
2214 ```
2215 #### policies.json
2216 ```
2217 {
2218 "policies": {
2219 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2220 }
2221 }
2222 ```
2223 ### DisplayBookmarksToolbar (Deprecated)
2224 Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden.
2225
2226 **Compatibility:** Firefox 60, Firefox ESR 60\
2227 **CCK2 Equivalent:** `displayBookmarksToolbar`\
2228 **Preferences Affected:** N/A
2229
2230 #### Windows (GPO)
2231 ```
2232 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
2233 ```
2234 #### Windows (Intune)
2235 OMA-URI:
2236 ```
2237 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar
2238 ```
2239 Value (string):
2240 ```
2241 <enabled/> or <disabled/>
2242 ```
2243 #### macOS
2244 ```
2245 <dict>
2246 <key>DisplayBookmarksToolbar</key>
2247 <true/> | <false/>
2248 </dict>
2249 ```
2250 #### policies.json
2251 ```
2252 {
2253 "policies": {
2254 "DisplayBookmarksToolbar": true | false
2255 }
2256 }
2257 ```
2258 ### DisplayMenuBar
2259 Set the state of the menubar.
2260
2261 `always` means the menubar is shown and cannot be hidden.
2262
2263 `never` means the menubar is hidden and cannot be shown.
2264
2265 `default-on` means the menubar is on by default but can be hidden.
2266
2267 `default-off` means the menubar is off by default but can be shown.
2268
2269 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2270 **CCK2 Equivalent:** `displayMenuBar`\
2271 **Preferences Affected:** N/A
2272
2273 #### Windows (GPO)
2274 ```
2275 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2276 ```
2277 #### Windows (Intune)
2278 OMA-URI:
2279 ```
2280 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2281 ```
2282 Value (string):
2283 ```
2284 <enabled/>
2285 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2286 ```
2287 #### macOS
2288 ```
2289 <dict>
2290 <key>DisplayMenuBar</key>
2291 <string>always | never | default-on | default-off</string>
2292 </dict>
2293 ```
2294 #### policies.json
2295 ```
2296 {
2297 "policies": {
2298 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2299 }
2300 }
2301 ```
2302 ### DisplayMenuBar (Deprecated)
2303 Set the initial state of the menubar. A user can still hide it and it will stay hidden.
2304
2305 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
2306 **CCK2 Equivalent:** `displayMenuBar`\
2307 **Preferences Affected:** N/A
2308
2309 #### Windows (GPO)
2310 ```
2311 Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
2312 ```
2313 #### macOS
2314 ```
2315 <dict>
2316 <key>DisplayMenuBar</key>
2317 <true/> | <false/>
2318 </dict>
2319 ```
2320 #### policies.json
2321 ```
2322 {
2323 "policies": {
2324 "DisplayMenuBar": true | false
2325 }
2326 }
2327 ```
2328 ### DNSOverHTTPS
2329 Configure DNS over HTTPS.
2330
2331 `Enabled` determines whether DNS over HTTPS is enabled
2332
2333 `ProviderURL` is a URL to another provider.
2334
2335 `Locked` prevents the user from changing DNS over HTTPS preferences.
2336
2337 `ExcludedDomains` excludes domains from DNS over HTTPS.
2338
2339 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
2340 **CCK2 Equivalent:** N/A\
2341 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2342
2343 #### Windows (GPO)
2344 ```
2345 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2346 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2347 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2348 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2349 ```
2350 #### Windows (Intune)
2351 OMA-URI:
2352 ```
2353 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2354 ```
2355 Value (string):
2356 ```
2357 <enabled/> or <disabled/>
2358 ```
2359 OMA-URI:
2360 ```
2361 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2362 ```
2363 Value (string):
2364 ```
2365 <enabled/>
2366 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2367 ```
2368 OMA-URI:
2369 ```
2370 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2371 ```
2372 Value (string):
2373 ```
2374 <enabled/> or <disabled/>
2375 ```
2376 OMA-URI:
2377 ```
2378 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2379 ```
2380 Value (string):
2381 ```
2382 <enabled/>
2383 <data id="List" value="1&#xF000;example.com"/>
2384 ```
2385 #### macOS
2386 ```
2387 <dict>
2388 <key>DNSOverHTTPS</key>
2389 <dict>
2390 <key>Enabled</key>
2391 <true/> | <false/>
2392 <key>ProviderURL</key>
2393 <string>URL_TO_ALTERNATE_PROVIDER</string>
2394 <key>Locked</key>
2395 <true/> | <false/>
2396 <key>ExcludedDomains</key>
2397 <array>
2398 <string>example.com</string>
2399 </array>
2400 </dict>
2401 </dict>
2402 ```
2403 #### policies.json
2404 ```
2405 {
2406 "policies": {
2407 "DNSOverHTTPS": {
2408 "Enabled": true | false,
2409 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2410 "Locked": true | false,
2411 "ExcludedDomains": ["example.com"]
2412 }
2413 }
2414 }
2415 ```
2416 ### DontCheckDefaultBrowser
2417 Don't check if Firefox is the default browser at startup.
2418
2419 **Compatibility:** Firefox 60, Firefox ESR 60\
2420 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2421 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2422
2423 #### Windows (GPO)
2424 ```
2425 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2426 ```
2427 #### Windows (Intune)
2428 OMA-URI:
2429 ```
2430 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2431 ```
2432 Value (string):
2433 ```
2434 <enabled/> or <disabled/>
2435 ```
2436 #### macOS
2437 ```
2438 <dict>
2439 <key>DontCheckDefaultBrowser</key>
2440 <true/> | <false/>
2441 </dict>
2442 ```
2443 #### policies.json
2444 ```
2445 {
2446 "policies": {
2447 "DontCheckDefaultBrowser": true | false
2448 }
2449 }
2450 ```
2451 ### DownloadDirectory
2452 Set and lock the download directory.
2453
2454 You can use ${home} for the native home directory.
2455
2456 **Compatibility:** Firefox 68, Firefox ESR 68\
2457 **CCK2 Equivalent:** N/A\
2458 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2459
2460 #### Windows (GPO)
2461 ```
2462 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2463 ```
2464 #### Windows (Intune)
2465 OMA-URI:
2466 ```
2467 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2468 ```
2469 Value (string):
2470 ```
2471 <enabled/>
2472 <data id="Preferences_String" value="${home}\Downloads"/>
2473 ```
2474 #### macOS
2475 ```
2476 <dict>
2477 <key>DownloadDirectory</key>
2478 <string>${home}/Downloads</string>
2479 </dict>
2480 ```
2481 #### policies.json (macOS and Linux)
2482 ```
2483 {
2484 "policies": {
2485 "DownloadDirectory": "${home}/Downloads"
2486 }
2487 ```
2488 #### policies.json (Windows)
2489 ```
2490 {
2491 "policies": {
2492 "DownloadDirectory": "${home}\\Downloads"
2493 }
2494 ```
2495 ### EnableTrackingProtection
2496 Configure tracking protection.
2497
2498 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2499
2500 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2501
2502 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2503
2504 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2505
2506 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2507
2508 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2509
2510 `Exceptions` are origins for which tracking protection is not enabled.
2511
2512 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2513 **CCK2 Equivalent:** N/A\
2514 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2515
2516 #### Windows (GPO)
2517 ```
2518 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2519 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2520 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2521 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2522 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2523 ```
2524 #### Windows (Intune)
2525 OMA-URI:
2526 ```
2527 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2528 ```
2529 Value (string):
2530 ```
2531 <enabled/> or <disabled/>
2532 ```
2533 OMA-URI:
2534 ```
2535 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2536 ```
2537 Value (string):
2538 ```
2539 <enabled/> or <disabled/>
2540 ```
2541 OMA-URI:
2542 ```
2543 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2544 ```
2545 Value (string):
2546 ```
2547 <enabled/> or <disabled/>
2548 ```
2549 OMA-URI:
2550 ```
2551 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2552 ```
2553 Value (string):
2554 ```
2555 <enabled/>
2556 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2557 ```
2558 OMA-URI:
2559 ```
2560 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2561 ```
2562 Value (string):
2563 ```
2564 <enabled/> or <disabled/>
2565 ```
2566 #### macOS
2567 ```
2568 <dict>
2569 <key>EnableTrackingProtection</key>
2570 <dict>
2571 <key>Value</key>
2572 <true/> | <false/>
2573 <key>Locked</key>
2574 <true/> | <false/>
2575 <key>Cryptomining</key>
2576 <true/> | <false/>
2577 <key>Fingerprinting</key>
2578 <true/> | <false/>
2579 <key>Exceptions</key>
2580 <array>
2581 <string>https://example.com</string>
2582 </array>
2583 </dict>
2584 </dict>
2585 ```
2586 #### policies.json
2587 ```
2588 {
2589 "policies": {
2590 "EnableTrackingProtection": {
2591 "Value": true | false,
2592 "Locked": true | false,
2593 "Cryptomining": true | false,
2594 "Fingerprinting": true | false,
2595 "Exceptions": ["https://example.com"]
2596 }
2597 }
2598 }
2599 ```
2600 ### EncryptedMediaExtensions
2601 Enable or disable Encrypted Media Extensions and optionally lock it.
2602
2603 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2604
2605 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2606
2607 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2608 **CCK2 Equivalent:** N/A\
2609 **Preferences Affected:** `media.eme.enabled`
2610
2611 #### Windows (GPO)
2612 ```
2613 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2614 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2615 ```
2616 #### Windows (Intune)
2617 OMA-URI:
2618 ```
2619 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2620 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2621 ```
2622 Value (string):
2623 ```
2624 <enabled/>or <disabled/>
2625 ```
2626 #### macOS
2627 ```
2628 <dict>
2629 <key>EncryptedMediaExtensions</key>
2630 <dict>
2631 <key>Enabled</key>
2632 <true/> | <false/>
2633 <key>Locked</key>
2634 <true/> | <false/>
2635 </dict>
2636 </dict>
2637 ```
2638 #### policies.json
2639 ```
2640 {
2641 "policies": {
2642 "EncryptedMediaExtensions": {
2643 "Enabled": true | false,
2644 "Locked": true | false
2645 }
2646 }
2647 }
2648 ```
2649 ### EnterprisePoliciesEnabled
2650 Enable policy support on macOS.
2651
2652 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2653 **CCK2 Equivalent:** N/A\
2654 **Preferences Affected:** N/A
2655
2656 #### macOS
2657 ```
2658 <dict>
2659 <key>EnterprisePoliciesEnabled</key>
2660 <true/>
2661 </dict>
2662 ```
2663 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2664
2665 Disable warnings based on file extension for specific file types on domains.
2666
2667 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2668
2669 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2670
2671 **Compatibility:** Firefox 102\
2672 **CCK2 Equivalent:** N/A\
2673 **Preferences Affected:** N/A
2674
2675 #### Windows (GPO)
2676 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2677 ```
2678 [
2679 {
2680 "file_extension": "jnlp",
2681 "domains": ["example.com"]
2682 }
2683 ]
2684 ```
2685 #### Windows (Intune)
2686 OMA-URI:
2687 ```
2688 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2689 ```
2690 Value (string):
2691 ```
2692 <enabled/>
2693 <data id="JSON" value='
2694 [
2695 {
2696 "file_extension": "jnlp",
2697 "domains": ["example.com"]
2698 }
2699 ]
2700 '/>
2701 ```
2702 #### macOS
2703 ```
2704 <dict>
2705 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2706 <array>
2707 <dict>
2708 <key>file_extension</key>
2709 <string>jnlp</string>
2710 <key>domains</key>
2711 <array>
2712 <string>example.com</string>
2713 </array>
2714 </dict>
2715 </array>
2716 </dict>
2717 ```
2718 #### policies.json
2719 ```
2720 {
2721 "policies": {
2722 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2723 "file_extension": "jnlp",
2724 "domains": ["example.com"]
2725 }]
2726 }
2727 }
2728 ```
2729 ### Extensions
2730 Control the installation, uninstallation and locking of extensions.
2731
2732 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2733
2734 `Install` is a list of URLs or native paths for extensions to be installed.
