]> git.p6c8.net - policy-templates.git/blob - README.md
Provide more detail on matching all URLs.
[policy-templates.git] / README.md
1 **These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
2
3 **You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
4
5 Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
6
7 | Policy Name | Description
8 | --- | --- |
9 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
10 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
11 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
12 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
13 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
14 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
15 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
16 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
17 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
18 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
19 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
20 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
21 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
22 | **[`Certificates`](#certificates)** |
23 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
24 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
25 | **[`Cookies`](#cookies)** | Configure cookie preferences.
26 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
27 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
28 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
29 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
30 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
31 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
32 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
33 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
34 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
35 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
36 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
37 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
38 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
39 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
40 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
41 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
42 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
43 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
44 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
45 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
46 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
47 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
48 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
49 | **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
50 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
51 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
52 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
53 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
54 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
55 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
56 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
57 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
58 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
59 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
60 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
61 | **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
62 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
63 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
64 | **[`Handlers`](#handlers)** | Configure default application handlers.
65 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
66 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
67 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
68 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
69 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
70 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates..
71 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
72 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
73 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
74 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
75 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
76 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
77 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
78 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
79 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
80 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
81 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
82 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
83 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
84 | **[`Preferences`](#preferences)** | Set and lock preferences.
85 | **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
86 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
87 | **[`Proxy`](#proxy)** | Configure proxy settings.
88 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
89 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
90 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
91 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
92 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
93 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
94 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
95 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
96 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
97 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
98 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
99 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
100 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
101 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
102 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
103 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
104 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
105
106 ### 3rdparty
107
108 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
109
110 ### AppAutoUpdate
111
112 Enable or disable **automatic** application update.
113
114 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
115
116 If set to false, application updates are downloaded but the user can choose when to install the update.
117
118 If you have disabled updates via DisableAppUpdate, this policy has no effect.
119
120 **Compatibility:** Firefox 75, Firefox ESR 68.7\
121 **CCK2 Equivalent:** N/A\
122 **Preferences Affected:** app.update.auto
123
124 #### Windows (GPO)
125 ```
126 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
127 ```
128 #### Windows (Intune)
129 OMA-URI:
130 ```
131 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
132 ```
133 Value (string):
134 ```
135 <enabled/> or <disabled/>
136 ```
137 #### macOS
138 ```
139 <dict>
140 <key>AppAutoUpdate</key>
141 <true/> | <false/>
142 </dict>
143 ```
144 #### policies.json
145 ```
146 {
147 "policies": {
148 "AppAutoUpdate": true | false
149 }
150 }
151 ```
152 ### AllowedDomainsForApps
153
154 Define domains allowed to access Google Workspace.
155
156 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
157
158 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
159
160 **Compatibility:** Firefox 89, Firefox ESR 78.11\
161 **CCK2 Equivalent:** N/A\
162 **Preferences Affected:** N/A
163
164 #### Windows (GPO)
165 ```
166 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
167 ```
168 #### Windows (Intune)
169 OMA-URI:
170 ```
171 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
172 ```
173 Value (string):
174 ```
175 <enabled/>
176 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
177 ```
178 #### macOS
179 ```
180 <dict>
181 <key>AllowedDomainsForApps</key>
182 <string>managedfirefox.com,example.com</string>
183 </dict>
184 ```
185 #### policies.json
186 ```
187 {
188 "policies": {
189 "AllowedDomainsForApps": "managedfirefox.com,example.com"
190 }
191 }
192 ```
193 ### AppUpdateURL
194
195 Change the URL for application update if you are providing Firefox updates from a custom update server.
196
197 **Compatibility:** Firefox 62, Firefox ESR 60.2\
198 **CCK2 Equivalent:** N/A\
199 **Preferences Affected:** `app.update.url`
200
201 #### Windows (GPO)
202 ```
203 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
204 ```
205 #### Windows (Intune)
206 OMA-URI:
207 ```
208 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
209 ```
210 Value (string):
211 ```
212 <enabled/>
213 <data id="AppUpdateURL" value="https://yoursite.com"/>
214 ```
215 #### macOS
216 ```
217 <dict>
218 <key>AppUpdateURL</key>
219 <string>https://yoursite.com</string>
220 </dict>
221 ```
222 #### policies.json
223 ```
224 {
225 "policies": {
226 "AppUpdateURL": "https://yoursite.com"
227 }
228 }
229 ```
230 ### Authentication
231
232 Configure sites that support integrated authentication.
233
234 See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
235
236 `PrivateBrowsing` enables integrated authentication in private browsing.
237
238 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
239 **CCK2 Equivalent:** N/A\
240 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
241
242 #### Windows (GPO)
243 ```
244 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
245 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
246 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
247 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
248 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
249 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
250 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
251 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
252 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
253 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
254 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
255 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
256 ```
257 #### Windows (Intune)
258 OMA-URI:
259 ```
260 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
261 ```
262 Value (string):
263 ```
264 <enabled/>
265 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
266 ```
267 OMA-URI:
268 ```
269 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
270 ```
271 Value (string):
272 ```
273 <enabled/>
274 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
275 ```
276 OMA-URI:
277 ```
278 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
279 ```
280 Value (string):
281 ```
282 <enabled/>
283 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
284 ```
285 OMA-URI:
286 ```
287 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
288 ```
289 Value (string):
290 ```
291 <enabled/>
292 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
293 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
294 ```
295 OMA-URI:
296 ```
297 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
298 ```
299 Value (string):
300 ```
301 <enabled/> or <disabled/>
302 ```
303 OMA-URI:
304 ```
305 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
306 ```
307 Value (string):
308 ```
309 <enabled/> or <disabled/>
310 ```
311 #### macOS
312 ```
313 <dict>
314 <key>Authentication</key>
315 <dict>
316 <key>SPNEGO</key>
317 <array>
318 <string>mydomain.com</string>
319 <string>https://myotherdomain.com</string>
320 </array>
321 <key>Delegated</key>
322 <array>
323 <string>mydomain.com</string>
324 <string>https://myotherdomain.com</string>
325 </array>
326 <key>NTLM</key>
327 <array>
328 <string>mydomain.com</string>
329 <string>https://myotherdomain.com</string>
330 </array>
331 <key>AllowNonFQDN</key>
332 <dict>
333 <key>SPNEGO</key>
334 <true/> | <false/>
335 <key>NTLM</key>
336 <true/> | <false/>
337 </dict>
338 <key>AllowProxies</key>
339 <dict>
340 <key>SPNEGO</key>
341 <true/> | <false/>
342 <key>NTLM</key>
343 <true/> | <false/>
344 </dict>
345 <key>Locked</key>
346 <true/> | <false/>
347 <key>PrivateBrowsing</key>
348 <true/> | <false/>
349 </dict>
350 </dict>
351 ```
352 #### policies.json
353 ```
354 {
355 "policies": {
356 "Authentication": {
357 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
358 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
359 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
360 "AllowNonFQDN": {
361 "SPNEGO": true | false,
362 "NTLM": true | false
363 },
364 "AllowProxies": {
365 "SPNEGO": true | false,
366 "NTLM": true | false
367 },
368 "Locked": true | false,
369 "PrivateBrowsing": true | false
370 }
371 }
372 }
373 ```
374 ### AutoLaunchProtocolsFromOrigins
375 Define a list of external protocols that can be used from listed origins without prompting the user.
376
377 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
378
379 The schema is:
380 ```
381 {
382 "items": {
383 "properties": {
384 "allowed_origins": {
385 "items": {
386 "type": "string"
387 },
388 "type": "array"
389 },
390 "protocol": {
391 "type": "string"
392 }
393 },
394 "required": [
395 "protocol",
396 "allowed_origins"
397 ],
398 "type": "object"
399 },
400 "type": "array"
401 }
402 ```
403 **Compatibility:** Firefox 90, Firefox ESR 78.12\
404 **CCK2 Equivalent:** N/A\
405 **Preferences Affected:** N/A
406
407 #### Windows (GPO)
408 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
409 ```
410 [
411 {
412 "protocol": "zoommtg",
413 "allowed_origins": [
414 "https://somesite.zoom.us"
415 ]
416 }
417 ]
418 ```
419 #### Windows (Intune)
420 OMA-URI:
421 ```
422 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
423 ```
424 Value (string):
425 ```
426 <enabled/>
427 <data id="JSON" value='
428 [
429 {
430 "protocol": "zoommtg",
431 "allowed_origins": [
432 "https://somesite.zoom.us"
433 ]
434 }
435 ]'/>
436 ```
437 #### macOS
438 ```
439 <dict>
440 <key>AutoLaunchProtocolsFromOrigins</key>
441 <array>
442 <dict>
443 <key>protocol</key>
444 <string>zoommtg</string>
445 <key>allowed_origins</key>
446 <array>
447 <string>https://somesite.zoom.us</string>
448 </array>
449 </dict>
450 </array>
451 </dict>
452 ```
453 #### policies.json
454 ```
455 {
456 "policies": {
457 "AutoLaunchProtocolsFromOrigins": [{
458 "protocol": "zoommtg",
459 "allowed_origins": [
460 "https://somesite.zoom.us"
461 ]
462 }]
463 }
464 }
465 ```
466 ### BackgroundAppUpdate
467
468 Enable or disable **automatic** application update **in the background**, when the application is not running.
469
470 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
471
472 If set to false, the application will not try to install updates when the application is not running.
473
474 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
475
476 **Compatibility:** Firefox 90 (Windows only)\
477 **CCK2 Equivalent:** N/A\
478 **Preferences Affected:** `app.update.background.enabled`
479
480 #### Windows (GPO)
481 ```
482 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
483 ```
484 #### Windows (Intune)
485 OMA-URI:
486 ```
487 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
488 ```
489 Value (string):
490 ```
491 <enabled/> or <disabled/>
492 ```
493 #### macOS
494 ```
495 <dict>
496 <key>BackgroundAppUpdate</key>
497 <true/> | <false/>
498 </dict>
499 ```
500 #### policies.json
501 ```
502 {
503 "policies": {
504 "BackgroundAppUpdate": true | false
505 }
506 }
507 ```
508 ### BlockAboutAddons
509
510 Block access to the Add-ons Manager (about:addons).
511
512 **Compatibility:** Firefox 60, Firefox ESR 60\
513 **CCK2 Equivalent:** `disableAddonsManager`\
514 **Preferences Affected:** N/A
515
516 #### Windows (GPO)
517 ```
518 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
519 ```
520 #### Windows (Intune)
521 OMA-URI:
522 ```
523 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
524 ```
525 Value (string):
526 ```
527 <enabled/> or <disabled/>
528 ```
529 #### macOS
530 ```
531 <dict>
532 <key>BlockAboutAddons</key>
533 <true/> | <false/>
534 </dict>
535 ```
536 #### policies.json
537 ```
538 {
539 "policies": {
540 "BlockAboutAddons": true | false
541 }
542 }
543 ```
544 ### BlockAboutConfig
545
546 Block access to about:config.
547
548 **Compatibility:** Firefox 60, Firefox ESR 60\
549 **CCK2 Equivalent:** `disableAboutConfig`\
550 **Preferences Affected:** N/A
551
552 #### Windows (GPO)
553 ```
554 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
555 ```
556 #### Windows (Intune)
557 OMA-URI:
558 ```
559 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
560 ```
561 Value (string):
562 ```
563 <enabled/> or <disabled/>
564 ```
565 #### macOS
566 ```
567 <dict>
568 <key>BlockAboutConfig</key>
569 <true/> | <false/>
570 </dict>
571 ```
572 #### policies.json
573 ```
574 {
575 "policies": {
576 "BlockAboutConfig": true | false
577 }
578 }
579 ```
580 ### BlockAboutProfiles
581
582 Block access to About Profiles (about:profiles).
583
584 **Compatibility:** Firefox 60, Firefox ESR 60\
585 **CCK2 Equivalent:** `disableAboutProfiles`\
586 **Preferences Affected:** N/A
587
588 #### Windows (GPO)
589 ```
590 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
591 ```
592 #### Windows (Intune)
593 OMA-URI:
594 ```
595 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
596 ```
597 Value (string):
598 ```
599 <enabled/> or <disabled/>
600 ```
601 #### macOS
602 ```
603 <dict>
604 <key>BlockAboutProfiles</key>
605 <true/> | <false/>
606 </dict>
607 ```
608 #### policies.json
609 ```
610 {
611 "policies": {
612 "BlockAboutProfiles": true | false
613 }
614 }
615 ```
616 ### BlockAboutSupport
617
618 Block access to Troubleshooting Information (about:support).
619
620 **Compatibility:** Firefox 60, Firefox ESR 60\
621 **CCK2 Equivalent:** `disableAboutSupport`\
622 **Preferences Affected:** N/A
623
624 #### Windows (GPO)
625 ```
626 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
627 ```
628 #### Windows (Intune)
629 OMA-URI:
630 ```
631 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
632 ```
633 Value (string):
634 ```
635 <enabled/> or <disabled/>
636 ```
637 #### macOS
638 ```
639 <dict>
640 <key>BlockAboutSupport</key>
641 <true/> | <false/>
642 </dict>
643 ```
644 #### policies.json
645 ```
646 {
647 "policies": {
648 "BlockAboutSupport": true | false
649 }
650 }
651 ```
652 ### Bookmarks
653
654 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
655
656 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
657
658 **Compatibility:** Firefox 60, Firefox ESR 60\
659 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
660 **Preferences Affected:** N/A
661
662 #### Windows (GPO)
663 ```
664 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
665 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
666 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
667 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
668 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
669 ```
670 #### Windows (Intune)
671 OMA-URI:
672 ```
673 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
674 ```
675 Value (string):
676 ```
677 <enabled/>
678 <data id="BookmarkTitle" value="Example"/>
679 <data id="BookmarkURL" value="https://example.com"/>
680 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
681 <data id="BookmarkPlacement" value="toolbar | menu"/>
682 <data id="BookmarkFolder" value="FolderName"/>
683 ```
684 #### macOS
685 ```
686 <dict>
687 <key>Bookmarks</key>
688 <array>
689 <dict>
690 <key>Title</key>
691 <string>Example</string>
692 <key>URL</key>
693 <string>https://example.com</string>
694 <key>Favicon</key>
695 <string>https://example.com/favicon.ico</string>
696 <key>Placement</key>
697 <string>toolbar | menu</string>
698 <key>Folder</key>
699 <string>FolderName</string>
700 </dict>
701 </array>
702 </dict>
703 ```
704 #### policies.json
705 ```
706 {
707 "policies": {
708 "Bookmarks": [
709 {
710 "Title": "Example",
711 "URL": "https://example.com",
712 "Favicon": "https://example.com/favicon.ico",
713 "Placement": "toolbar" | "menu",
714 "Folder": "FolderName"
715 }
716 ]
717 }
718 }
719 ```
720 ### CaptivePortal
721 Enable or disable the detection of captive portals.
722
723 **Compatibility:** Firefox 67, Firefox ESR 60.7\
724 **CCK2 Equivalent:** N/A\
725 **Preferences Affected:** `network.captive-portal-service.enabled`
726
727 #### Windows (GPO)
728 ```
729 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
730 ```
731 #### Windows (Intune)
732 OMA-URI:
733 ```
734 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
735 ```
736 Value (string):
737 ```
738 <enabled/> or <disabled/>
739 ```
740 #### macOS
741 ```
742 <dict>
743 <key>CaptivePortal</key>
744 <true/> | <false/>
745 </dict>
746 ```
747 #### policies.json
748 ```
749 {
750 "policies": {
751 "CaptivePortal": true | false
752 }
753 }
754 ```
755 ### Certificates
756
757 ### Certificates | ImportEnterpriseRoots
758
759 Trust certificates that have been added to the operating system certificate store by a user or administrator.
760
761 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
762
763 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
764
765 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
766 **CCK2 Equivalent:** N/A\
767 **Preferences Affected:** `security.enterprise_roots.enabled`
768
769 #### Windows (GPO)
770 ```
771 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
772 ```
773 #### Windows (Intune)
774 OMA-URI:
775 ```
776 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
777 ```
778 Value (string):
779 ```
780 <enabled/> or <disabled/>
781 ```
782 #### macOS
783 ```
784 <dict>
785 <key>Certificates</key>
786 <dict>
787 <key>ImportEnterpriseRoots</key>
788 <true/> | <false/>
789 </dict>
790 </dict>
791 ```
792 #### policies.json
793 ```
794 {
795 "policies": {
796 "Certificates": {
797 "ImportEnterpriseRoots": true | false
798 }
799 }
800 }
801 ```
802 ### Certificates | Install
803
804 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
805
806 - Windows
807 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
808 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
809 - macOS
810 - /Library/Application Support/Mozilla/Certificates
811 - ~/Library/Application Support/Mozilla/Certificates
812 - Linux
813 - /usr/lib/mozilla/certificates
814 - /usr/lib64/mozilla/certificates
815 - ~/.mozilla/certificates
816
817 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
818
819 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
820
821 Certificates are installed using the trust string `CT,CT,`.
822
823 Binary (DER) and ASCII (PEM) certificates are both supported.
824
825 **Compatibility:** Firefox 64, Firefox ESR 64\
826 **CCK2 Equivalent:** `certs.ca`\
827 **Preferences Affected:** N/A
828
829 #### Windows (GPO)
830 ```
831 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
832 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
833 ```
834 #### Windows (Intune)
835 OMA-URI:
836 ```
837 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
838 ```
839 Value (string):
840 ```
841 <enabled/>
842 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
843 ```
844 #### macOS
845 ```
846 <dict>
847 <key>Certificates</key>
848 <dict>
849 <key>Install</key>
850 <array>
851 <string>cert1.der</string>
852 <string>/Users/username/cert2.pem</string>
853 </array>
854 </dict>
855 </dict>
856 ```
857 #### policies.json
858 ```
859 {
860 "policies": {
861 "Certificates": {
862 "Install": ["cert1.der", "/home/username/cert2.pem"]
863 }
864 }
865 }
866 ```
867 ### Cookies
868 Configure cookie preferences.
869
870 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
871
872 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
873
874 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
875
876 `Default` determines whether cookies are accepted at all.
877
878 `AcceptThirdParty` determines how third-party cookies are handled.
879
880 `ExpireAtSessionEnd` determines when cookies expire.
881
882 `RejectTracker` only rejects cookies for trackers.
883
884 `Locked` prevents the user from changing cookie preferences.