2735
2736 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2737
2738 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2739
2740 **Compatibility:** Firefox 60, Firefox ESR 60\
2741 **CCK2 Equivalent:** `addons`\
2742 **Preferences Affected:** N/A
2743
2744 #### Windows (GPO)
2745 ```
2746 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2747 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2748 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2749 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2750 ```
2751 #### Windows (Intune)
2752 OMA-URI:
2753 ```
2754 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2755 ```
2756 Value (string):
2757 ```
2758 <enabled/>
2759 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2760 ```
2761 OMA-URI:
2762 ```
2763 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2764 ```
2765 Value (string):
2766 ```
2767 <enabled/>
2768 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2769 ```
2770 OMA-URI:
2771 ```
2772 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2773 ```
2774 Value (string):
2775 ```
2776 <enabled/>
2777 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2778 ```
2779 #### macOS
2780 ```
2781 <dict>
2782 <key>Extensions</key>
2783 <dict>
2784 <key>Install</key>
2785 <array>
2786 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2787 <string>//path/to/xpi</string>
2788 </array>
2789 <key>Uninstall</key>
2790 <array>
2791 <string>bad_addon_id@mozilla.org</string>
2792 </array>
2793 <key>Locked</key>
2794 <array>
2795 <string>addon_id@mozilla.org</string>
2796 </array>
2797 </dict>
2798 </dict>
2799 ```
2800 #### policies.json
2801 ```
2802 {
2803 "policies": {
2804 "Extensions": {
2805 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2806 "Uninstall": ["bad_addon_id@mozilla.org"],
2807 "Locked": ["addon_id@mozilla.org"]
2808 }
2809 }
2810 }
2811 ```
2812 ### ExtensionSettings
2813 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2814
2815 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2816
2817 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2818
2819 The configuration for each extension is another dictionary that can contain the fields documented below.
2820
2821 | Name | Description |
2822 | --- | --- |
2823 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2824 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2825 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2826 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2827 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2828 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2829 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2830 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2831 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2832 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2833 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2834
2835 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2836 **CCK2 Equivalent:** N/A\
2837 **Preferences Affected:** N/A
2838
2839 #### Windows (GPO)
2840 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2841 ```
2842 {
2843 "*": {
2844 "blocked_install_message": "Custom error message.",
2845 "install_sources": ["https://yourwebsite.com/*"],
2846 "installation_mode": "blocked",
2847 "allowed_types": ["extension"]
2848 },
2849 "uBlock0@raymondhill.net": {
2850 "installation_mode": "force_installed",
2851 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2852 },
2853 "https-everywhere@eff.org": {
2854 "installation_mode": "allowed"
2855 }
2856 }
2857 ```
2858 #### Windows (Intune)
2859 OMA-URI:
2860 ```
2861 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2862 ```
2863 Value (string):
2864 ```
2865 <enabled/>
2866 <data id="ExtensionSettings" value='
2867 {
2868 "*": {
2869 "blocked_install_message": "Custom error message.",
2870 "install_sources": ["https://yourwebsite.com/*"],
2871 "installation_mode": "blocked",
2872 "allowed_types": ["extension"]
2873 },
2874 "uBlock0@raymondhill.net": {
2875 "installation_mode": "force_installed",
2876 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2877 },
2878 "https-everywhere@eff.org": {
2879 "installation_mode": "allowed"
2880 }
2881 }'/>
2882 ```
2883 #### macOS
2884 ```
2885 <dict>
2886 <key>ExtensionSettings</key>
2887 <dict>
2888 <key>*</key>
2889 <dict>
2890 <key>blocked_install_message</key>
2891 <string>Custom error message.</string>
2892 <key>install_sources</key>
2893 <array>
2894 <string>"https://yourwebsite.com/*"</string>
2895 </array>
2896 <key>installation_mode</key>
2897 <string>blocked</string>
2898 <key>allowed_types</key>
2899 <array>
2900 <string>extension</string>
2901 </array>
2902 </dict>
2903 <key>uBlock0@raymondhill.net</key>
2904 <dict>
2905 <key>installation_mode</key>
2906 <string>force_installed</string>
2907 <key>install_url</key>
2908 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2909 </dict>
2910 <key>https-everywhere@eff.org</key>
2911 <dict>
2912 <key>installation_mode</key>
2913 <string>allowed</string>
2914 </dict>
2915 </dict>
2916 </dict>
2917 ```
2918 #### policies.json
2919 ```
2920 {
2921 "policies": {
2922 "ExtensionSettings": {
2923 "*": {
2924 "blocked_install_message": "Custom error message.",
2925 "install_sources": ["https://yourwebsite.com/*"],
2926 "installation_mode": "blocked",
2927 "allowed_types": ["extension"]
2928 },
2929 "uBlock0@raymondhill.net": {
2930 "installation_mode": "force_installed",
2931 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2932 },
2933 "https-everywhere@eff.org": {
2934 "installation_mode": "allowed"
2935 }
2936 }
2937 }
2938 }
2939 ```
2940 ### ExtensionUpdate
2941 Control extension updates.
2942
2943 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2944 **CCK2 Equivalent:** N/A\
2945 **Preferences Affected:** `extensions.update.enabled`
2946
2947 #### Windows (GPO)
2948 ```
2949 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2950 ```
2951 #### Windows (Intune)
2952 OMA-URI:
2953 ```
2954 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2955 ```
2956 Value (string):
2957 ```
2958 <enabled/> or <disabled/>
2959 ```
2960 #### macOS
2961 ```
2962 <dict>
2963 <key>ExtensionUpdate</key>
2964 <true/> | <false/>
2965 </dict>
2966 ```
2967 #### policies.json
2968 ```
2969 {
2970 "policies": {
2971 "ExtensionUpdate": true | false
2972 }
2973 }
2974 ```
2975 ### FirefoxHome
2976 Customize the Firefox Home page.
2977
2978 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
2979 **CCK2 Equivalent:** N/A\
2980 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
2981
2982 #### Windows (GPO)
2983 ```
2984 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2985 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2986 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
2987 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2988 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2989 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
2990 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2991 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2992 ```
2993 #### Windows (Intune)
2994 OMA-URI:
2995 ```
2996 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2997 ```
2998 Value (string):
2999 ```
3000 <enabled/>
3001 <data id="FirefoxHome_Search" value="true | false"/>
3002 <data id="FirefoxHome_TopSites" value="true | false"/>
3003 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3004 <data id="FirefoxHome_Highlights" value="true | false"/>
3005 <data id="FirefoxHome_Pocket" value="true | false"/>
3006 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3007 <data id="FirefoxHome_Snippets" value="true | false"/>
3008 <data id="FirefoxHome_Locked" value="true | false"/>
3009 ```
3010 #### macOS
3011 ```
3012 <dict>
3013 <key>FirefoxHome</key>
3014 <dict>
3015 <key>Search</key>
3016 <true/> | <false/>
3017 <key>TopSites</key>
3018 <true/> | <false/>
3019 <key>SponsoredTopSites</key>
3020 <true/> | <false/>
3021 <key>Highlights</key>
3022 <true/> | <false/>
3023 <key>Pocket</key>
3024 <true/> | <false/>
3025 <key>SponsoredPocket</key>
3026 <true/> | <false/>
3027 <key>Snippets</key>
3028 <true/> | <false/>
3029 <key>Locked</key>
3030 <true/> | <false/>
3031 </dict>
3032 </dict>
3033 ```
3034 #### policies.json
3035 ```
3036 {
3037 "policies": {
3038 "FirefoxHome": {
3039 "Search": true | false,
3040 "TopSites": true | false,
3041 "SponsoredTopSites": true | false,
3042 "Highlights": true | false,
3043 "Pocket": true | false,
3044 "SponsoredPocket": true | false,
3045 "Snippets": true | false,
3046 "Locked": true | false
3047 }
3048 }
3049 }
3050 ```
3051 ### FlashPlugin (Deprecated)
3052 Configure the default Flash plugin policy as well as origins for which Flash is allowed.
3053
3054 `Allow` is a list of origins where Flash are allowed.
3055
3056 `Block` is a list of origins where Flash is not allowed.
3057
3058 `Default` determines whether or not Flash is allowed by default.
3059
3060 `Locked` prevents the user from changing Flash preferences.
3061
3062 **Compatibility:** Firefox 60, Firefox ESR 60\
3063 **CCK2 Equivalent:** `permissions.plugin`\
3064 **Preferences Affected:** `plugin.state.flash`
3065
3066 #### Windows (GPO)
3067 ```
3068 Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org"
3069 Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu"
3070 Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
3071 Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
3072 ```
3073 #### Windows (Intune)
3074 OMA-URI:
3075 ```
3076 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow
3077 ```
3078 Value (string):
3079 ```
3080 <enabled/>
3081 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3082 ```
3083 OMA-URI:
3084 ```
3085 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked
3086 ```
3087 Value (string):
3088 ```
3089 <enabled/> or <disabled/>
3090 ```
3091 OMA-URI:
3092 ```
3093 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default
3094 ```
3095 Value (string):
3096 ```
3097 <enabled/> or <disabled/>
3098 ```
3099 #### macOS
3100 ```
3101 <dict>
3102 <key>FlashPlugin</key>
3103 <dict>
3104 <key>Allow</key>
3105 <array>
3106 <string>http://example.org</string>
3107 </array>
3108 <key>Block</key>
3109 <array>
3110 <string>http://example.edu</string>
3111 </array>
3112 <key>Default</key>
3113 <true/> | <false/>
3114 <key>Locked</key>
3115 <true/> | <false/>
3116 </dict>
3117 </dict>
3118 ```
3119 #### policies.json
3120 ```
3121 {
3122 "policies": {
3123 "FlashPlugin": {
3124 "Allow": ["http://example.org/"],
3125 "Block": ["http://example.edu/"],
3126 "Default": true | false,
3127 "Locked": true | false
3128 }
3129 }
3130 }
3131 ```
3132 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3133 Whether to always go through the DNS server before sending a single word search string to a search engine.
3134
3135 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3136
3137 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3138
3139 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3140
3141 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3142
3143 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3144
3145 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3146 **CCK2 Equivalent:** `N/A`\
3147 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3148
3149 #### Windows (GPO)
3150 ```
3151 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3152 ```
3153 #### Windows (Intune)
3154 OMA-URI:
3155 ```
3156 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3157 ```
3158 Value (string):
3159 ```
3160 <enabled/> or <disabled/>
3161 ```
3162 #### macOS
3163 ```
3164 <dict>
3165 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3166 <true/> | <false/>
3167 </dict>
3168 ```
3169 #### policies.json
3170 ```
3171 {
3172 "policies": {
3173 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3174 }
3175 }
3176 ```
3177 ### Handlers
3178 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3179
3180 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3181
3182 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3183
3184 | Name | Description |
3185 | --- | --- |
3186 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3187 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3188 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3189 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3190 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3191 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3192
3193 **Compatibility:** Firefox 78, Firefox ESR 78\
3194 **CCK2 Equivalent:** N/A\
3195 **Preferences Affected:** N/A
3196
3197 #### Windows (GPO)
3198 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3199 ```
3200 {
3201 "mimeTypes": {
3202 "application/msword": {
3203 "action": "useSystemDefault",
3204 "ask": true | false
3205 }
3206 },
3207 "schemes": {
3208 "mailto": {
3209 "action": "useHelperApp",
3210 "ask": true | false,
3211 "handlers": [{
3212 "name": "Gmail",
3213 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3214 }]
3215 }
3216 },
3217 "extensions": {
3218 "pdf": {
3219 "action": "useHelperApp",
3220 "ask": true | false,
3221 "handlers": [{
3222 "name": "Adobe Acrobat",
3223 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3224 }]
3225 }
3226 }
3227 }
3228 ```
3229 #### Windows (Intune)
3230 OMA-URI:
3231 ```
3232 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3233 ```
3234 Value (string):
3235 ```
3236 <enabled/>
3237 <data id="Handlers" value='
3238 {
3239 "mimeTypes": {
3240 "application/msword": {
3241 "action": "useSystemDefault",
3242 "ask": true | false
3243 }
3244 },
3245 "schemes": {
3246 "mailto": {
3247 "action": "useHelperApp",
3248 "ask": true | false,
3249 "handlers": [{
3250 "name": "Gmail",
3251 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3252 }]
3253 }
3254 },
3255 "extensions": {
3256 "pdf": {
3257 "action": "useHelperApp",
3258 "ask": true | false,
3259 "handlers": [{
3260 "name": "Adobe Acrobat",
3261 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3262 }]
3263 }
3264 }
3265 }
3266 '/>
3267 ```
3268 #### macOS
3269 ```
3270 <dict>
3271 <key>Handlers</key>
3272 <dict>
3273 <key>mimeTypes</key>
3274 <dict>
3275 <key>application/msword</key>
3276 <dict>
3277 <key>action</key>
3278 <string>useSystemDefault</string>
3279 <key>ask</key>
3280 <true/> | <false/>
3281 </dict>
3282 </dict>
3283 <key>schemes</key>
3284 <dict>
3285 <key>mailto</key>
3286 <dict>
3287 <key>action</key>
3288 <string>useHelperApp</string>
3289 <key>ask</key>
3290 <true/> | <false/>
3291 <key>handlers</key>
3292 <array>
3293 <dict>
3294 <key>name</key>
3295 <string>Gmail</string>
3296 <key>uriTemplate</key>
3297 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3298 </dict>
3299 </array>
3300 </dict>
3301 </dict>
3302 <key>extensions</key>
3303 <dict>
3304 <key>pdf</key>
3305 <dict>
3306 <key>action</key>
3307 <string>useHelperApp</string>
3308 <key>ask</key>
3309 <true/> | <false/>
3310 <key>handlers</key>
3311 <array>
3312 <dict>
3313 <key>name</key>
3314 <string>Adobe Acrobat</string>
3315 <key>path</key>
3316 <string>/System/Applications/Preview.app</string>
3317 </dict>
3318 </array>
3319 </dict>
3320 </dict>
3321 </dict>
3322 </dict>
3323 ```
3324 #### policies.json
3325 ```
3326 {
3327 "policies": {
3328 "Handlers": {
3329 "mimeTypes": {
3330 "application/msword": {
3331 "action": "useSystemDefault",
3332 "ask": false
3333 }
3334 },
3335 "schemes": {
3336 "mailto": {
3337 "action": "useHelperApp",
3338 "ask": true | false,
3339 "handlers": [{
3340 "name": "Gmail",
3341 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3342 }]
3343 }
3344 },
3345 "extensions": {
3346 "pdf": {
3347 "action": "useHelperApp",
3348 "ask": true | false,
3349 "handlers": [{
3350 "name": "Adobe Acrobat",
3351 "path": "/usr/bin/acroread"
3352 }]