885
886 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\
887 **CCK2 Equivalent:** N/A\
888 **Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy`
889
890 #### Windows (GPO)
891 ```
892 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
893 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
894 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
895 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
896 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
897 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
898 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
899 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
900 ```
901 #### Windows (Intune)
902 OMA-URI:
903 ```
904 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
905 ```
906 Value (string):
907 ```
908 <enabled/>
909 <data id="Cookies_Allow" value="1&#xF000;https://example.com"/>
910 ```
911 OMA-URI:
912 ```
913 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
914 ```
915 Value (string):
916 ```
917 <enabled/>
918 <data id="Cookies_Allow" value="1&#xF000;https://example.edu"/>
919 ```
920 OMA-URI:
921 ```
922 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
923 ```
924 Value (string):
925 ```
926 <enabled/>
927 <data id="Cookies_Block" value="1&#xF000;https://example.org"/>
928 ```
929 OMA-URI:
930 ```
931 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
932 ```
933 Value (string):
934 ```
935 <enabled/> or <disabled/>
936 ```
937 OMA-URI:
938 ```
939 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
940 ```
941 Value (string):
942 ```
943 <enabled/>
944 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
945 ```
946 OMA-URI:
947 ```
948 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
949 ```
950 Value (string):
951 ```
952 <enabled/> or <disabled/>
953 ```
954 OMA-URI:
955 ```
956 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
957 ```
958 Value (string):
959 ```
960 <enabled/> or <disabled/>
961 ```
962 OMA-URI:
963 ```
964 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
965 ```
966 Value (string):
967 ```
968 <enabled/> or <disabled/>
969 ```
970 #### macOS
971 ```
972 <dict>
973 <key>Cookies</key>
974 <dict>
975 <key>Allow</key>
976 <array>
977 <string>http://example.com</string>
978 </array>
979 <key>AllowSession</key>
980 <array>
981 <string>http://example.edu</string>
982 </array>
983 <key>Block</key>
984 <array>
985 <string>http://example.org</string>
986 </array>
987 <key>Default</key>
988 <true/> | <false/>
989 <key>AcceptThirdParty</key>
990 <string>always | never | from-visited</string>
991 <key>ExpireAtSessionEnd</key>
992 <true/> | <false/>
993 <key>RejectTracker</key>
994 <true/> | <false/>
995 <key>Locked</key>
996 <true/> | <false/>
997 </dict>
998 </dict>
999 ```
1000 #### policies.json
1001 ```
1002 {
1003 "policies": {
1004 "Cookies": {
1005 "Allow": ["http://example.org/"],
1006 "AllowSession": ["http://example.edu/"],
1007 "Block": ["http://example.edu/"],
1008 "Default": true | false,
1009 "AcceptThirdParty": "always" | "never" | "from-visited",
1010 "ExpireAtSessionEnd": true | false,
1011 "RejectTracker": true | false,
1012 "Locked": true | false
1013 }
1014 }
1015 }
1016 ```
1017 ### DisableSetDesktopBackground
1018 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
1019
1020 **Compatibility:** Firefox 60, Firefox ESR 60\
1021 **CCK2 Equivalent:** `removeSetDesktopBackground`\
1022 **Preferences Affected:** N/A
1023
1024 #### Windows (GPO)
1025 ```
1026 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
1027 ```
1028 #### Windows (Intune)
1029 OMA-URI:
1030 ```
1031 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
1032 ```
1033 Value (string):
1034 ```
1035 <enabled/> or <disabled/>
1036 ```
1037 #### macOS
1038 ```
1039 <dict>
1040 <key>DisableSetDesktopBackground</key>
1041 <true/> | <false/>
1042 </dict>
1043 ```
1044 #### policies.json
1045 ```
1046 {
1047 "policies": {
1048 "DisableSetDesktopBackground": true | false
1049 }
1050 }
1051 ```
1052 ### DisableMasterPasswordCreation
1053 Remove the master password functionality.
1054
1055 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1056
1057 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
1058
1059 **Compatibility:** Firefox 60, Firefox ESR 60\
1060 **CCK2 Equivalent:** `noMasterPassword`\
1061 **Preferences Affected:** N/A
1062
1063 #### Windows (GPO)
1064 ```
1065 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1066 ```
1067 #### Windows (Intune)
1068 OMA-URI:
1069 ```
1070 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1071 ```
1072 Value (string):
1073 ```
1074 <enabled/> or <disabled/>
1075 ```
1076 #### macOS
1077 ```
1078 <dict>
1079 <key>DisableMasterPasswordCreation</key>
1080 <true/> | <false/>
1081 </dict>
1082 ```
1083 #### policies.json
1084 ```
1085 {
1086 "policies": {
1087 "DisableMasterPasswordCreation": true | false
1088 }
1089 }
1090 ```
1091 ### DisableAppUpdate
1092 Turn off application updates within Firefox.
1093
1094 **Compatibility:** Firefox 60, Firefox ESR 60\
1095 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1096 **Preferences Affected:** N/A
1097
1098 #### Windows (GPO)
1099 ```
1100 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1101 ```
1102 #### Windows (Intune)
1103 OMA-URI:
1104 ```
1105 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1106 ```
1107 Value (string):
1108 ```
1109 <enabled/> or <disabled/>
1110 ```
1111 #### macOS
1112 ```
1113 <dict>
1114 <key>DisableAppUpdate</key>
1115 <true/> | <false/>
1116 </dict>
1117 ```
1118 #### policies.json
1119 ```
1120 {
1121 "policies": {
1122 "DisableAppUpdate": true | false
1123 }
1124 }
1125 ```
1126 ### DisableBuiltinPDFViewer
1127 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1128
1129 **Compatibility:** Firefox 60, Firefox ESR 60\
1130 **CCK2 Equivalent:** `disablePDFjs`\
1131 **Preferences Affected:** `pdfjs.disabled`
1132
1133 #### Windows (GPO)
1134 ```
1135 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1136 ```
1137 #### Windows (Intune)
1138 OMA-URI:
1139 ```
1140 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1141 ```
1142 Value (string):
1143 ```
1144 <enabled/> or <disabled/>
1145 ```
1146 #### macOS
1147 ```
1148 <dict>
1149 <key>DisableBuiltinPDFViewer</key>
1150 <true/> | <false/>
1151 </dict>
1152 ```
1153 #### policies.json
1154 ```
1155 {
1156 "policies": {
1157 "DisableBuiltinPDFViewer": true | false
1158 }
1159 }
1160 ```
1161 ### DisabledCiphers
1162 Disable specific cryptographic ciphers.
1163
1164 **Preferences Affected:** `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.rsa_des_ede3_sha`
1165
1166 ---
1167 **Note:**
1168
1169 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1170
1171 ---
1172 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78)\
1173 **CCK2 Equivalent:** N/A\
1174 **Preferences Affected:** N/A
1175
1176 #### Windows (GPO)
1177 ```
1178 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
1179 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
1180 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
1181 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
1182 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
1183 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
1184 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
1185 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
1186 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0
1187 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
1188 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x1 | 0x0
1189 ```
1190 #### Windows (Intune)
1191 OMA-URI:
1192 ```
1193 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1194 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1195 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1196 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1197 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1198 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1199 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_CBC_SHA
1200 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_CBC_SHA
1201 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_3DES_EDE_CBC_SHA
1202 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_GCM_SHA256
1203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_GCM_SHA384
1204 ```
1205 Value (string):
1206 ```
1207 <enabled/> or <disabled/>
1208 ```
1209 #### macOS
1210 ```
1211 <dict>
1212 <key>DisabledCiphers</key>
1213 <dict>
1214 <key>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</key>
1215 <true/> | <false/>
1216 <key>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</key>
1217 <true/> | <false/>
1218 <key>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</key>
1219 <true/> | <false/>
1220 <key>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</key>
1221 <true/> | <false/>
1222 <key>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</key>
1223 <true/> | <false/>
1224 <key>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</key>
1225 <true/> | <false/>
1226 <key>TLS_RSA_WITH_AES_128_CBC_SHA</key>
1227 <true/> | <false/>
1228 <key>TLS_RSA_WITH_AES_256_CBC_SHA</key>
1229 <true/> | <false/>
1230 <key>TLS_RSA_WITH_3DES_EDE_CBC_SHA</key>
1231 <true/> | <false/>
1232 <key>TLS_RSA_WITH_AES_128_GCM_SHA256</key>
1233 <true/> | <false/>
1234 <key>TLS_RSA_WITH_AES_256_GCM_SHA384</key>
1235 <true/> | <false/>
1236 </dict>
1237 </dict>
1238 ```
1239 #### policies.json
1240 ```
1241 {
1242 "policies": {
1243 "DisabledCiphers": {
1244 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false,
1245 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false,
1246 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false,
1247 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false,
1248 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false,
1249 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false,
1250 "TLS_RSA_WITH_AES_128_CBC_SHA": true | false,
1251 "TLS_RSA_WITH_AES_256_CBC_SHA": true | false,
1252 "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false,
1253 "TLS_RSA_WITH_AES_128_GCM_SHA256": true | false,
1254 "TLS_RSA_WITH_AES_256_GCM_SHA384": true | false
1255 }
1256 }
1257 }
1258 ```
1259 ### DisableDefaultBrowserAgent
1260 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1261
1262 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1263
1264 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1265 **CCK2 Equivalent:** N/A\
1266 **Preferences Affected:** N/A
1267
1268 #### Windows (GPO)
1269 ```
1270 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1271 ```
1272 #### Windows (Intune)