3353 }
3354 }
3355 }
3356 }
3357 }
3358 ```
3359 ### HardwareAcceleration
3360 Control hardware acceleration.
3361
3362 **Compatibility:** Firefox 60, Firefox ESR 60\
3363 **CCK2 Equivalent:** N/A\
3364 **Preferences Affected:** `layers.acceleration.disabled`
3365
3366 #### Windows (GPO)
3367 ```
3368 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3369 ```
3370 #### Windows (Intune)
3371 OMA-URI:
3372 ```
3373 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3374 ```
3375 Value (string):
3376 ```
3377 <enabled/> or <disabled/>
3378 ```
3379 #### macOS
3380 ```
3381 <dict>
3382 <key>HardwareAcceleration</key>
3383 <true/> | <false/>
3384 </dict>
3385 ```
3386 #### policies.json
3387 ```
3388 {
3389 "policies": {
3390 "HardwareAcceleration": true | false
3391 }
3392 }
3393 ```
3394 ### Homepage
3395 Configure the default homepage and how Firefox starts.
3396
3397 `URL` is the default homepage.
3398
3399 `Locked` prevents the user from changing homepage preferences.
3400
3401 `Additional` allows for more than one homepage.
3402
3403 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3404
3405 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3406
3407 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3408 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3409 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3410
3411 #### Windows (GPO)
3412 ```
3413 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3414 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3415 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3416 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3417 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3418 ```
3419 #### Windows (Intune)
3420 OMA-URI:
3421 ```
3422 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3423 ```
3424 Value (string):
3425 ```
3426 <enabled/>
3427
3428 <data id="HomepageURL" value="https://example.com"/>
3429 <data id="HomepageLocked" value="true | false"/>
3430 ```
3431 OMA-URI:
3432 ```
3433 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3434 ```
3435 Value (string):
3436 ```
3437 <enabled/>
3438
3439 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3440 ```
3441 OMA-URI:
3442 ```
3443 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3444 ```
3445 Value (string):
3446 ```
3447 <enabled/>
3448
3449 <data id="StartPage" value="none | homepage | previous-session"/>
3450 ```
3451 #### macOS
3452 ```
3453 <dict>
3454 <key>Homepage</key>
3455 <dict>
3456 <key>URL</key>
3457 <string>http://example.com</string>
3458 <key>Locked</key>
3459 <true/> | <false/>
3460 <key>Additional</key>
3461 <array>
3462 <string>http://example.org</string>
3463 <string>http://example.edu</string>
3464 </array>
3465 <key>StartPage</key>
3466 <string>none | homepage | previous-session | homepage-locked</string>
3467 </dict>
3468 </dict>
3469 ```
3470 #### policies.json
3471 ```
3472 {
3473 "policies": {
3474 "Homepage": {
3475 "URL": "http://example.com/",
3476 "Locked": true | false,
3477 "Additional": ["http://example.org/",
3478 "http://example.edu/"],
3479 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3480 }
3481 }
3482 }
3483 ```
3484 ### InstallAddonsPermission
3485 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3486
3487 `Allow` is a list of origins where extension installs are allowed.
3488
3489 `Default` determines whether or not extension installs are allowed by default.
3490
3491 **Compatibility:** Firefox 60, Firefox ESR 60\
3492 **CCK2 Equivalent:** `permissions.install`\
3493 **Preferences Affected:** `xpinstall.enabled`
3494
3495 #### Windows (GPO)
3496 ```
3497 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3498 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3499 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3500 ```
3501 #### Windows (Intune)
3502 OMA-URI:
3503 ```
3504 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3505 ```
3506 Value (string):
3507 ```
3508 <enabled/>
3509 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3510 ```
3511 OMA-URI:
3512 ```
3513 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3514 ```
3515 Value (string):
3516 ```
3517 <enabled/>
3518 ```
3519 #### macOS
3520 ```
3521 <dict>
3522 <key>InstallAddonsPermission</key>
3523 <dict>
3524 <key>Allow</key>
3525 <array>
3526 <string>http://example.org</string>
3527 <string>http://example.edu</string>
3528 </array>
3529 <key>Default</key>
3530 <true/> | <false/>
3531 </dict>
3532 </dict>
3533 ```
3534 #### policies.json
3535 ```
3536 {
3537 "policies": {
3538 "InstallAddonsPermission": {
3539 "Allow": ["http://example.org/",
3540 "http://example.edu/"],
3541 "Default": true | false
3542 }
3543 }
3544 }
3545 ```
3546 ### LegacyProfiles
3547 Disable the feature enforcing a separate profile for each installation.
3548
3549 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3550
3551 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3552
3553 This policy only work on Windows via GPO (not policies.json).
3554
3555 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3556 **CCK2 Equivalent:** N/A\
3557 **Preferences Affected:** N/A
3558
3559 #### Windows (GPO)
3560 ```
3561 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3562 ```
3563 #### Windows (Intune)
3564 OMA-URI:
3565 ```
3566 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3567 ```
3568 Value (string):
3569 ```
3570 <enabled/> or <disabled/>
3571 ```
3572 ### LegacySameSiteCookieBehaviorEnabled
3573 Enable default legacy SameSite cookie behavior setting.
3574
3575 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3576
3577 **Compatibility:** Firefox 96\
3578 **CCK2 Equivalent:** N/A\
3579 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3580
3581 #### Windows (GPO)
3582 ```
3583 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3584 ```
3585 #### Windows (Intune)
3586 OMA-URI:
3587 ```
3588 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3589 ```
3590 Value (string):
3591 ```
3592 <enabled/> or <disabled/>
3593 ```
3594 #### macOS
3595 ```
3596 <dict>
3597 <key>LegacySameSiteCookieBehaviorEnabled</key>
3598 <true/> | <false/>
3599 </dict>
3600 ```
3601 #### policies.json
3602 ```
3603 {
3604 "policies": {
3605 "LegacySameSiteCookieBehaviorEnabled": true | false
3606 }
3607 ```
3608 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3609 Revert to legacy SameSite behavior for cookies on specified sites.
3610
3611 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3612
3613 **Compatibility:** Firefox 96\
3614 **CCK2 Equivalent:** N/A\
3615 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3616
3617 #### Windows (GPO)
3618 ```
3619 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3620 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3621 ```
3622 #### Windows (Intune)
3623 OMA-URI:
3624 ```
3625 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3626 ```
3627 Value (string):
3628 ```
3629 <enabled/>
3630 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3631 ```
3632 #### macOS
3633 ```
3634 <dict>
3635 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3636 <array>
3637 <string>example.org</string>
3638 <string>example.edu</string>
3639 </array>
3640 </dict>
3641 ```
3642 #### policies.json
3643 ```
3644 {
3645 "policies": {
3646 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3647 "example.edu"]
3648 }
3649 }
3650 ```
3651 ### LocalFileLinks
3652 Enable linking to local files by origin.
3653
3654 **Compatibility:** Firefox 68, Firefox ESR 68\
3655 **CCK2 Equivalent:** N/A\
3656 **Preferences Affected:** `capability.policy.localfilelinks.*`
3657
3658 #### Windows (GPO)
3659 ```
3660 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3661 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3662 ```
3663 #### Windows (Intune)
3664 OMA-URI:
3665 ```
3666 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3667 ```
3668 Value (string):
3669 ```
3670 <enabled/>
3671 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3672 ```
3673 #### macOS
3674 ```
3675 <dict>
3676 <key>LocalFileLinks</key>
3677 <array>
3678 <string>http://example.org</string>
3679 <string>http://example.edu</string>
3680 </array>
3681 </dict>
3682 ```
3683 #### policies.json
3684 ```
3685 {
3686 "policies": {
3687 "LocalFileLinks": ["http://example.org/",
3688 "http://example.edu/"]
3689 }
3690 }
3691 ```
3692 ### ManagedBookmarks
3693 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3694
3695 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3696
3697 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3698 ```
3699 {
3700 "items": {
3701 "id": "BookmarkType",
3702 "properties": {
3703 "children": {
3704 "items": {
3705 "$ref": "BookmarkType"
3706 },
3707 "type": "array"
3708 },
3709 "name": {
3710 "type": "string"
3711 },
3712 "toplevel_name": {
3713 "type": "string"
3714 },
3715 "url": {
3716 "type": "string"
3717 }
3718 },
3719 "type": "object"
3720 },
3721 "type": "array"
3722 }
3723 ```
3724 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3725 **CCK2 Equivalent:** N/A\
3726 **Preferences Affected:** N/A
3727
3728 #### Windows (GPO)
3729 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3730 ```
3731 [
3732 {
3733 "toplevel_name": "My managed bookmarks folder"
3734 },
3735 {
3736 "url": "example.com",
3737 "name": "Example"
3738 },
3739 {
3740 "name": "Mozilla links",
3741 "children": [
3742 {
3743 "url": "https://mozilla.org",
3744 "name": "Mozilla.org"
3745 },
3746 {
3747 "url": "https://support.mozilla.org/",
3748 "name": "SUMO"
3749 }
3750 ]
3751 }
3752 ]
3753 ```
3754 #### Windows (Intune)
3755 OMA-URI:
3756 ```
3757 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3758 ```
3759 Value (string):
3760 ```
3761 <enabled/>
3762 <data id="JSON" value='
3763 [
3764 {
3765 "toplevel_name": "My managed bookmarks folder"
3766 },
3767 {
3768 "url": "example.com",
3769 "name": "Example"
3770 },
3771 {
3772 "name": "Mozilla links",
3773 "children": [
3774 {
3775 "url": "https://mozilla.org",
3776 "name": "Mozilla.org"
3777 },
3778 {
3779 "url": "https://support.mozilla.org/",
3780 "name": "SUMO"
3781 }
3782 ]
3783 }
3784 ]'/>
3785 ```
3786 #### macOS
3787 ```
3788 <dict>
3789 <key>ManagedBookmarks</key>
3790 <array>
3791 <dict>
3792 <key>toplevel_name</key>
3793 <string>My managed bookmarks folder</string>
3794 <dict>
3795 <key>url</key>
3796 <string>example.com</string>
3797 <key>name</key>
3798 <string>Example</string>
3799 </dict>
3800 <dict>
3801 <key>name</key>
3802 <string>Mozilla links</string>
3803 <key>children</key>
3804 <array>
3805 <dict>
3806 <key>url</key>
3807 <string>https://mozilla.org</string>
3808 <key>name</key>
3809 <string>Mozilla</string>
3810 </dict>
3811 <dict>
3812 <key>url</key>
3813 <string>https://support.mozilla.org/</string>
3814 <key>name</key>
3815 <string>SUMO</string>
3816 </dict>
3817 </array>
3818 </dict>
3819 </array>
3820 </dict>
3821 ```
3822 #### policies.json
3823 ```
3824 {
3825 "policies": {
3826 "ManagedBookmarks": [
3827 {
3828 "toplevel_name": "My managed bookmarks folder"
3829 },
3830 {
3831 "url": "example.com",
3832 "name": "Example"
3833 },
3834 {
3835 "name": "Mozilla links",
3836 "children": [
3837 {
3838 "url": "https://mozilla.org",
3839 "name": "Mozilla.org"
3840 },
3841 {
3842 "url": "https://support.mozilla.org/",
3843 "name": "SUMO"
3844 }
3845 ]
3846 }
3847 ]
3848 }
3849 }
3850 ```
3851 ### ManualAppUpdateOnly
3852
3853 Switch to manual updates only.
3854
3855 If this policy is enabled:
3856 1. The user will never be prompted to install updates
3857 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3858 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3859
3860 This policy is primarily intended for advanced end users, not for enterprises.
3861
3862 **Compatibility:** Firefox 87\
3863 **CCK2 Equivalent:** N/A\
3864 **Preferences Affected:** N/A
3865
3866 #### policies.json
3867 ```
3868 {
3869 "policies": {
3870 "ManualAppUpdateOnly": true | false
3871 }
3872 }
3873 ```
3874 ### NetworkPrediction
3875 Enable or disable network prediction (DNS prefetching).
3876
3877 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3878 **CCK2 Equivalent:** N/A\
3879 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3880
3881 #### Windows (GPO)
3882 ```
3883 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3884 ```
3885 #### Windows (Intune)
3886 OMA-URI:
3887 ```
3888 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3889 ```
3890 Value (string):
3891 ```
3892 <enabled/> or <disabled/>
3893 ```
3894 #### macOS
3895 ```
3896 <dict>
3897 <key>NetworkPrediction</key>
3898 <true/> | <false/>
3899 </dict>
3900 ```
3901 #### policies.json
3902 ```
3903 {
3904 "policies": {
3905 "NetworkPrediction": true | false
3906 }
3907 ```
3908 ### NewTabPage
3909 Enable or disable the New Tab page.
3910
3911 **Compatibility:** Firefox 68, Firefox ESR 68\
3912 **CCK2 Equivalent:** N/A\
3913 **Preferences Affected:** `browser.newtabpage.enabled`
3914
3915 #### Windows (GPO)
3916 ```
3917 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3918 ```
3919 #### Windows (Intune)
3920 OMA-URI:
3921 ```
3922 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3923 ```
3924 Value (string):
3925 ```
3926 <enabled/> or <disabled/>
3927 ```
3928 #### macOS
3929 ```
3930 <dict>
3931 <key>NewTabPage</key>
3932 <true/> | <false/>
3933 </dict>
3934 ```
3935 #### policies.json
3936 ```
3937 {
3938 "policies": {
3939 "NewTabPage": true | false
3940 }
3941 ```
3942 ### NoDefaultBookmarks
3943 Disable the creation of default bookmarks.
3944
3945 This policy is only effective if the user profile has not been created yet.
3946
3947 **Compatibility:** Firefox 60, Firefox ESR 60\
3948 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3949 **Preferences Affected:** N/A
3950
3951 #### Windows (GPO)
3952 ```
3953 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3954 ```
3955 #### Windows (Intune)
3956 OMA-URI:
3957 ```
3958 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3959 ```
3960 Value (string):
3961 ```
3962 <enabled/> or <disabled/>
3963 ```
3964 #### macOS
3965 ```
3966 <dict>
3967 <key>NoDefaultBookmarks</key>
3968 <true/> | <false/>
3969 </dict>
3970 ```
3971 #### policies.json
3972 ```
3973 {
3974 "policies": {
3975 "NoDefaultBookmarks": true | false
3976 }
3977 }
3978 ```
3979 ### OfferToSaveLogins
3980 Control whether or not Firefox offers to save passwords.
3981
3982 **Compatibility:** Firefox 60, Firefox ESR 60\
3983 **CCK2 Equivalent:** `dontRememberPasswords`\
3984 **Preferences Affected:** `signon.rememberSignons`
3985
3986 #### Windows (GPO)
3987 ```
3988 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3989 ```
3990 #### Windows (Intune)
3991 OMA-URI:
3992 ```
3993 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3994 ```
3995 Value (string):
3996 ```
3997 <enabled/> or <disabled/>
3998 ```
3999 #### macOS
4000 ```
4001 <dict>
4002 <key>OfferToSaveLogins</key>
4003 <true/> | <false/>
4004 </dict>
4005 ```
4006 #### policies.json
4007 ```
4008 {
4009 "policies": {
4010 "OfferToSaveLogins": true | false
4011 }
4012 }
4013 ```
4014 ### OfferToSaveLoginsDefault
4015 Sets the default value of signon.rememberSignons without locking it.
4016
4017 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4018 **CCK2 Equivalent:** `dontRememberPasswords`\
4019 **Preferences Affected:** `signon.rememberSignons`
4020
4021 #### Windows (GPO)
4022 ```
4023 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4024 ```
4025 #### Windows (Intune)
4026 OMA-URI:
4027 ```
4028 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4029 ```
4030 Value (string):
4031 ```
4032 <enabled/> or <disabled/>
4033 ```
4034 #### macOS
4035 ```
4036 <dict>
4037 <key>OfferToSaveLoginsDefault</key>
4038 <true/> | <false/>
4039 </dict>
4040 ```
4041 #### policies.json
4042 ```
4043 {
4044 "policies": {
4045 "OfferToSaveLoginsDefault": true | false
4046 }
4047 }
4048 ```
4049 ### OverrideFirstRunPage
4050 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4051
4052 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4053
4054 **Compatibility:** Firefox 60, Firefox ESR 60\
4055 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4056 **Preferences Affected:** `startup.homepage_welcome_url`
4057
4058 #### Windows (GPO)
4059 ```
4060 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4061 ```
4062 #### Windows (Intune)
4063 OMA-URI:
4064 ```
4065 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4066 ```
4067 Value (string):
4068 ```
4069 <enabled/>
4070 <data id="OverridePage" value="https://example.com"/>
4071 ```
4072 #### macOS
4073 ```
4074 <dict>
4075 <key>OverrideFirstRunPage</key>
4076 <string>http://example.org</string>
4077 </dict>
4078 ```
4079 #### policies.json
4080 ```
4081 {
4082 "policies": {
4083 "OverrideFirstRunPage": "http://example.org"
4084 }
4085 }
4086 ```
4087 ### OverridePostUpdatePage
4088 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4089
4090 **Compatibility:** Firefox 60, Firefox ESR 60\
4091 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4092 **Preferences Affected:** `startup.homepage_override_url`
4093
4094 #### Windows (GPO)
4095 ```
4096 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4097 ```
4098 #### Windows (Intune)
4099 OMA-URI:
4100 ```
4101 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4102 ```
4103 Value (string):
4104 ```
4105 <enabled/>
4106 <data id="OverridePage" value="https://example.com"/>
4107 ```
4108 #### macOS
4109 ```
4110 <dict>
4111 <key>OverridePostUpdatePage</key>
4112 <string>http://example.org</string>
4113 </dict>
4114 ```
4115 #### policies.json
4116 ```
4117 {
4118 "policies": {
4119 "OverridePostUpdatePage": "http://example.org"
4120 }
4121 }
4122 ```
4123 ### PasswordManagerEnabled
4124 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4125
4126 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4127 **CCK2 Equivalent:** N/A\
4128 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4129
4130 #### Windows (GPO)
4131 ```
4132 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4133 ```
4134 #### Windows (Intune)
4135 OMA-URI:
4136 ```
4137 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4138 ```
4139 Value (string):
4140 ```
4141 <enabled/> or <disabled/>
4142 ```
4143 #### macOS
4144 ```
4145 <dict>
4146 <key>PasswordManagerEnabled</key>
4147 <true/> | <false/>
4148 </dict>
4149 ```
4150 #### policies.json
4151 ```
4152 {
4153 "policies": {
4154 "PasswordManagerEnabled": true | false
4155 }
4156 }
4157 ```
4158 ### PasswordManagerExceptions
4159 Prevent Firefox from saving passwords for specific sites.
4160
4161 The sites are specified as a list of origins.
4162
4163 **Compatibility:** Firefox 101\
4164 **CCK2 Equivalent:** N/A\
4165 **Preferences Affected:** N/A
4166
4167 #### Windows (GPO)
4168 ```
4169 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4170 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4171 ```
4172 #### Windows (Intune)
4173 OMA-URI:
4174 ```
4175 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4176 ```
4177 Value (string):
4178 ```
4179 <enabled/>
4180 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4181 ```
4182 #### macOS
4183 ```
4184 <dict>
4185 <key>PasswordManagerExceptions</key>
4186 <array>
4187 <string>https://example.org</string>
4188 <string>https://example.edu</string>
4189 </array>
4190 </dict>
4191 ```
4192 #### policies.json
4193 ```
4194 {
4195 "policies": {
4196 "PasswordManagerExceptions": ["https://example.org",
4197 "https://example.edu"]
4198 }
4199 }
4200 ```
4201
4202 ### PDFjs
4203 Disable or configure PDF.js, the built-in PDF viewer.
4204
4205 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4206
4207 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4208
4209 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4210
4211 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4212 **CCK2 Equivalent:** N/A\
4213 **Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
4214
4215 #### Windows (GPO)
4216 ```
4217 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4218 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4219 ```
4220 #### Windows (Intune)
4221 OMA-URI:
4222 ```
4223 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4224 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4225 ```
4226 Value (string):
4227 ```
4228 <enabled/>or <disabled/>
4229 ```
4230 #### macOS
4231 ```
4232 <dict>
4233 <key>PDFjs</key>
4234 <dict>
4235 <key>Enabled</key>
4236 <true/> | <false/>
4237 <key>EnablePermissions</key>
4238 <true/> | <false/>
4239 </dict>
4240 </dict>
4241 ```
4242 #### policies.json
4243 ```
4244 {
4245 "policies": {
4246 "PDFjs": {
4247 "Enabled": true | false,
4248 "EnablePermissions": true | false
4249 }
4250 }
4251 }
4252 ```
4253 ### Permissions
4254 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4255
4256 `Allow` is a list of origins where the feature is allowed.
4257
4258 `Block` is a list of origins where the feature is not allowed.
4259
4260 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4261
4262 `Locked` prevents the user from changing preferences for the feature.