1273 OMA-URI:
1274 ```
1275 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1276 ```
1277 Value (string):
1278 ```
1279 <enabled/> or <disabled/>
1280 ```
1281 #### policies.json
1282 ```
1283 {
1284 "policies": {
1285 "DisableDefaultBrowserAgent": true | false
1286 }
1287 }
1288 ```
1289 ### DisableDeveloperTools
1290 Remove access to all developer tools.
1291
1292 **Compatibility:** Firefox 60, Firefox ESR 60\
1293 **CCK2 Equivalent:** `removeDeveloperTools`\
1294 **Preferences Affected:** `devtools.policy.disabled`
1295
1296 #### Windows (GPO)
1297 ```
1298 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1299 ```
1300 #### Windows (Intune)
1301 OMA-URI:
1302 ```
1303 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1304 ```
1305 Value (string):
1306 ```
1307 <enabled/> or <disabled/>
1308 ```
1309 #### macOS
1310 ```
1311 <dict>
1312 <key>DisableDeveloperTools</key>
1313 <true/> | <false/>
1314 </dict>
1315 ```
1316 #### policies.json
1317 ```
1318 {
1319 "policies": {
1320 "DisableDeveloperTools": true | false
1321 }
1322 }
1323 ```
1324 ### DisableFeedbackCommands
1325 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1326
1327 **Compatibility:** Firefox 60, Firefox ESR 60\
1328 **CCK2 Equivalent:** N/A\
1329 **Preferences Affected:** N/A
1330
1331 #### Windows (GPO)
1332 ```
1333 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1334 ```
1335 #### Windows (Intune)
1336 OMA-URI:
1337 ```
1338 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1339 ```
1340 Value (string):
1341 ```
1342 <enabled/> or <disabled/>
1343 ```
1344 #### macOS
1345 ```
1346 <dict>
1347 <key>DisableFeedbackCommands</key>
1348 <true/> | <false/>
1349 </dict>
1350 ```
1351 #### policies.json
1352 ```
1353 {
1354 "policies": {
1355 "DisableFeedbackCommands": true | false
1356 }
1357 }
1358 ```
1359 ### DisableFirefoxScreenshots
1360 Remove access to Firefox Screenshots.
1361
1362 **Compatibility:** Firefox 60, Firefox ESR 60\
1363 **CCK2 Equivalent:** N/A\
1364 **Preferences Affected:** `extensions.screenshots.disabled`
1365
1366 #### Windows (GPO)
1367 ```
1368 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1369 ```
1370 #### Windows (Intune)
1371 OMA-URI:
1372 ```
1373 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1374 ```
1375 Value (string):
1376 ```
1377 <enabled/> or <disabled/>
1378 ```
1379 #### macOS
1380 ```
1381 <dict>
1382 <key>DisableFirefoxScreenshots</key>
1383 <true/> | <false/>
1384 </dict>
1385 ```
1386 #### policies.json
1387 ```
1388 {
1389 "policies": {
1390 "DisableFirefoxScreenshots": true | false
1391 }
1392 }
1393 ```
1394 ### DisableFirefoxAccounts
1395 Disable Firefox Accounts integration (Sync).
1396
1397 **Compatibility:** Firefox 60, Firefox ESR 60\
1398 **CCK2 Equivalent:** `disableSync`\
1399 **Preferences Affected:** `identity.fxaccounts.enabled`
1400
1401 #### Windows (GPO)
1402 ```
1403 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1404 ```
1405 #### Windows (Intune)
1406 OMA-URI:
1407 ```
1408 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1409 ```
1410 Value (string):
1411 ```
1412 <enabled/> or <disabled/>
1413 ```
1414 #### macOS
1415 ```
1416 <dict>
1417 <key>DisableFirefoxAccounts</key>
1418 <true/> | <false/>
1419 </dict>
1420 ```
1421 #### policies.json
1422 ```
1423 {
1424 "policies": {
1425 "DisableFirefoxAccounts": true | false
1426 }
1427 }
1428 ```
1429 ### DisableFirefoxStudies
1430 Disable Firefox studies (Shield).
1431
1432 **Compatibility:** Firefox 60, Firefox ESR 60\
1433 **CCK2 Equivalent:** N/A\
1434 **Preferences Affected:** N/A
1435
1436 #### Windows (GPO)
1437 ```
1438 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1439 ```
1440 #### Windows (Intune)
1441 OMA-URI:
1442 ```
1443 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1444 ```
1445 Value (string):
1446 ```
1447 <enabled/> or <disabled/>
1448 ```
1449 #### macOS
1450 ```
1451 <dict>
1452 <key>DisableFirefoxStudies</key>
1453 <true/> | <false/>
1454 </dict>
1455 ```
1456 #### policies.json
1457 ```
1458 {
1459 "policies": {
1460 "DisableFirefoxStudies": true | false
1461 }
1462 }
1463 ```
1464 ### DisableForgetButton
1465 Disable the "Forget" button.
1466
1467 **Compatibility:** Firefox 60, Firefox ESR 60\
1468 **CCK2 Equivalent:** `disableForget`\
1469 **Preferences Affected:** N/A
1470
1471 #### Windows (GPO)
1472 ```
1473 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1474 ```
1475 #### Windows (Intune)
1476 OMA-URI:
1477 ```
1478 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1479 ```
1480 Value (string):
1481 ```
1482 <enabled/> or <disabled/>
1483 ```
1484 #### macOS
1485 ```
1486 <dict>
1487 <key>DisableForgetButton</key>
1488 <true/> | <false/>
1489 </dict>
1490 ```
1491 #### policies.json
1492 ```
1493 {
1494 "policies": {
1495 "DisableForgetButton": true | false
1496 }
1497 }
1498 ```
1499 ### DisableFormHistory
1500 Turn off saving information on web forms and the search bar.
1501
1502 **Compatibility:** Firefox 60, Firefox ESR 60\
1503 **CCK2 Equivalent:** `disableFormFill`\
1504 **Preferences Affected:** ` browser.formfill.enable`
1505
1506 #### Windows (GPO)
1507 ```
1508 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1509 ```
1510 #### Windows (Intune)
1511 OMA-URI:
1512 ```
1513 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1514 ```
1515 Value (string):
1516 ```
1517 <enabled/> or <disabled/>
1518 ```
1519 #### macOS
1520 ```
1521 <dict>
1522 <key>DisableFormHistory</key>
1523 <true/> | <false/>
1524 </dict>
1525 ```
1526 #### policies.json
1527 ```
1528 {
1529 "policies": {
1530 "DisableFormHistory": true | false
1531 }
1532 }
1533 ```
1534 ### DisablePasswordReveal
1535 Do not allow passwords to be shown in saved logins
1536
1537 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1538 **CCK2 Equivalent:** N/A
1539 **Preferences Affected:** N/A
1540
1541 #### Windows (GPO)
1542 ```
1543 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1544 ```
1545 #### Windows (Intune)
1546 OMA-URI:
1547 ```
1548 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1549 ```
1550 Value (string):
1551 ```
1552 <enabled/> or <disabled/>
1553 ```
1554 #### macOS
1555 ```
1556 <dict>
1557 <key>DisablePasswordReveal</key>
1558 <true/> | <false/>
1559 </dict>
1560 ```
1561 #### policies.json
1562 ```
1563 {
1564 "policies": {
1565 "DisablePasswordReveal": true | false
1566 }
1567 }
1568 ```
1569 ### DisablePocket
1570 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1571
1572 **Compatibility:** Firefox 60, Firefox ESR 60\
1573 **CCK2 Equivalent:** `disablePocket`\
1574 **Preferences Affected:** `extensions.pocket.enabled`
1575
1576 #### Windows (GPO)
1577 ```
1578 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1579 ```
1580 #### Windows (Intune)
1581 OMA-URI:
1582 ```
1583 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1584 ```
1585 Value (string):
1586 ```
1587 <enabled/> or <disabled/>
1588 ```
1589 #### macOS
1590 ```
1591 <dict>
1592 <key>DisablePocket</key>
1593 <true/> | <false/>
1594 </dict>
1595 ```
1596 #### policies.json
1597 ```
1598 {
1599 "policies": {
1600 "DisablePocket": true | false
1601 }
1602 }
1603 ```
1604 ### DisablePrivateBrowsing
1605 Remove access to private browsing.
1606
1607 **Compatibility:** Firefox 60, Firefox ESR 60\
1608 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1609 **Preferences Affected:** N/A
1610
1611 #### Windows (GPO)
1612 ```
1613 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1614 ```
1615 #### Windows (Intune)