4263
4264 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4265
4266 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4267 **CCK2 Equivalent:** N/A\
4268 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4269
4270 #### Windows (GPO)
4271 ```
4272 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4273 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4274 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4275 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4276 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4277 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4278 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4279 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4280 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4281 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4282 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4283 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4284 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4285 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4286 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4287 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4288 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4289 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4290 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4291 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4292 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4293 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4294 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4295 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4296 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4297 ```
4298 #### Windows (Intune)
4299 OMA-URI:
4300 ```
4301 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4302 ```
4303 Value (string):
4304 ```
4305 <enabled/> or <disabled/>
4306 ```
4307 OMA-URI:
4308 ```
4309 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4310 ```
4311 Value (string):
4312 ```
4313 <enabled/> or <disabled/>
4314 ```
4315 OMA-URI:
4316 ```
4317 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4318 ```
4319 Value (string):
4320 ```
4321 <enabled/>
4322 <data id="Permissions" value="1&#xF000;https://example.org"/>
4323 ```
4324 OMA-URI:
4325 ```
4326 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4327 ```
4328 Value (string):
4329 ```
4330 <enabled/> or <disabled/>
4331 ```
4332 OMA-URI:
4333 ```
4334 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4335 ```
4336 Value (string):
4337 ```
4338 <enabled/> or <disabled/>
4339 ```
4340 OMA-URI:
4341 ```
4342 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4343 ```
4344 Value (string):
4345 ```
4346 <enabled/>
4347 <data id="Permissions" value="1&#xF000;https://example.org"/>
4348 ```
4349 OMA-URI:
4350 ```
4351 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4352 ```
4353 Value (string):
4354 ```
4355 <enabled/>
4356 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4357 ```
4358 OMA-URI:
4359 ```
4360 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4361 ```
4362 Value (string):
4363 ```
4364 <enabled/>
4365 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4366 ```
4367 OMA-URI:
4368 ```
4369 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4370 ```
4371 Value (string):
4372 ```
4373 <enabled/> or <disabled/>
4374 ```
4375 OMA-URI:
4376 ```
4377 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4378 ```
4379 Value (string):
4380 ```
4381 <enabled/>
4382 <data id="Permissions" value="1&#xF000;https://example.org"/>
4383 ```
4384 OMA-URI:
4385 ```
4386 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4387 ```
4388 Value (string):
4389 ```
4390 <enabled/>
4391 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4392 ```
4393 OMA-URI:
4394 ```
4395 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4396 ```
4397 Value (string):
4398 ```
4399 <enabled/> or <disabled/>
4400 ```
4401 OMA-URI:
4402 ```
4403 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4404 ```
4405 Value (string):
4406 ```
4407 <enabled/> or <disabled/>
4408 ```
4409 #### macOS
4410 ```
4411 <dict>
4412 <key>Permissions</key>
4413 <dict>
4414 <key>Camera</key>
4415 <dict>
4416 <key>Allow</key>
4417 <array>
4418 <string>https://example.org</string>
4419 <string>https://example.org:1234</string>
4420 </array>
4421 <key>Block</key>
4422 <array>
4423 <string>https://example.edu</string>
4424 </array>
4425 <key>BlockNewRequests</key>
4426 <true/> | <false/>
4427 <key>Locked</key>
4428 <true/> | <false/>
4429 </dict>
4430 <key>Microphone</key>
4431 <dict>
4432 <key>Allow</key>
4433 <array>
4434 <string>https://example.org</string>
4435 </array>
4436 <key>Block</key>
4437 <array>
4438 <string>https://example.edu</string>
4439 </array>
4440 <key>BlockNewRequests</key>
4441 <true/> | <false/>
4442 <key>Locked</key>
4443 <true/> | <false/>
4444 </dict>
4445 <key>Location</key>
4446 <dict>
4447 <key>Allow</key>
4448 <array>
4449 <string>https://example.org</string>
4450 </array>
4451 <key>Block</key>
4452 <array>
4453 <string>https://example.edu</string>
4454 </array>
4455 <key>BlockNewRequests</key>
4456 <true/> | <false/>
4457 <key>Locked</key>
4458 <true/> | <false/>
4459 </dict>
4460 <key>Notifications</key>
4461 <dict>
4462 <key>Allow</key>
4463 <array>
4464 <string>https://example.org</string>
4465 </array>
4466 <key>Block</key>
4467 <array>
4468 <string>https://example.edu</string>
4469 </array>
4470 <key>BlockNewRequests</key>
4471 <true/>
4472 <key>Locked</key>
4473 <true/>
4474 </dict>
4475 <key>Autoplay</key>
4476 <dict>
4477 <key>Allow</key>
4478 <array>
4479 <string>https://example.org</string>
4480 </array>
4481 <key>Block</key>
4482 <array>
4483 <string>https://example.edu</string>
4484 </array>
4485 <key>Default</key>
4486 <string>allow-audio-video | block-audio | block-audio-video</string>
4487 <key>Locked</key>
4488 <true/> | <false/>
4489 </dict>
4490 </dict>
4491 </dict>
4492 ```
4493 #### policies.json
4494 ```
4495 {
4496 "policies": {
4497 "Permissions": {
4498 "Camera": {
4499 "Allow": ["https://example.org","https://example.org:1234"],
4500 "Block": ["https://example.edu"],
4501 "BlockNewRequests": true | false,
4502 "Locked": true | false
4503 },
4504 "Microphone": {
4505 "Allow": ["https://example.org"],
4506 "Block": ["https://example.edu"],
4507 "BlockNewRequests": true | false,
4508 "Locked": true | false
4509 },
4510 "Location": {
4511 "Allow": ["https://example.org"],
4512 "Block": ["https://example.edu"],
4513 "BlockNewRequests": true | false,
4514 "Locked": true | false
4515 },
4516 "Notifications": {
4517 "Allow": ["https://example.org"],
4518 "Block": ["https://example.edu"],
4519 "BlockNewRequests": true | false,
4520 "Locked": true | false
4521 },
4522 "Autoplay": {
4523 "Allow": ["https://example.org"],
4524 "Block": ["https://example.edu"],
4525 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4526 "Locked": true | false
4527 }
4528 }
4529 }
4530 }
4531 ```
4532 ### PictureInPicture
4533
4534 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4535
4536 **Compatibility:** Firefox 78, Firefox ESR 78\
4537 **CCK2 Equivalent:** N/A\
4538 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4539
4540 #### Windows (GPO)
4541 ```
4542 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4543 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4544
4545 ```
4546 #### Windows (Intune)
4547 OMA-URI:
4548 ```
4549 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4550 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4551 ```
4552 Value (string):
4553 ```
4554 <enabled/> or <disabled/>
4555 ```
4556 #### macOS
4557 ```
4558 <dict>
4559 <key>PictureInPicture</key>
4560 <dict>
4561 <key>Enabled</key>
4562 <true/> | <false/>
4563 <key>Locked</key>
4564 <true/> | <false/>
4565 </dict>
4566 </dict>
4567 ```
4568 #### policies.json
4569 ```
4570 {
4571 "policies": {
4572 "PictureInPicture": {
4573 "Enabled": true | false,
4574 "Locked": true | false
4575 }
4576 }
4577 }
4578 ```
4579 ### PopupBlocking
4580 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4581
4582 `Allow` is a list of origins where popup-windows are allowed.
4583
4584 `Default` determines whether or not pop-up windows are allowed by default.
4585
4586 `Locked` prevents the user from changing pop-up preferences.
4587
4588 **Compatibility:** Firefox 60, Firefox ESR 60\
4589 **CCK2 Equivalent:** `permissions.popup`\
4590 **Preferences Affected:** `dom.disable_open_during_load`
4591
4592 #### Windows (GPO)
4593 ```
4594 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4595 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4596 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4597 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4598 ```
4599 #### Windows (Intune)
4600 OMA-URI:
4601 ```
4602 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4603 ```
4604 Value (string):
4605 ```
4606 <enabled/>
4607 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4608 ```
4609 OMA-URI:
4610 ```
4611 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4612 ```
4613 Value (string):
4614 ```
4615 <enabled/> or <disabled/>
4616 ```
4617 OMA-URI:
4618 ```
4619 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4620 ```
4621 Value (string):
4622 ```
4623 <enabled/> or <disabled/>
4624 ```
4625 #### macOS
4626 ```
4627 <dict>
4628 <key>PopupBlocking</key>
4629 <dict>
4630 <key>Allow</key>
4631 <array>
4632 <string>http://example.org</string>
4633 <string>http://example.edu</string>
4634 </array>
4635 <key>Default</key>
4636 <true/> | <false/>
4637 <key>Locked</key>
4638 <true/> | <false/>
4639 </dict>
4640 </dict>
4641 ```
4642 #### policies.json
4643 ```
4644 {
4645 "policies": {
4646 "PopupBlocking": {
4647 "Allow": ["http://example.org/",
4648 "http://example.edu/"],
4649 "Default": true | false,
4650 "Locked": true | false
4651 }
4652 }
4653 }
4654 ```
4655 ### Preferences
4656 Set and lock preferences.
4657
4658 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section.
4659
4660 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4661
4662 Preferences that start with the following prefixes are supported:
4663 ```
4664 accessibility.
4665 app.update.* (Firefox 86, Firefox 78.8)
4666 browser.
4667 datareporting.policy.
4668 dom.
4669 extensions.
4670 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4671 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4672 geo.
4673 gfx.
4674 intl.
4675 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4676 layers.
4677 layout.
4678 media.
4679 network.
4680 pdfjs. (Firefox 84, Firefox ESR 78.6)
4681 places.
4682 print.
4683 signon. (Firefox 83, Firefox ESR 78.5)
4684 spellchecker. (Firefox 84, Firefox ESR 78.6)
4685 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4686 ui.
4687 widget.
4688 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4689 ```
4690 as well as the following security preferences:
4691
4692 | Preference | Type | Default
4693 | --- | --- | --- |
4694 | security.default_personal_cert | string | Ask Every Time
4695 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4696 | security.insecure_connection_text.enabled | bool | false
4697 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4698 | security.insecure_connection_text.pbmode.enabled | bool | false
4699 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4700 | security.mixed_content.block_active_content | boolean | true
4701 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4702 | security.osclientcerts.autoload | boolean | false
4703 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4704 | security.OCSP.enabled | integer | 1
4705 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
4706 | security.OCSP.require | boolean | false
4707 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4708 | security.osclientcerts.assume_rsa_pss_support | boolean | true
4709 | &nbsp;&nbsp;&nbsp;&nbsp; If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
4710 | security.ssl.enable_ocsp_stapling | boolean | true
4711 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4712 | security.ssl.errorReporting.enabled | boolean | true
4713 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4714 | security.tls.enable_0rtt_data | boolean | true
4715 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
4716 | security.tls.hello_downgrade_check | boolean | true
4717 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4718 | security.tls.version.enable-deprecated | boolean | false
4719 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
4720 | security.warn_submit_secure_to_insecure | boolean | true
4721 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4722
4723 Using the preference as the key, set the `Value` to the corresponding preference value.
4724
4725 `Status` can be "default", "locked", "user" or "clear"
4726
4727 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4728 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4729 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4730 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4731
4732 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4733
4734 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4735
4736 See the examples below for more detail.
4737
4738 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4739
4740 Status
4741 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4742 **CCK2 Equivalent:** `preferences`\
4743 **Preferences Affected:** Many
4744
4745 #### Windows (GPO)
4746 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4747 ```
4748 {
4749 "accessibility.force_disabled": {
4750 "Value": 1,
4751 "Status": "default"
4752 },
4753 "browser.cache.disk.parent_directory": {
4754 "Value": "SOME_NATIVE_PATH",
4755 "Status": "user"
4756 },
4757 "browser.tabs.warnOnClose": {
4758 "Value": false,
4759 "Status": "locked"
4760 }
4761 }
4762 ```
4763 #### Windows (Intune)
4764 OMA-URI:
4765 ```
4766 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4767 ```
4768 Value (string):
4769 ```
4770 <enabled/>
4771 <data id="JSON" value='
4772 {
4773 "accessibility.force_disabled": {
4774 "Value": 1,
4775 "Status": "default"
4776 },
4777 "browser.cache.disk.parent_directory": {
4778 "Value": "SOME_NATIVE_PATH",
4779 "Status": "user"
4780 },
4781 "browser.tabs.warnOnClose": {
4782 "Value": false,
4783 "Status": "locked"
4784 }
4785 }'/>
4786 ```
4787 #### macOS
4788 ```
4789 <dict>
4790 <key>Preferences</key>
4791 <dict>
4792 <key>accessibility.force_disabled</key>
4793 <dict>
4794 <key>Value</key>
4795 <integer>1</integer>
4796 <key>Status</key>
4797 <string>default</string>
4798 </dict>
4799 <key>browser.cache.disk.parent_directory</key>
4800 <dict>
4801 <key>Value</key>
4802 <string>SOME_NATIVE_PATH</string>
4803 <key>Status</key>
4804 <string>user</string>
4805 </dict>
4806 <key>browser.tabs.warnOnClose</key>
4807 <dict>
4808 <key>Value</key>
4809 <false/>
4810 <key>Status</key>
4811 <string>locked</string>
4812 </dict>
4813 </dict>
4814 </dict>
4815 ```
4816 #### policies.json
4817 ```
4818 {
4819 "policies": {
4820 "Preferences": {
4821 "accessibility.force_disabled": {
4822 "Value": 1,
4823 "Status": "default"
4824 },
4825 "browser.cache.disk.parent_directory": {
4826 "Value": "SOME_NATIVE_PATH",
4827 "Status": "user"
4828 },
4829 "browser.tabs.warnOnClose": {
4830 "Value": false,
4831 "Status": "locked"
4832 }
4833 }
4834 }
4835 }
4836 ```
4837 ### Preferences (Deprecated)
4838 Set and lock certain preferences.
4839
4840 **Compatibility:** See below\
4841 **CCK2 Equivalent:** `preferences`\
4842 **Preferences Affected:** See below
4843
4844 | Preference | Type | Compatibility | Default
4845 | --- | --- | --- | --- |
4846 | accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
4847 | &nbsp;&nbsp;&nbsp;&nbsp;If set to 1, platform accessibility is disabled.
4848 | app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
4849 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Firefox doesn't automatically install update.
4850 | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false
4851 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are exported on shutdown.
4852 | browser.bookmarks.file | string | Firefox 70, Firefox ESR 68.2 | N/A
4853 | &nbsp;&nbsp;&nbsp;&nbsp;If set, the name of the file where bookmarks are exported and imported.
4854 | browser.bookmarks.restore_default_bookmarks | boolean | Firefox 70, Firefox ESR 68.2 | N/A
4855 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are restored to their defaults.
4856 | browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true
4857 | &nbsp;&nbsp;&nbsp;&nbsp;If false, don't store cache on the hard drive.
4858 | ~browser.cache.disk.parent_directory~ | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
4859 | &nbsp;&nbsp;&nbsp;&nbsp;~If set, changes the location of the disk cache.~ This policy doesn't work. It's being worked on.