1616 OMA-URI:
1617 ```
1618 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1619 ```
1620 Value (string):
1621 ```
1622 <enabled/> or <disabled/>
1623 ```
1624 #### macOS
1625 ```
1626 <dict>
1627 <key>DisablePrivateBrowsing</key>
1628 <true/> | <false/>
1629 </dict>
1630 ```
1631 #### policies.json
1632 ```
1633 {
1634 "policies": {
1635 "DisablePrivateBrowsing": true | false
1636 }
1637 }
1638 ```
1639 ### DisableProfileImport
1640 Disables the "Import data from another browser" option in the bookmarks window.
1641
1642 **Compatibility:** Firefox 60, Firefox ESR 60\
1643 **CCK2 Equivalent:** N/A\
1644 **Preferences Affected:** N/A
1645
1646 #### Windows (GPO)
1647 ```
1648 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1649 ```
1650 #### Windows (Intune)
1651 OMA-URI:
1652 ```
1653 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1654 ```
1655 Value (string):
1656 ```
1657 <enabled/> or <disabled/>
1658 ```
1659 #### macOS
1660 ```
1661 <dict>
1662 <key>DisableProfileImport</key>
1663 <true/> | <false/>
1664 </dict>
1665 ```
1666 #### policies.json
1667 ```
1668 {
1669 "policies": {
1670 "DisableProfileImport": true | false
1671 }
1672 }
1673 ```
1674 ### DisableProfileRefresh
1675 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1676
1677 **Compatibility:** Firefox 60, Firefox ESR 60\
1678 **CCK2 Equivalent:** `disableResetFirefox`\
1679 **Preferences Affected:** `browser.disableResetPrompt`
1680
1681 #### Windows (GPO)
1682 ```
1683 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1684 ```
1685 #### Windows (Intune)
1686 OMA-URI:
1687 ```
1688 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1689 ```
1690 Value (string):
1691 ```
1692 <enabled/> or <disabled/>
1693 ```
1694 #### macOS
1695 ```
1696 <dict>
1697 <key>DisableProfileRefresh</key>
1698 <true/> | <false/>
1699 </dict>
1700 ```
1701 #### policies.json
1702 ```
1703 {
1704 "policies": {
1705 "DisableProfileRefresh": true | false
1706 }
1707 }
1708 ```
1709 ### DisableSafeMode
1710 Disable safe mode within the browser.
1711
1712 On Windows, this disables safe mode via the command line as well.
1713
1714 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1715 **CCK2 Equivalent:** `disableSafeMode`\
1716 **Preferences Affected:** N/A
1717
1718 #### Windows (GPO)
1719 ```
1720 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1721 ```
1722 #### Windows (Intune)
1723 OMA-URI:
1724 ```
1725 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1726 ```
1727 Value (string):
1728 ```
1729 <enabled/> or <disabled/>
1730 ```
1731 #### macOS
1732 ```
1733 <dict>
1734 <key>DisableSafeMode</key>
1735 <true/> | <false/>
1736 </dict>
1737 ```
1738 #### policies.json
1739 ```
1740 {
1741 "policies": {
1742 "DisableSafeMode": true | false
1743 }
1744 }
1745 ```
1746 ### DisableSecurityBypass
1747 Prevent the user from bypassing security in certain cases.
1748
1749 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1750
1751 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1752
1753 **Compatibility:** Firefox 60, Firefox ESR 60\
1754 **CCK2 Equivalent:** N/A\
1755 **Preferences Affected:** `security.certerror.hideAddException`,`browser.safebrowsing.allowOverride`
1756
1757 #### Windows (GPO)
1758 ```
1759 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
1760 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
1761 ```
1762 #### Windows (Intune)
1763 OMA-URI:
1764 ```
1765 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
1766 ```
1767 Value (string):
1768 ```
1769 <enabled/> or <disabled/>
1770 ```
1771 OMA-URI:
1772 ```
1773 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
1774 ```
1775 Value (string):
1776 ```
1777 <enabled/> or <disabled/>
1778 ```
1779
1780 #### macOS
1781 ```
1782 <dict>
1783 <key>DisableSecurityBypass</key>
1784 <dict>
1785 <key>InvalidCertificate</key>
1786 <true/> | <false/>
1787 <key>SafeBrowsing</key>
1788 <true/> | <false/>
1789 </dict>
1790 </dict>
1791 ```
1792 #### policies.json
1793 ```
1794 {
1795 "policies": {
1796 "DisableSecurityBypass": {
1797 "InvalidCertificate": true | false,
1798 "SafeBrowsing": true | false
1799 }
1800 }
1801 }
1802 ```
1803 ### DisableSystemAddonUpdate
1804 Prevent system add-ons from being installed or update.
1805
1806 **Compatibility:** Firefox 60, Firefox ESR 60\
1807 **CCK2 Equivalent:** N/A\
1808 **Preferences Affected:** N/A
1809
1810 #### Windows (GPO)
1811 ```
1812 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
1813 ```
1814 #### Windows (Intune)
1815 OMA-URI:
1816 ```
1817 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
1818 ```
1819 Value (string):
1820 ```
1821 <enabled/> or <disabled/>
1822 ```
1823 #### macOS
1824 ```
1825 <dict>
1826 <key>DisableSystemAddonUpdate</key>
1827 <true/> | <false/>
1828 </dict>
1829 ```
1830 #### policies.json
1831 ```
1832 {
1833 "policies": {
1834 "DisableSystemAddonUpdate": true | false
1835 }
1836 }
1837 ```
1838 ### DisableTelemetry
1839 Prevent the upload of telemetry data.
1840
1841 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
1842
1843 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
1844
1845 **Compatibility:** Firefox 60, Firefox ESR 60\
1846 **CCK2 Equivalent:** `disableTelemetry`\
1847 **Preferences Affected:** `datareporting.healthreport.uploadEnabled,datareporting.policy.dataSubmissionEnabled,toolkit.telemetry.archive.enabled`
1848
1849 #### Windows (GPO)
1850 ```
1851 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
1852 ```
1853 #### Windows (Intune)
1854 OMA-URI:
1855 ```
1856 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
1857 ```
1858 Value (string):
1859 ```
1860 <enabled/> or <disabled/>
1861 ```
1862 #### macOS
1863 ```
1864 <dict>
1865 <key>DisableTelemetry</key>
1866 <true/> | <false/>
1867 </dict>
1868 ```
1869 #### policies.json
1870 ```
1871 {
1872 "policies": {
1873 "DisableTelemetry": true | false
1874 }
1875 }
1876 ```
1877 ### DisplayBookmarksToolbar
1878 Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden.
1879
1880 **Compatibility:** Firefox 60, Firefox ESR 60\
1881 **CCK2 Equivalent:** `displayBookmarksToolbar`\
1882 **Preferences Affected:** N/A
1883
1884 #### Windows (GPO)
1885 ```
1886 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
1887 ```
1888 #### Windows (Intune)
1889 OMA-URI:
1890 ```
1891 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar
1892 ```
1893 Value (string):
1894 ```
1895 <enabled/> or <disabled/>
1896 ```
1897 #### macOS
1898 ```
1899 <dict>
1900 <key>DisplayBookmarksToolbar</key>
1901 <true/> | <false/>
1902 </dict>
1903 ```
1904 #### policies.json
1905 ```
1906 {
1907 "policies": {
1908 "DisplayBookmarksToolbar": true | false
1909 }
1910 }
1911 ```
1912 ### DisplayMenuBar (Deprecated)
1913 Set the initial state of the menubar. A user can still hide it and it will stay hidden.
1914
1915 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
1916 **CCK2 Equivalent:** `displayMenuBar`\
1917 **Preferences Affected:** N/A
1918
1919 #### Windows (GPO)
1920 ```
1921 Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
1922 ```
1923 #### macOS
1924 ```
1925 <dict>
1926 <key>DisplayMenuBar</key>
1927 <true/> | <false/>
1928 </dict>
1929 ```
1930 #### policies.json
1931 ```
1932 {
1933 "policies": {
1934 "DisplayMenuBar": true | false
1935 }
1936 }
1937 ```
1938 ### DisplayMenuBar
1939 Set the state of the menubar.
1940
1941 `always` means the menubar is shown and cannot be hidden.
1942
1943 `never` means the menubar is hidden and cannot be shown.
1944
1945 `default-on` means the menubar is on by default but can be hidden.
1946
1947 `default-off` means the menubar is off by default but can be shown.
1948
1949 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
1950 **CCK2 Equivalent:** `displayMenuBar`\
1951 **Preferences Affected:** N/A
1952
1953 #### Windows (GPO)
1954 ```
1955 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
1956 ```
1957 #### Windows (Intune)
1958 OMA-URI:
1959 ```
1960 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
1961 ```
1962 Value (string):
1963 ```
1964 <enabled/>
1965 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
1966 ```
1967 #### macOS
1968 ```
1969 <dict>
1970 <key>DisplayMenuBar</key>
1971 <string>always | never | default-on | default-off</string>
1972 </dict>
1973 ```
1974 #### policies.json
1975 ```
1976 {
1977 "policies": {
1978 "DisplayMenuBar": "always", "never", "default-on", "default-off"
1979 }
1980 }
1981 ```
1982 ### DNSOverHTTPS
1983 Configure DNS over HTTPS.
1984
1985 `Enabled` determines whether DNS over HTTPS is enabled
1986
1987 `ProviderURL` is a URL to another provider.
1988
1989 `Locked` prevents the user from changing DNS over HTTPS preferences.
1990
1991 `ExcludedDomains` excludes domains from DNS over HTTPS.