4860 | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
4861 | &nbsp;&nbsp;&nbsp;&nbsp;If true, single words are sent to DNS, not directly to search.
4862 | browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent
4863 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page. Due to Firefox limitations, search sites can't be added. In addition, sites with the same name but different TLDs (example.org/example.com) will not display properly.
4864 | browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
4865 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are always imported on startup.
4866 | browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4867 | &nbsp;&nbsp;&nbsp;&nbsp;If false, phishing protection is not enabled (Not recommended)
4868 | browser.safebrowsing.malware.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4869 | &nbsp;&nbsp;&nbsp;&nbsp;If false, malware protection is not enabled (Not recommended)
4870 | browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true
4871 | &nbsp;&nbsp;&nbsp;&nbsp;If false, updates for search engines are not checked.
4872 | browser.slowStartup.notificationDisabled | boolean | Firefox 70, Firefox ESR 68.2 | false
4873 | &nbsp;&nbsp;&nbsp;&nbsp;If true, a notification isn't shown if startup is slow.
4874 | browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true
4875 | &nbsp;&nbsp;&nbsp;&nbsp;If false, there is no warning when the browser is closed.
4876 | browser.taskbar.previews.enable | boolean | Firefox 70, Firefox ESR 68.2 (Windows only) | false
4877 | &nbsp;&nbsp;&nbsp;&nbsp;If true, tab previews are shown in the Windows taskbar.
4878 | browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true
4879 | &nbsp;&nbsp;&nbsp;&nbsp;If false, bookmarks aren't suggested when typing in the URL bar.
4880 | browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true
4881 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history isn't suggested when typing in the URL bar.
4882 | browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true
4883 | &nbsp;&nbsp;&nbsp;&nbsp;If false, open tabs aren't suggested when typing in the URL bar.
4884 | datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false
4885 | &nbsp;&nbsp;&nbsp;&nbsp;If true, don't show the privacy policy tab on first run.
4886 | dom.allow_scripts_to_close_windows | boolean | Firefox 70, Firefox ESR 68.2 | false
4887 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web page can close windows.
4888 | dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true
4889 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can focus and activate windows.
4890 | dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false
4891 | &nbsp;&nbsp;&nbsp;&nbsp;If true, web pages can't move or resize windows.
4892 | dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4893 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can't override context menus.
4894 | dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A
4895 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4896 | dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
4897 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4898 | dom.xmldocument.load.enabled | boolean | Firefox ESR 68.5 | true.
4899 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.load is not available.
4900 | dom.xmldocument.async.enabled | boolean | Firefox ESR 68.5 | true
4901 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.async is not available.
4902 | extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4903 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the extensions blocklist is not used (Not recommended)
4904 | extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
4905 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Recommendations tab is not displayed in the Add-ons Manager.
4906 | extensions.htmlaboutaddons.recommendations.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4907 | &nbsp;&nbsp;&nbsp;&nbsp;If false, recommendations are not shown on the Extensions tab in the Add-ons Manager.
4908 | geo.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4909 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the geolocation API is disabled. | Language dependent
4910 | intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
4911 | &nbsp;&nbsp;&nbsp;&nbsp;If set, preferred language for web pages.
4912 | media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true
4913 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Encrypted Media Extensions are not enabled.
4914 | media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4915 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the OpenH264 plugin is not downloaded.
4916 | media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4917 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Widevine plugin is not downloaded.
4918 | media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4919 | &nbsp;&nbsp;&nbsp;&nbsp;If false, WebRTC is disabled
4920 | media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) | string | Firefox 72, Firefox ESR 68.4 | N/A
4921 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4922 disabled
4923 | media.peerconnection.ice.obfuscate_host_addresses.blocklist | string | Firefox 79, Firefox ESR 78.1 | N/A
4924 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4925 disabled
4926 | network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
4927 | &nbsp;&nbsp;&nbsp;&nbsp;If true, IPv6 DNS lokoups are disabled.
4928 | network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false
4929 | &nbsp;&nbsp;&nbsp;&nbsp;If true, display the punycode version of internationalized domain names.
4930 | places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4931 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history is not enabled.
4932 | print.save_print_settings | boolean | Firefox 70, Firefox ESR 68.2 | true
4933 | &nbsp;&nbsp;&nbsp;&nbsp;If false, print settings are not saved between jobs.
4934 | security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time
4935 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4936 | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
4937 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4938 | security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false
4939 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4940 | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4941 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4942 | security.tls.hello_downgrade_check | boolean | Firefox 72, Firefox ESR 68.4 | true
4943 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4944 | ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true
4945 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Alt key doesn't show the menubar on Windows.
4946 | widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A
4947 | &nbsp;&nbsp;&nbsp;&nbsp;If set, overrides the GTK theme for widgets.
4948
4949 #### Windows (GPO)
4950 ```
4951 Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
4952 Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value"
4953 ```
4954 #### Windows (Intune)
4955 OMA-URI: (periods are replaced by underscores)
4956 ```
4957 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name
4958 ```
4959 Value (string):
4960 ```
4961 <enabled/> or <disabled/>
4962 ```
4963 OMA-URI: (periods are replaced by underscores)
4964 ```
4965 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/string_preference_name
4966 ```
4967 Value (string):
4968 ```
4969 <enabled/>
4970 <data id="Preferences_String" value="string_value"/>
4971 ```
4972 #### macOS
4973 ```
4974 <dict>
4975 <key>Preferences</key>
4976 <dict>
4977 <key>boolean_preference_name</key>
4978 <true/> | <false/>
4979 <key>string_preference_name</key>
4980 <string>string_value</string>
4981 </dict>
4982 </dict>
4983 ```
4984 #### policies.json
4985 ```
4986 {
4987 "policies": {
4988 "Preferences": {
4989 "boolean_preference_name": true | false,
4990 "string_preference_name": "string_value"
4991 }
4992 }
4993 }
4994 ```
4995 ### PrimaryPassword
4996 Require or prevent using a primary (formerly master) password.
4997
4998 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4999
5000 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
5001
5002 **Compatibility:** Firefox 79, Firefox ESR 78.1\
5003 **CCK2 Equivalent:** `noMasterPassword`\
5004 **Preferences Affected:** N/A
5005
5006 #### Windows (GPO)
5007 ```
5008 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
5009 ```
5010 #### Windows (Intune)
5011 OMA-URI:
5012 ```
5013 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
5014 ```
5015 Value (string):
5016 ```
5017 <enabled/> or <disabled/>
5018 ```
5019 #### macOS
5020 ```
5021 <dict>
5022 <key>PrimaryPassword</key>
5023 <true/> | <false/>
5024 </dict>
5025 ```
5026 #### policies.json
5027 ```
5028 {
5029 "policies": {
5030 "PrimaryPassword": true | false
5031 }
5032 }
5033 ```
5034 ### PromptForDownloadLocation
5035 Ask where to save each file before downloading.
5036
5037 **Compatibility:** Firefox 68, Firefox ESR 68\
5038 **CCK2 Equivalent:** N/A\
5039 **Preferences Affected:** `browser.download.useDownloadDir`
5040
5041 #### Windows (GPO)
5042 ```
5043 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
5044 ```
5045 #### Windows (Intune)
5046 OMA-URI:
5047 ```
5048 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
5049 ```
5050 Value (string):
5051 ```
5052 <enabled/> or <disabled/>
5053 ```
5054 #### macOS
5055 ```
5056 <dict>
5057 <key>PromptForDownloadLocation</key>
5058 <true/> | <false/>
5059 </dict>
5060 ```
5061 #### policies.json
5062 ```
5063 {
5064 "policies": {
5065 "PromptForDownloadLocation": true | false
5066 }
5067 }
5068 ```
5069 ### Proxy
5070 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5071 To specify ports, append them to the hostnames with a colon (:).
5072
5073 Unless you lock this policy, changes the user already has in place will take effect.
5074
5075 `Mode` is the proxy method being used.
5076
5077 `Locked` is whether or not proxy settings can be changed.
5078
5079 `HTTPProxy` is the HTTP proxy server.
5080
5081 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5082
5083 `SSLProxy` is the SSL proxy server.
5084
5085 `FTPProxy` is the FTP proxy server.
5086
5087 `SOCKSProxy` is the SOCKS proxy server
5088
5089 `SOCKSVersion` is the SOCKS version (4 or 5)
5090
5091 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5092
5093 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5094
5095 `AutoLogin` means do not prompt for authentication if password is saved.
5096
5097 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5098
5099 **Compatibility:** Firefox 60, Firefox ESR 60\
5100 **CCK2 Equivalent:** `networkProxy*`\
5101 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5102
5103 #### Windows (GPO)
5104 ```
5105 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5106 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5107 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
5108 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5109 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5110 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5111 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5112 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5113 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5114 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5115 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5116 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5117 ```
5118 #### Windows (Intune)
5119 **Note**
5120 These setttings were moved to a category to make them easier to configure via Intune.
5121
5122 OMA-URI:
5123 ```
5124 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5125 ```
5126 Value (string):
5127 ```
5128 <enabled/> or <disabled/>
5129 ```
5130 OMA-URI:
5131 ```
5132 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5133 ```
5134 Value (string):
5135 ```
5136 <enabled/>
5137 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5138 ```
5139 OMA-URI:
5140 ```
5141 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5142 ```
5143 Value (string):
5144 ```
5145 <enabled/>
5146 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5147 ```
5148 OMA-URI:
5149 ```
5150 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5151 ```
5152 Value (string):
5153 ```
5154 <enabled/> or <disabled/>
5155 ```
5156 OMA-URI:
5157 ```
5158 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5159 ```
5160 Value (string):
5161 ```
5162 <enabled/>
5163 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5164 ```
5165 OMA-URI:
5166 ```
5167 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5168 ```
5169 Value (string):
5170 ```
5171 <enabled/>
5172 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5173 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5174 ```
5175 OMA-URI:
5176 ```
5177 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5178 ```
5179 Value (string):
5180 ```
5181 <enabled/>
5182 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5183 ```
5184 OMA-URI:
5185 ```
5186 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5187 ```
5188 Value (string):
5189 ```
5190 <enabled/>
5191 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5192 ```
5193 OMA-URI:
5194 ```
5195 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5196 ```
5197 Value (string):
5198 ```
5199 <enabled/> or <disabled/>
5200 ```
5201 OMA-URI:
5202 ```
5203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5204 ```
5205 Value (string):
5206 ```
5207 <enabled/> or <disabled/>
5208 ```
5209 OMA-URI (Old way):
5210 ```
5211 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5212 ```
5213 Value (string):
5214 ```
5215 <enabled/>
5216 <data id="ProxyLocked" value="true | false"/>
5217 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5218 <data id="HTTPProxy" value="httpproxy.example.com"/>
5219 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5220 <data id="SSLProxy" value="sslproxy.example.com"/>
5221 <data id="FTPProxy" value="ftpproxy.example.com"/>
5222 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5223 <data id="SOCKSVersion" value="4 | 5"/>
5224 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5225 <data id="Passthrough" value="<local>"/>
5226 <data id="AutoLogin" value="true | false"/>
5227 <data id="UseProxyForDNS" value="true | false"/>
5228 ```
5229 #### macOS
5230 ```
5231 <dict>
5232 <key>Proxy</key>
5233 <dict>
5234 <key>Mode</key>
5235 <string>none | system | manual | autoDetect | autoConfig</string>
5236 <key>Locked</key>
5237 <true> | </false>
5238 <key>HTTPProxy</key>
5239 <string>https://httpproxy.example.com</string>
5240 <key>UseHTTPProxyForAllProtocols</key>
5241 <true> | </false>
5242 <key>SSLProxy</key>
5243 <string>https://sslproxy.example.com</string>
5244 <key>FTPProxy</key>
5245 <string>https://ftpproxy.example.com</string>
5246 <key>SOCKSProxy</key>
5247 <string>https://socksproxy.example.com</string>
5248 <key>SOCKSVersion</key>
5249 <string>4 | 5</string>
5250 <key>Passthrough</key>
5251 <string>&lt;local>&gt;</string>
5252 <key>AutoConfigURL</key>
5253 <string>URL_TO_AUTOCONFIG</string>
5254 <key>AutoLogin</key>
5255 <true> | </false>
5256 <key>UseProxyForDNS</key>
5257 <true> | </false>
5258 </dict>
5259 </dict>
5260 ```
5261 #### policies.json
5262 ```
5263 {
5264 "policies": {
5265 "Proxy": {
5266 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5267 "Locked": true | false,
5268 "HTTPProxy": "hostname",
5269 "UseHTTPProxyForAllProtocols": true | false,
5270 "SSLProxy": "hostname",
5271 "FTPProxy": "hostname",
5272 "SOCKSProxy": "hostname",
5273 "SOCKSVersion": 4 | 5,
5274 "Passthrough": "<local>",
5275 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5276 "AutoLogin": true | false,
5277 "UseProxyForDNS": true | false
5278 }
5279 }
5280 }
5281 ```
5282 ### RequestedLocales
5283 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5284
5285 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5286
5287 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5288 **CCK2 Equivalent:** N/A\
5289 **Preferences Affected:** N/A
5290 #### Windows (GPO)
5291 ```
5292 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5293 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5294
5295 or
5296
5297 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5298 ```
5299 #### Windows (Intune)
5300 OMA-URI:
5301 ```
5302 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5303 ```
5304 Value (string):
5305 ```
5306 <enabled/>
5307 <data id="Preferences_String" value="de,en-US"/>
5308 ```
5309 #### macOS
5310 ```
5311 <dict>
5312 <key>RequestedLocales</key>
5313 <array>
5314 <string>de</string>
5315 <string>en-US</string>
5316 </array>
5317 </dict>
5318
5319 or
5320
5321 <dict>
5322 <key>RequestedLocales</key>
5323 <string>de,en-US</string>
5324 </dict>
5325
5326 ```
5327 #### policies.json
5328 ```
5329 {
5330 "policies": {
5331 "RequestedLocales": ["de", "en-US"]
5332 }
5333 }
5334
5335 or
5336
5337 {
5338 "policies": {
5339 "RequestedLocales": "de,en-US"
5340 }
5341 }
5342 ```
5343 <a name="SanitizeOnShutdown"></a>
5344
5345 ### SanitizeOnShutdown (Selective)
5346 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5347
5348 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5349
5350 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5351 **CCK2 Equivalent:** N/A\
5352 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5353 #### Windows (GPO)
5354 ```
5355 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5356 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5357 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5358 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5359 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5360 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5361 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5362 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5363 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5364 ```
5365 #### Windows (Intune)
5366 OMA-URI:
5367 ```
5368 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5369 ```
5370 Value (string):
5371 ```
5372 <enabled/> or <disabled/>
5373 ```
5374 OMA-URI:
5375 ```
5376 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5377 ```
5378 Value (string):
5379 ```
5380 <enabled/> or <disabled/>
5381 ```
5382 OMA-URI:
5383 ```
5384 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5385 ```
5386 Value (string):
5387 ```
5388 <enabled/> or <disabled/>
5389 ```
5390 OMA-URI:
5391 ```
5392 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5393 ```
5394 Value (string):
5395 ```
5396 <enabled/> or <disabled/>
5397 ```
5398 OMA-URI:
5399 ```
5400 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5401 ```
5402 Value (string):
5403 ```
5404 <enabled/> or <disabled/>
5405 ```
5406 OMA-URI:
5407 ```
5408 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5409 ```
5410 Value (string):
5411 ```
5412 <enabled/> or <disabled/>
5413 ```
5414 OMA-URI:
5415 ```
5416 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5417 ```
5418 Value (string):
5419 ```
5420 <enabled/> or <disabled/>
5421 ```
5422 OMA-URI:
5423 ```
5424 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5425 ```
5426 Value (string):
5427 ```
5428 <enabled/> or <disabled/>
5429 ```
5430 OMA-URI:
5431 ```
5432 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5433 ```
5434 Value (string):
5435 ```
5436 <enabled/> or <disabled/>
5437 ```
5438 #### macOS
5439 ```
5440 <dict>
5441 <key>SanitizeOnShutdown</key>
5442 <dict>
5443 <key>Cache</key>
5444 <true/> | <false/>
5445 <key>Cookies</key>
5446 <true/> | <false/>
5447 <key>Downloads</key>
5448 <true/> | <false/>
5449 <key>FormData</key>
5450 <true/> | <false/>
5451 <key>History</key>
5452 <true/> | <false/>
5453 <key>Sessions</key>
5454 <true/> | <false/>
5455 <key>SiteSettings</key>
5456 <true/> | <false/>
5457 <key>OfflineApps</key>
5458 <true/> | <false/>
5459 <key>Locked</key>
5460 <true/> | <false/>
5461 </dict>
5462 </dict>
5463 ```
5464 #### policies.json
5465 ```
5466 {
5467 "policies": {
5468 "SanitizeOnShutdown": {
5469 "Cache": true | false,
5470 "Cookies": true | false,
5471 "Downloads": true | false,
5472 "FormData": true | false,
5473 "History": true | false,
5474 "Sessions": true | false,
5475 "SiteSettings": true | false,
5476 "OfflineApps": true | false,
5477 "Locked": true | false
5478 }
5479 }
5480 }
5481 ```
5482 ### SanitizeOnShutdown (All)
5483 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5484
5485 **Compatibility:** Firefox 60, Firefox ESR 60\
5486 **CCK2 Equivalent:** N/A\
5487 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5488 #### Windows (GPO)
5489 ```
5490 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5491 ```
5492 #### Windows (Intune)
5493 OMA-URI:
5494 ```
5495 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5496 ```
5497 Value (string):
5498 ```
5499 <enabled/> or <disabled/>
5500 ```
5501 #### macOS
5502 ```
5503 <dict>
5504 <key>SanitizeOnShutdown</key>
5505 <true/> | <false/>
5506 </dict>
5507 ```
5508 #### policies.json
5509 ```
5510 {
5511 "policies": {
5512 "SanitizeOnShutdown": true | false
5513 }
5514 }
5515 ```
5516 ### SearchBar
5517 Set whether or not search bar is displayed.
5518
5519 **Compatibility:** Firefox 60, Firefox ESR 60\
5520 **CCK2 Equivalent:** `showSearchBar`\
5521 **Preferences Affected:** N/A
5522
5523 #### Windows (GPO)
5524 ```
5525 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5526 ```
5527
5528 #### Windows (Intune)
5529 OMA-URI:
5530 ```
5531 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5532 ```
5533 Value (string):
5534 ```
5535 <enabled/>
5536 <data id="SearchBar" value="unified | separate"/>
5537 ```
5538 #### macOS
5539 ```
5540 <dict>
5541 <key>SearchBar</key>
5542 <string>unified | separate</string>
5543 </dict>
5544 ```
5545 #### policies.json
5546 ```
5547 {
5548 "policies": {
5549 "SearchBar": "unified" | "separate"
5550 }
5551 }
5552 ```
5553 <a name="SearchEngines"></a>
5554
5555 ### SearchEngines (This policy is only available on the ESR.)
5556
5557 ### SearchEngines | Add
5558
5559 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5560
5561 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5562
5563 `Name` is the name of the search engine.
5564
5565 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5566
5567 `Method` is either GET or POST
5568
5569 `IconURL` is a URL for the icon to use.
5570
5571 `Alias` is a keyword to use for the engine.
5572
5573 `Description` is a description of the search engine.
5574
5575 `PostData` is the POST data as name value pairs separated by &.
5576
5577 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5578
5579 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5580
5581 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5582 **CCK2 Equivalent:** `searchplugins`\
5583 **Preferences Affected:** N/A
5584
5585 #### Windows (GPO)
5586 ```
5587 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5588 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5589 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5590 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5591 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5592 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5593 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5594 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5595 ```
5596 #### Windows (Intune)
5597 OMA-URI:
5598 ```
5599 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5600 ```
5601 Value (string):
5602 ```
5603 <enabled/>
5604 <data id="SearchEngine_Name" value="Example1"/>
5605 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5606 <data id="SearchEngine_Method" value="GET | POST"/>
5607 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5608 <data id="SearchEngine_Alias" value="example"/>
5609 <data id="SearchEngine_Description" value="Example Description"/>
5610 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5611 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5612 ```
5613 #### macOS
5614 ```
5615 <dict>
5616 <key>SearchEngines</key>
5617 <dict>
5618 <key>Add</key>
5619 <array>
5620 <dict>
5621 <key>Name</key>
5622 <string>Example1</string>
5623 <key>URLTemplate</key>
5624 <string>https://www.example.org/q={searchTerms}</string>
5625 <key>Method</key>
5626 <string>GET | POST </string>
5627 <key>IconURL</key>
5628 <string>https://www.example.org/favicon.ico</string>
5629 <key>Alias</key>
5630 <string>example</string>
5631 <key>Description</key>
5632 <string>Example Description</string>
5633 <key>SuggestURLTemplate</key>
5634 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5635 <key>PostData</key>
5636 <string>name=value&q={searchTerms}</string>
5637 </dict>
5638 <array>
5639 </dict>
5640 </dict>
5641 ```
5642 #### policies.json
5643 ```
5644 {
5645 "policies": {
5646 "SearchEngines": {
5647 "Add": [
5648 {
5649 "Name": "Example1",
5650 "URLTemplate": "https://www.example.org/q={searchTerms}",
5651 "Method": "GET" | "POST",
5652 "IconURL": "https://www.example.org/favicon.ico",
5653 "Alias": "example",
5654 "Description": "Description",
5655 "PostData": "name=value&q={searchTerms}",
5656 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5657 }
5658 ]
5659 }
5660 }
5661 }
5662 ```
5663 ### SearchEngines | Default
5664
5665 Set the default search engine. This policy is only available on the ESR.
5666
5667 **Compatibility:** Firefox ESR 60\
5668 **CCK2 Equivalent:** `defaultSearchEngine`\
5669 **Preferences Affected:** N/A
5670
5671 #### Windows (GPO)
5672 ```
5673 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5674 ```
5675 #### Windows (Intune)
5676 OMA-URI:
5677 ```
5678 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5679 ```
5680 Value (string):
5681 ```
5682 <enabled/>
5683 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5684 ```
5685 #### macOS
5686 ```
5687 <dict>
5688 <key>SearchEngines</key>
5689 <dict>
5690 <key>Default</key>
5691 <string>NAME_OF_SEARCH_ENGINE</string>
5692 </dict>
5693 </dict>
5694 ```
5695 #### policies.json
5696 ```
5697 {
5698 "policies": {
5699 "SearchEngines": {
5700 "Default": "NAME_OF_SEARCH_ENGINE"
5701 }
5702 }
5703 }
5704 ```
5705 ### SearchEngines | PreventInstalls
5706
5707 Prevent installing search engines from webpages.
5708
5709 **Compatibility:** Firefox ESR 60\
5710 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5711 **Preferences Affected:** N/A
5712
5713 #### Windows (GPO)
5714 ```
5715 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5716 ```
5717 #### Windows (Intune)
5718 OMA-URI:
5719 ```
5720 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5721 ```
5722 Value (string):
5723 ```
5724 <enabled/> or <disabled/>
5725 ```
5726 #### macOS
5727 ```
5728 <dict>
5729 <key>SearchEngines</key>
5730 <dict>
5731 <key>PreventInstalls</key>
5732 <true/> | <false/>
5733 </dict>
5734 </dict>
5735 ```
5736 #### policies.json
5737 ```
5738 {
5739 "policies": {
5740 "SearchEngines": {
5741 "PreventInstalls": true | false
5742 }
5743 }
5744 }
5745 ```
5746 ### SearchEngines | Remove
5747
5748 Hide built-in search engines. This policy is only available on the ESR.
5749
5750 **Compatibility:** Firefox ESR 60.2\
5751 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5752 **Preferences Affected:** N/A
5753
5754 #### Windows (GPO)
5755 ```
5756 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5757 ```
5758 #### Windows (Intune)