1992
1993 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
1994 **CCK2 Equivalent:** N/A\
1995 **Preferences Affected:** `network.trr.mode`,`network.trr.uri`
1996
1997 #### Windows (GPO)
1998 ```
1999 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2000 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2001 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2002 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2003 ```
2004 #### Windows (Intune)
2005 OMA-URI:
2006 ```
2007 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2008 ```
2009 Value (string):
2010 ```
2011 <enabled/> or <disabled/>
2012 ```
2013 OMA-URI:
2014 ```
2015 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2016 ```
2017 Value (string):
2018 ```
2019 <enabled/>
2020 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2021 ```
2022 OMA-URI:
2023 ```
2024 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2025 ```
2026 Value (string):
2027 ```
2028 <enabled/> or <disabled/>
2029 ```
2030 OMA-URI:
2031 ```
2032 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2033 ```
2034 Value (string):
2035 ```
2036 <enabled/>
2037 <data id="List" value="1&#xF000;example.com"/>
2038 ```
2039 #### macOS
2040 ```
2041 <dict>
2042 <key>DNSOverHTTPS</key>
2043 <dict>
2044 <key>Enabled</key>
2045 <true/> | <false/>
2046 <key>ProviderURL</key>
2047 <string>URL_TO_ALTERNATE_PROVIDER</string>
2048 <key>Locked</key>
2049 <true/> | <false/>
2050 <key>ExcludedDomains</key>
2051 <array>
2052 <string>example.com</string>
2053 </array>
2054 </dict>
2055 </dict>
2056 ```
2057 #### policies.json
2058 ```
2059 {
2060 "policies": {
2061 "DNSOverHTTPS": {
2062 "Enabled": true | false,
2063 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2064 "Locked": true | false,
2065 "ExcludedDomains": ["example.com"]
2066 }
2067 }
2068 }
2069 ```
2070 ### DontCheckDefaultBrowser
2071 Don't check if Firefox is the default browser at startup.
2072
2073 **Compatibility:** Firefox 60, Firefox ESR 60\
2074 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2075 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2076
2077 #### Windows (GPO)
2078 ```
2079 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2080 ```
2081 #### Windows (Intune)
2082 OMA-URI:
2083 ```
2084 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2085 ```
2086 Value (string):
2087 ```
2088 <enabled/> or <disabled/>
2089 ```
2090 #### macOS
2091 ```
2092 <dict>
2093 <key>DontCheckDefaultBrowser</key>
2094 <true/> | <false/>
2095 </dict>
2096 ```
2097 #### policies.json
2098 ```
2099 {
2100 "policies": {
2101 "DontCheckDefaultBrowser": true | false
2102 }
2103 }
2104 ```
2105 ### DefaultDownloadDirectory
2106 Set the default download directory.
2107
2108 You can use ${home} for the native home directory.
2109
2110 **Compatibility:** Firefox 68, Firefox ESR 68\
2111 **CCK2 Equivalent:** N/A\
2112 **Preferences Affected:** `browser.download.dir`,`browser.download.folderList`
2113
2114 #### Windows (GPO)
2115 ```
2116 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
2117 ```
2118 #### Windows (Intune)
2119 OMA-URI:
2120 ```
2121 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
2122 ```
2123 Value (string):
2124 ```
2125 <enabled/>
2126 <data id="Preferences_String" value="${home}\Downloads"/>
2127 ```
2128 #### macOS
2129 ```
2130 <dict>
2131 <key>DefaultDownloadDirectory</key>
2132 <string>${home}/Downloads</string>
2133 </dict>
2134 ```
2135 #### policies.json (macOS and Linux)
2136 ```
2137 {
2138 "policies": {
2139 "DefaultDownloadDirectory": "${home}/Downloads"
2140 }
2141 ```
2142 #### policies.json (Windows)
2143 ```
2144 {
2145 "policies": {
2146 "DefaultDownloadDirectory": "${home}\\Downloads"
2147 }
2148 ```
2149 ### DownloadDirectory
2150 Set and lock the download directory.
2151
2152 You can use ${home} for the native home directory.
2153
2154 **Compatibility:** Firefox 68, Firefox ESR 68\
2155 **CCK2 Equivalent:** N/A\
2156 **Preferences Affected:** `browser.download.dir`,`browser.download.folderList`,`browser.download.useDownloadDir`
2157
2158 #### Windows (GPO)
2159 ```
2160 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2161 ```
2162 #### Windows (Intune)
2163 OMA-URI:
2164 ```
2165 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2166 ```
2167 Value (string):
2168 ```
2169 <enabled/>
2170 <data id="Preferences_String" value="${home}\Downloads"/>
2171 ```
2172 #### macOS
2173 ```
2174 <dict>
2175 <key>DownloadDirectory</key>
2176 <string>${home}/Downloads</string>
2177 </dict>
2178 ```
2179 #### policies.json (macOS and Linux)
2180 ```
2181 {
2182 "policies": {
2183 "DownloadDirectory": "${home}/Downloads"
2184 }
2185 ```
2186 #### policies.json (Windows)
2187 ```
2188 {
2189 "policies": {
2190 "DownloadDirectory": "${home}\\Downloads"
2191 }
2192 ```
2193 ### EnableTrackingProtection
2194 Configure tracking protection.
2195
2196 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2197
2198 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2199
2200 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2201
2202 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2203
2204 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2205
2206 `Exceptions` are origins for which tracking protection is not enabled.
2207
2208 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2209 **CCK2 Equivalent:** N/A\
2210 **Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
2211
2212 #### Windows (GPO)
2213 ```
2214 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2215 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2216 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2217 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2218 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2219 ```
2220 #### Windows (Intune)
2221 OMA-URI:
2222 ```
2223 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2224 ```
2225 Value (string):
2226 ```
2227 <enabled/> or <disabled/>
2228 ```
2229 OMA-URI:
2230 ```
2231 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2232 ```
2233 Value (string):
2234 ```
2235 <enabled/> or <disabled/>
2236 ```
2237 OMA-URI:
2238 ```
2239 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2240 ```
2241 Value (string):
2242 ```
2243 <enabled/> or <disabled/>
2244 ```
2245 OMA-URI:
2246 ```
2247 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2248 ```
2249 Value (string):
2250 ```
2251 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2252 ```
2253 OMA-URI:
2254 ```
2255 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2256 ```
2257 Value (string):
2258 ```
2259 <enabled/> or <disabled/>
2260 ```
2261 #### macOS
2262 ```
2263 <dict>
2264 <key>EnableTrackingProtection</key>
2265 <dict>
2266 <key>Value</key>
2267 <true/> | <false/>
2268 <key>Locked</key>
2269 <true/> | <false/>
2270 <key>Cryptomining</key>
2271 <true/> | <false/>
2272 <key>Fingerprinting</key>
2273 <true/> | <false/>
2274 <key>Exceptions</key>
2275 <array>
2276 <string>https://example.com</string>
2277 </array>
2278 </dict>
2279 </dict>
2280 ```
2281 #### policies.json
2282 ```
2283 {
2284 "policies": {
2285 "EnableTrackingProtection": {
2286 "Value": true | false,
2287 "Locked": true | false,
2288 "Cryptomining": true | false,
2289 "Fingerprinting": true | false,
2290 "Exceptions": ["https://example.com"]
2291 }
2292 }
2293 }
2294 ```
2295 ### EncryptedMediaExtensions
2296 Enable or disable Encrypted Media Extensions and optionally lock it.
2297
2298 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2299
2300 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2301
2302 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2303 **CCK2 Equivalent:** N/A\
2304 **Preferences Affected:** `media.eme.enabled`
2305
2306 #### Windows (GPO)
2307 ```
2308 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2309 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2310 ```
2311 #### Windows (Intune)
2312 OMA-URI:
2313 ```
2314 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2315 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2316 ```
2317 Value (string):
2318 ```
2319 <enabled/>or <disabled/>
2320 ```
2321 #### macOS
2322 ```
2323 <dict>
2324 <key>EncryptedMediaExtensions</key>
2325 <dict>
2326 <key>Enabled</key>
2327 <true/> | <false/>
2328 <key>Locked</key>
2329 <true/> | <false/>
2330 </dict>
2331 </dict>
2332 ```
2333 #### policies.json
2334 ```
2335 {
2336 "policies": {
2337 "EncryptedMediaExtensions": {
2338 "Enabled": true | false,
2339 "Locked": true | false
2340 }
2341 }
2342 }
2343 ```
2344 ### EnterprisePoliciesEnabled
2345 Enable policy support on macOS.
2346
2347 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2348 **CCK2 Equivalent:** N/A\
2349 **Preferences Affected:** N/A
2350
2351 #### macOS
2352 ```
2353 <dict>
2354 <key>EnterprisePoliciesEnabled</key>
2355 <true/>
2356 </dict>
2357 ```
2358 ### Extensions
2359 Control the installation, uninstallation and locking of extensions.
2360
2361 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2362
2363 `Install` is a list of URLs or native paths for extensions to be installed.
2364
2365 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2366
2367 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2368
2369 **Compatibility:** Firefox 60, Firefox ESR 60\
2370 **CCK2 Equivalent:** `addons`\
2371 **Preferences Affected:** N/A
2372
2373 #### Windows (GPO)
2374 ```
2375 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2376 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2377 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2378 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2379 ```
2380 #### Windows (Intune)
2381 OMA-URI:
2382 ```
2383 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2384 ```
2385 Value (string):
2386 ```
2387 <enabled/>
2388 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2389 ```
2390 OMA-URI:
2391 ```
2392 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2393 ```
2394 Value (string):
2395 ```
2396 <enabled/>
2397 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2398 ```
2399 OMA-URI:
2400 ```
2401 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2402 ```
2403 Value (string):
2404 ```
2405 <enabled/>
2406 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2407 ```
2408 #### macOS
2409 ```
2410 <dict>
2411 <key>Extensions</key>
2412 <dict>
2413 <key>Install</key>
2414 <array>
2415 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2416 <string>//path/to/xpi</string>
2417 </array>
2418 <key>Uninstall</key>
2419 <array>
2420 <string>bad_addon_id@mozilla.org</string>
2421 </array>
2422 <key>Locked</key>
2423 <array>
2424 <string>addon_id@mozilla.org</string>
2425 </array>
2426 </dict>
2427 </dict>
2428 ```
2429 #### policies.json
2430 ```
2431 {
2432 "policies": {
2433 "Extensions": {
2434 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2435 "Uninstall": ["bad_addon_id@mozilla.org"],
2436 "Locked": ["addon_id@mozilla.org"]
2437 }
2438 }
2439 }
2440 ```
2441 ### ExtensionSettings
2442 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2443
2444 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2445
2446 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2447
2448 The configuration for each extension is another dictionary that can contain the fields documented below.
2449
2450 | Name | Description |
2451 | --- | --- |
2452 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2453 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2454 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2455 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2456 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2457 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2458 | `install_sources` | A list of sources from which installing extensions is allowed. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2459 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2460 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2461 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2462 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2463
2464 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2465 **CCK2 Equivalent:** N/A\
2466 **Preferences Affected:** N/A
2467
2468 #### Windows (GPO)
2469 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2470 ```
2471 {
2472 "*": {
2473 "blocked_install_message": "Custom error message.",
2474 "install_sources": ["about:addons","https://addons.mozilla.org/"],
2475 "installation_mode": "blocked",
2476 "allowed_types": ["extension"]
2477 },
2478 "uBlock0@raymondhill.net": {
2479 "installation_mode": "force_installed",
2480 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2481 },
2482 "https-everywhere@eff.org": {
2483 "installation_mode": "allowed"
2484 }
2485 }
2486 ```
2487 #### Windows (Intune)
2488 OMA-URI:
2489 ```
2490 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2491 ```
2492 Value (string):
2493 ```
2494 <enabled/>
2495 <data id="ExtensionSettings" value='
2496 {
2497 "*": {
2498 "blocked_install_message": "Custom error message.",
2499 "install_sources": ["about:addons","https://addons.mozilla.org/"],
2500 "installation_mode": "blocked",
2501 "allowed_types": ["extension"]
2502 },
2503 "uBlock0@raymondhill.net": {
2504 "installation_mode": "force_installed",
2505 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2506 },
2507 "https-everywhere@eff.org": {
2508 "installation_mode": "allowed"
2509 }
2510 }'/>
2511 ```
2512 #### macOS
2513 ```
2514 <dict>
2515 <key>ExtensionSettings</key>
2516 <dict>
2517 <key>*</key>
2518 <dict>
2519 <key>blocked_install_message</key>
2520 <string>Custom error message.</string>
2521 <key>install_sources</key>
2522 <array>
2523 <string>about:addons</string>
2524 <string>https://addons.mozilla.org/</string>
2525 </array>
2526 <key>installation_mode</key>
2527 <string>blocked</string>
2528 <key>allowed_types</key>
2529 <array>
2530 <string>extension</string>
2531 </array>
2532 </dict>
2533 <key>uBlock0@raymondhill.net</key>
2534 <dict>
2535 <key>installation_mode</key>
2536 <string>force_installed</string>
2537 <key>install_url</key>
2538 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2539 </dict>
2540 <key>https-everywhere@eff.org</key>
2541 <dict>
2542 <key>installation_mode</key>
2543 <string>allowed</string>
2544 </dict>
2545 </dict>
2546 </dict>
2547 ```
2548 #### policies.json
2549 ```
2550 {
2551 "policies": {
2552 "ExtensionSettings": {
2553 "*": {
2554 "blocked_install_message": "Custom error message.",
2555 "install_sources": ["about:addons","https://addons.mozilla.org/"],
2556 "installation_mode": "blocked",
2557 "allowed_types": ["extension"]
2558 },
2559 "uBlock0@raymondhill.net": {
2560 "installation_mode": "force_installed",
2561 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2562 },
2563 "https-everywhere@eff.org": {
2564 "installation_mode": "allowed"
2565 }
2566 }
2567 }
2568 }
2569 ```
2570 ### ExtensionUpdate
2571 Control extension updates.
2572
2573 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2574 **CCK2 Equivalent:** N/A\
2575 **Preferences Affected:** `extensions.update.enabled`
2576
2577 #### Windows (GPO)
2578 ```
2579 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2580 ```
2581 #### Windows (Intune)
2582 OMA-URI:
2583 ```
2584 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2585 ```
2586 Value (string):
2587 ```
2588 <enabled/> or <disabled/>
2589 ```
2590 #### macOS
2591 ```
2592 <dict>
2593 <key>ExtensionUpdate</key>
2594 <true/> | <false/>
2595 </dict>
2596 ```
2597 #### policies.json
2598 ```
2599 {
2600 "policies": {
2601 "ExtensionUpdate": true | false
2602 }
2603 }
2604 ```
2605 ### FlashPlugin
2606 Configure the default Flash plugin policy as well as origins for which Flash is allowed.
2607
2608 `Allow` is a list of origins where Flash are allowed.
2609
2610 `Block` is a list of origins where Flash is not allowed.
2611
2612 `Default` determines whether or not Flash is allowed by default.
2613
2614 `Locked` prevents the user from changing Flash preferences.
2615
2616 **Compatibility:** Firefox 60, Firefox ESR 60\
2617 **CCK2 Equivalent:** `permissions.plugin`\
2618 **Preferences Affected:** `plugin.state.flash`
2619
2620 #### Windows (GPO)
2621 ```
2622 Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org"
2623 Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu"
2624 Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
2625 Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
2626 ```
2627 #### Windows (Intune)
2628 OMA-URI:
2629 ```
2630 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow
2631 ```
2632 Value (string):
2633 ```
2634 <enabled/>
2635 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
2636 ```
2637 OMA-URI:
2638 ```
2639 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked
2640 ```
2641 Value (string):
2642 ```
2643 <enabled/> or <disabled/>
2644 ```
2645 OMA-URI:
2646 ```
2647 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default
2648 ```
2649 Value (string):
2650 ```
2651 <enabled/> or <disabled/>
2652 ```
2653 #### macOS
2654 ```
2655 <dict>
2656 <key>FlashPlugin</key>
2657 <dict>
2658 <key>Allow</key>
2659 <array>
2660 <string>http://example.org</string>
2661 </array>
2662 <key>Block</key>
2663 <array>
2664 <string>http://example.edu</string>
2665 </array>
2666 <key>Default</key>
2667 <true/> | <false/>
2668 <key>Locked</key>
2669 <true/> | <false/>
2670 </dict>
2671 </dict>
2672 ```
2673 #### policies.json
2674 ```
2675 {
2676 "policies": {
2677 "FlashPlugin": {
2678 "Allow": ["http://example.org/"],
2679 "Block": ["http://example.edu/"],
2680 "Default": true | false,
2681 "Locked": true | false
2682 }
2683 }
2684 }
2685 ```
2686
2687
2688
2689 ### Handlers
2690 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
2691
2692 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
2693
2694 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
2695
2696 | Name | Description |
2697 | --- | --- |
2698 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
2699 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
2700 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
2701 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
2702 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
2703 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
2704
2705 **Compatibility:** Firefox 78, Firefox ESR 78\
2706 **CCK2 Equivalent:** N/A\
2707 **Preferences Affected:** N/A
2708
2709 #### Windows (GPO)
2710 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
2711 ```
2712 {
2713 "mimeTypes": {
2714 "application/msword": {
2715 "action": "useSystemDefault",
2716 "ask": true | false
2717 }
2718 },
2719 "schemes": {
2720 "mailto": {
2721 "action": "useHelperApp",
2722 "ask": true | false,
2723 "handlers": [{
2724 "name": "Gmail",
2725 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
2726 }]
2727 }
2728 },
2729 "extensions": {
2730 "pdf": {
2731 "action": "useHelperApp",
2732 "ask": true | false,
2733 "handlers": [{
2734 "name": "Adobe Acrobat",
2735 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
2736 }]
2737 }
2738 }
2739 }
2740 ```
2741 #### Windows (Intune)
2742 OMA-URI:
2743 ```
2744 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
2745 ```
2746 Value (string):
2747 ```
2748 <enabled/>
2749 <data id="Handlers" value='
2750 {
2751 "mimeTypes": {
2752 "application/msword": {
2753 "action": "useSystemDefault",
2754 "ask": true | false
2755 }
2756 },
2757 "schemes": {
2758 "mailto": {
2759 "action": "useHelperApp",
2760 "ask": true | false,
2761 "handlers": [{
2762 "name": "Gmail",
2763 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
2764 }]
2765 }
2766 },
2767 "extensions": {
2768 "pdf": {
2769 "action": "useHelperApp",
2770 "ask": true | false,
2771 "handlers": [{
2772 "name": "Adobe Acrobat",
2773 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
2774 }]
2775 }
2776 }
2777 }
2778 '/>
2779 ```
2780 #### macOS
2781 ```
2782 <dict>
2783 <key>Handlers</key>
2784 <dict>
2785 <key>mimeTypes</key>
2786 <dict>
2787 <key>application/msword</key>
2788 <dict>
2789 <key>action</key>
2790 <string>useSystemDefault</string>
2791 <key>ask</key>
2792 <true/> | <false/>
2793 </dict>
2794 </dict>
2795 <key>schemes</key>
2796 <dict>
2797 <key>mailto</key>
2798 <dict>
2799 <key>action</key>
2800 <string>useHelperApp</string>
2801 <key>ask</key>
2802 <true/> | <false/>
2803 <key>handlers</key>
2804 <array>
2805 <dict>
2806 <key>name</key>
2807 <string>Gmail</string>
2808 <key>uriTemplate</key>
2809 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
2810 </dict>
2811 </array>
2812 </dict>
2813 </dict>
2814 <key>extensions</key>
2815 <dict>
2816 <key>pdf</key>
2817 <dict>
2818 <key>action</key>
2819 <string>useHelperApp</string>
2820 <key>ask</key>
2821 <true/> | <false/>
2822 <key>handlers</key>
2823 <array>
2824 <dict>
2825 <key>name</key>
2826 <string>Adobe Acrobat</string>
2827 <key>path</key>
2828 <string>/System/Applications/Preview.app</string>
2829 </dict>
2830 </array>
2831 </dict>
2832 </dict>
2833 </dict>
2834 </dict>
2835 ```
2836 #### policies.json
2837 ```
2838 {
2839 "policies": {
2840 "Handlers": {
2841 "mimeTypes": {
2842 "application/msword": {
2843 "action": "useSystemDefault",
2844 "ask": false
2845 }
2846 },
2847 "schemes": {
2848 "mailto": {
2849 "action": "useHelperApp",
2850 "ask": true | false,
2851 "handlers": [{
2852 "name": "Gmail",
2853 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
2854 }]
2855 }
2856 },
2857 "extensions": {
2858 "pdf": {
2859 "action": "useHelperApp",
2860 "ask": true | false,
2861 "handlers": [{
2862 "name": "Adobe Acrobat",
2863 "path": "/usr/bin/acroread"
2864 }]