5759 OMA-URI:
5760 ```
5761 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5762 ```
5763 Value (string):
5764 ```
5765 <enabled/>
5766 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5767 ```
5768 #### macOS
5769 ```
5770 <dict>
5771 <key>SearchEngines</key>
5772 <dict>
5773 <key>Remove</key>
5774 <array>
5775 <string>NAME_OF_SEARCH_ENGINE</string>
5776 </array>
5777 </dict>
5778 </dict>
5779 ```
5780 #### policies.json
5781 ```
5782 {
5783 "policies": {
5784 "SearchEngines": {
5785 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5786 }
5787 }
5788 }
5789 ```
5790 ### SearchSuggestEnabled
5791
5792 Enable search suggestions.
5793
5794 **Compatibility:** Firefox 68, Firefox ESR 68\
5795 **CCK2 Equivalent:** N/A\
5796 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5797
5798 #### Windows (GPO)
5799 ```
5800 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5801 ```
5802 #### Windows (Intune)
5803 OMA-URI:
5804 ```
5805 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5806 ```
5807 Value (string):
5808 ```
5809 <enabled/> or <disabled/>
5810 ```
5811 #### macOS
5812 ```
5813 <dict>
5814 <key>SearchSuggestEnabled</key>
5815 <true/> | <false/>
5816 </dict>
5817 ```
5818 #### policies.json
5819 ```
5820 {
5821 "policies": {
5822 "SearchSuggestEnabled": true | false
5823 }
5824 }
5825 ```
5826 ### SecurityDevices
5827
5828 Add or delete PKCS #11 modules.
5829
5830 **Compatibility:** Firefox 114, Firefox ESR 112.12\
5831 **CCK2 Equivalent:** N/A\
5832 **Preferences Affected:** N/A
5833
5834 #### Windows (GPO)
5835 ```
5836 Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
5837 Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
5838 ```
5839 #### Windows (Intune)
5840 OMA-URI:
5841 ```
5842 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
5843 ```
5844 Value (string):
5845 ```
5846 <enabled/>
5847 <data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADD&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5848 ```
5849 OMA-URI:
5850 ```
5851 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
5852 ```
5853 Value (string):
5854 ```
5855 <enabled/>
5856 <data id="SecurityDevices" value="1&#xF000;NAME_OF_DEVICE_TO_REMOVE"/>
5857 ```
5858 #### macOS
5859 ```
5860 <dict>
5861 <key>SecurityDevices</key>
5862 <dict>
5863 <key>Add<key>
5864 <dict>
5865 <key>NAME_OF_DEVICE_TO_ADD</key>
5866 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5867 </dict>
5868 <key>Delete</add>
5869 <array>
5870 <string>NAME_OF_DEVICE_TO_DELETE</string>
5871 </array>
5872 </dict>
5873 </dict>
5874 ```
5875 #### policies.json
5876 ```
5877 {
5878 "policies": {
5879 "SecurityDevices": {
5880 "Add": {
5881 "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
5882 },
5883 "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
5884 }
5885 }
5886 }
5887 ```
5888 ### SecurityDevices (Deprecated)
5889
5890 Install PKCS #11 modules.
5891
5892 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5893 **CCK2 Equivalent:** `certs.devices`\
5894 **Preferences Affected:** N/A
5895
5896 #### Windows (GPO)
5897 ```
5898 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5899 ```
5900 #### Windows (Intune)
5901 OMA-URI:
5902 ```
5903 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5904 ```
5905 Value (string):
5906 ```
5907 <enabled/>
5908 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5909 ```
5910 #### macOS
5911 ```
5912 <dict>
5913 <key>SecurityDevices</key>
5914 <dict>
5915 <key>NAME_OF_DEVICE</key>
5916 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5917 </dict>
5918 </dict>
5919 ```
5920 #### policies.json
5921 ```
5922 {
5923 "policies": {
5924 "SecurityDevices": {
5925 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5926 }
5927 }
5928 }
5929 ```
5930 ### ShowHomeButton
5931 Show the home button on the toolbar.
5932
5933 Future versions of Firefox will not show the home button by default.
5934
5935 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5936 **CCK2 Equivalent:** N/A\
5937 **Preferences Affected:** N/A
5938
5939 #### Windows (GPO)
5940 ```
5941 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5942 ```
5943 #### Windows (Intune)
5944 OMA-URI:
5945 ```
5946 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5947 ```
5948 Value (string):
5949 ```
5950 <enabled/> or <disabled/>
5951 ```
5952 #### macOS
5953 ```
5954 <dict>
5955 <key>ShowHomeButton</key>
5956 <true/> | <false/>
5957 </dict>
5958 ```
5959 #### policies.json
5960 ```
5961 {
5962 "policies": {
5963 "ShowHomeButton": true | false
5964 }
5965 }
5966 ```
5967 ### SSLVersionMax
5968
5969 Set and lock the maximum version of TLS.
5970
5971 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5972 **CCK2 Equivalent:** N/A\
5973 **Preferences Affected:** `security.tls.version.max`
5974
5975 #### Windows (GPO)
5976 ```
5977 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5978 ```
5979 #### Windows (Intune)
5980 OMA-URI:
5981 ```
5982 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5983 ```
5984 Value (string):
5985 ```
5986 <enabled/>
5987 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5988 ```
5989 #### macOS
5990 ```
5991 <dict>
5992 <key>SSLVersionMax</key>
5993 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5994 </dict>
5995 ```
5996
5997 #### policies.json
5998 ```
5999 {
6000 "policies": {
6001 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6002 }
6003 }
6004 ```
6005 ### SSLVersionMin
6006
6007 Set and lock the minimum version of TLS.
6008
6009 **Compatibility:** Firefox 66, Firefox ESR 60.6\
6010 **CCK2 Equivalent:** N/A\
6011 **Preferences Affected:** `security.tls.version.min`
6012
6013 #### Windows (GPO)
6014 ```
6015 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6016 ```
6017 #### Windows (Intune)
6018 OMA-URI:
6019 ```
6020 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
6021 ```
6022 Value (string):
6023 ```
6024 <enabled/>
6025 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
6026 ```
6027 #### macOS
6028 ```
6029 <dict>
6030 <key>SSLVersionMin</key>
6031 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
6032 </dict>
6033 ```
6034
6035 #### policies.json
6036 ```
6037 {
6038 "policies": {
6039 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
6040 }
6041 }
6042 ```
6043 ### SupportMenu
6044 Add a menuitem to the help menu for specifying support information.
6045
6046 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
6047 **CCK2 Equivalent:** helpMenu\
6048 **Preferences Affected:** N/A
6049
6050 #### Windows (GPO)
6051 ```
6052 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
6053 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
6054 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
6055 ```
6056 #### Windows (Intune)
6057 OMA-URI:
6058 ```
6059 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
6060 ```
6061 Value (string):
6062 ```
6063 <enabled/>
6064 <data id="SupportMenuTitle" value="Support Menu"/>
6065 <data id="SupportMenuURL" value="http://example.com/support"/>
6066 <data id="SupportMenuAccessKey" value="S"/>
6067 ```
6068 #### macOS
6069 ```
6070 <dict>
6071 <key>SupportMenu</key>
6072 <dict>
6073 <key>Title</key>
6074 <string>SupportMenu</string>
6075 <key>URL</key>
6076 <string>http://example.com/support</string>
6077 <key>AccessKey</key>
6078 <string>S</string>
6079 </dict>
6080 </dict>
6081 ```
6082 #### policies.json
6083 ```
6084 {
6085 "policies": {
6086 "SupportMenu": {
6087 "Title": "Support Menu",
6088 "URL": "http://example.com/support",
6089 "AccessKey": "S"
6090 }
6091 }
6092 }
6093 ```
6094 ### StartDownloadsInTempDirectory
6095 Force downloads to start off in a local, temporary location rather than the default download directory.
6096
6097 **Compatibility:** Firefox 102\
6098 **CCK2 Equivalent:** N/A\
6099 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
6100
6101 #### Windows (GPO)
6102 ```
6103 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
6104 ```
6105 #### Windows (Intune)
6106 OMA-URI:
6107 ```
6108 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
6109 ```
6110 Value (string):
6111 ```
6112 <enabled/> or <disabled/>
6113 ```
6114 #### macOS
6115 ```
6116 <dict>
6117 <key>StartDownloadsInTempDirectory</key>
6118 <true/> | <false/>
6119 </dict>
6120 ```
6121 #### policies.json
6122 ```
6123 {
6124 "policies": {
6125 "StartDownloadsInTempDirectory": true | false
6126 }
6127 ```
6128 ### UserMessaging
6129
6130 Prevent Firefox from messaging the user in certain situations.
6131
6132 `WhatsNew` Remove the "What's New" icon and menuitem.
6133
6134 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6135
6136 `FeatureRecommendations` If false, don't recommend browser features.
6137
6138 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6139
6140 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6141
6142 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6143
6144 `Locked` prevents the user from changing user messaging preferences.
6145
6146 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6147 **CCK2 Equivalent:** N/A\
6148 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6149
6150 #### Windows (GPO)
6151 ```
6152 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
6153 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6154 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6155 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6156 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6157 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6158 Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
6159 ```
6160 #### Windows (Intune)
6161 OMA-URI:
6162 ```
6163 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6164 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6165 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6166 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6167 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6168 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6169 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
6170 ```
6171 Value (string):
6172 ```
6173 <enabled/> or <disabled/>
6174 ```
6175 #### macOS
6176 ```
6177 <dict>
6178 <key>UserMessaging</key>
6179 <dict>
6180 <key>WhatsNew</key>
6181 <true/> | <false/>
6182 <key>ExtensionRecommendations</key>
6183 <true/> | <false/>
6184 <key>FeatureRecommendations</key>
6185 <true/> | <false/>
6186 <key>UrlbarInterventions</key>
6187 <true/> | <false/>
6188 <key>SkipOnboarding</key>
6189 <true/> | <false/>
6190 <key>MoreFromMozilla</key>
6191 <true/> | <false/>
6192 </<key>Locked</key>
6193 <true/> | <false/>
6194 </dict>
6195 </dict>
6196 ```
6197 #### policies.json
6198 ```
6199 {
6200 "policies": {
6201 "UserMessaging": {
6202 "WhatsNew": true | false,
6203 "ExtensionRecommendations": true | false,
6204 "FeatureRecommendations": true | false,
6205 "UrlbarInterventions": true | false,
6206 "SkipOnboarding": true | false,
6207 "MoreFromMozilla": true | false,
6208 "Locked": true | false
6209 }
6210 }
6211 }
6212 ```
6213 ### UseSystemPrintDialog
6214 Use the system print dialog instead of the print preview window.
6215
6216 **Compatibility:** Firefox 102\
6217 **CCK2 Equivalent:** N/A\
6218 **Preferences Affected:** `print.prefer_system_dialog`
6219
6220 #### Windows (GPO)
6221 ```
6222 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6223 ```
6224 #### Windows (Intune)
6225 OMA-URI:
6226 ```
6227 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6228 ```
6229 Value (string):
6230 ```
6231 <enabled/> or <disabled/>
6232 ```
6233 #### macOS
6234 ```
6235 <dict>
6236 <key>UseSystemPrintDialog</key>
6237 <true/> | <false/>
6238 </dict>
6239 ```
6240 #### policies.json
6241 ```
6242 {
6243 "policies": {
6244 "UseSystemPrintDialog": true | false
6245 }
6246 }
6247 ```
6248 ### WebsiteFilter
6249 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6250 The arrays are limited to 1000 entries each.
6251
6252 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6253
6254 For specific protocols, use `https://*/*` or `http://*/*`.
6255
6256 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6257
6258 **Compatibility:** Firefox 60, Firefox ESR 60\
6259 **CCK2 Equivalent:** N/A\
6260 **Preferences Affected:** N/A
6261
6262 #### Windows (GPO)
6263 ```
6264 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6265 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6266 ```
6267 #### Windows (Intune)
6268 OMA-URI:
6269 ```
6270 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6271 ```
6272 Value (string):
6273 ```
6274 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6275 ```
6276 OMA-URI:
6277 ```
6278 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6279 ```
6280 Value (string):
6281 ```
6282 <enabled/>
6283 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6284 ```
6285 #### macOS
6286 ```
6287 <dict>
6288 <key>WebsiteFilter</key>
6289 <dict>
6290 <key>Block</key>
6291 <array>
6292 <string><all_urls></string>
6293 </array>
6294 <key>Exceptions</key>
6295 <array>
6296 <string>http://example.org/*</string>
6297 </array>
6298 </dict>
6299
6300 </dict>
6301 ```
6302 #### policies.json
6303 ```
6304 {
6305 "policies": {
6306 "WebsiteFilter": {
6307 "Block": ["<all_urls>"],
6308 "Exceptions": ["http://example.org/*"]
6309 }
6310 }
6311 }
6312 ```
6313 ### WindowsSSO
6314 Allow Windows single sign-on for Microsoft, work, and school accounts.
6315
6316 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6317
6318 **Compatibility:** Firefox 91\
6319 **CCK2 Equivalent:** N/A\
6320 **Preferences Affected:** `network.http.windows-sso.enabled`
6321
6322 #### Windows (GPO)
6323 ```
6324 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6325 ```
6326 #### Windows (Intune)
6327 OMA-URI:
6328 ```
6329 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6330 ```
6331 Value (string):
6332 ```
6333 <enabled/> or <disabled/>
6334 ```
6335 #### policies.json
6336 ```
6337 {
6338 "policies": {
6339 "WindowsSSO": true | false
6340 }
6341 }
6342 ```
6343

patrick-canterino.de