2865 }
2866 }
2867 }
2868 }
2869 }
2870 ```
2871 ### FirefoxHome
2872 Customize the Firefox Home page.
2873
2874 **Compatibility:** Firefox 68, Firefox ESR 68\
2875 **CCK2 Equivalent:** N/A\
2876 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`,`browser.newtabpage.activity-stream.feeds.topsites`,`browser.newtabpage.activity-stream.feeds.section.highlights`,`browser.newtabpage.activity-stream.feeds.section.topstories`,`browser.newtabpage.activity-stream.feeds.snippets`
2877
2878 #### Windows (GPO)
2879 ```
2880 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2881 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2882 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2883 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2884 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2885 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2886 ```
2887 #### Windows (Intune)
2888 OMA-URI:
2889 ```
2890 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2891 ```
2892 Value (string):
2893 ```
2894 <enabled/>
2895 <data id="FirefoxHome_Search" value="true | false"/>
2896 <data id="FirefoxHome_TopSites" value="true | false"/>
2897 <data id="FirefoxHome_Highlights" value="true | false"/>
2898 <data id="FirefoxHome_Pocket" value="true | false"/>
2899 <data id="FirefoxHome_Snippets" value="true | false"/>
2900 <data id="FirefoxHome_Locked" value="true | false"/>
2901 ```
2902 #### macOS
2903 ```
2904 <dict>
2905 <key>FirefoxHome</key>
2906 <dict>
2907 <key>Search</key>
2908 <true/> | <false/>
2909 <key>TopSites</key>
2910 <true/> | <false/>
2911 <key>Highlights</key>
2912 <true/> | <false/>
2913 <key>Pocket</key>
2914 <true/> | <false/>
2915 <key>Snippets</key>
2916 <true/> | <false/>
2917 <key>Locked</key>
2918 <true/> | <false/>
2919 </dict>
2920 </dict>
2921 ```
2922 #### policies.json
2923 ```
2924 {
2925 "policies": {
2926 "FirefoxHome": {
2927 "Search": true | false,
2928 "TopSites": true | false,
2929 "Highlights": true | false,
2930 "Pocket": true | false,
2931 "Snippets": true | false,
2932 "Locked": true | false
2933 }
2934 }
2935 }
2936 ```
2937 ### HardwareAcceleration
2938 Control hardware acceleration.
2939
2940 **Compatibility:** Firefox 60, Firefox ESR 60\
2941 **CCK2 Equivalent:** N/A\
2942 **Preferences Affected:** `layers.acceleration.disabled`
2943
2944 #### Windows (GPO)
2945 ```
2946 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
2947 ```
2948 #### Windows (Intune)
2949 OMA-URI:
2950 ```
2951 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
2952 ```
2953 Value (string):
2954 ```
2955 <enabled/> or <disabled/>
2956 ```
2957 #### macOS
2958 ```
2959 <dict>
2960 <key>HardwareAcceleration</key>
2961 <true/> | <false/>
2962 </dict>
2963 ```
2964 #### policies.json
2965 ```
2966 {
2967 "policies": {
2968 "HardwareAcceleration": true | false
2969 }
2970 }
2971 ```
2972 ### Homepage
2973 Configure the default homepage and how Firefox starts.
2974
2975 `URL` is the default homepage.
2976
2977 `Locked` prevents the user from changing homepage preferences.
2978
2979 `Additional` allows for more than one homepage.
2980
2981 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
2982
2983 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
2984
2985 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
2986 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
2987 **Preferences Affected:** `browser.startup.homepage`,`browser.startup.page`
2988
2989 #### Windows (GPO)
2990 ```
2991 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
2992 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
2993 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
2994 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
2995 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
2996 ```
2997 #### Windows (Intune)
2998 OMA-URI:
2999 ```
3000 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3001 ```
3002 Value (string):
3003 ```
3004 <enabled/>
3005
3006 <data id="HomepageURL" value="https://example.com"/>
3007 <data id="HomepageLocked" value="true | false"/>
3008 ```
3009 OMA-URI:
3010 ```
3011 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3012 ```
3013 Value (string):
3014 ```
3015 <enabled/>
3016
3017 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3018 ```
3019 OMA-URI:
3020 ```
3021 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3022 ```
3023 Value (string):
3024 ```
3025 <enabled/>
3026
3027 <data id="StartPage" value="none | homepage | previous-session"/>
3028 ```
3029 #### macOS
3030 ```
3031 <dict>
3032 <key>Homepage</key>
3033 <dict>
3034 <key>URL</key>
3035 <string>http://example.com</string>
3036 <key>Locked</key>
3037 <true/> | <false/>
3038 <key>Additional</key>
3039 <array>
3040 <string>http://example.org</string>
3041 <string>http://example.edu</string>
3042 </array>
3043 <key>StartPage</key>
3044 <string>none | homepage | previous-session | homepage-locked</string>
3045 </dict>
3046 </dict>
3047 ```
3048 #### policies.json
3049 ```
3050 {
3051 "policies": {
3052 "Homepage": {
3053 "URL": "http://example.com/",
3054 "Locked": true | false,
3055 "Additional": ["http://example.org/",
3056 "http://example.edu/"],
3057 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3058 }
3059 }
3060 }
3061 ```
3062 ### InstallAddonsPermission
3063 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3064
3065 `Allow` is a list of origins where extension installs are allowed.
3066
3067 `Default` determines whether or not extension installs are allowed by default.
3068
3069 **Compatibility:** Firefox 60, Firefox ESR 60\
3070 **CCK2 Equivalent:** `permissions.install`\
3071 **Preferences Affected:** `xpinstall.enabled`
3072
3073 #### Windows (GPO)
3074 ```
3075 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3076 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3077 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3078 ```
3079 #### Windows (Intune)
3080 OMA-URI:
3081 ```
3082 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3083 ```
3084 Value (string):
3085 ```
3086 <enabled/>
3087 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3088 ```
3089 OMA-URI:
3090 ```
3091 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3092 ```
3093 Value (string):
3094 ```
3095 <enabled/>
3096 ```
3097 #### macOS
3098 ```
3099 <dict>
3100 <key>InstallAddonsPermission</key>
3101 <dict>
3102 <key>Allow</key>
3103 <array>
3104 <string>http://example.org</string>
3105 <string>http://example.edu</string>
3106 </array>
3107 <key>Default</key>
3108 <true/> | <false/>
3109 </dict>
3110 </dict>
3111 ```
3112 #### policies.json
3113 ```
3114 {
3115 "policies": {
3116 "InstallAddonsPermission": {
3117 "Allow": ["http://example.org/",
3118 "http://example.edu/"],
3119 "Default": true | false
3120 }
3121 }
3122 }
3123 ```
3124 ### LegacyProfiles
3125 Disable the feature enforcing a separate profile for each installation.
3126
3127 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3128
3129 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3130
3131 This policy only work on Windows via GPO (not policies.json).
3132
3133 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3134 **CCK2 Equivalent:** N/A\
3135 **Preferences Affected:** N/A
3136
3137 #### Windows (GPO)
3138 ```
3139 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3140 ```
3141 #### Windows (Intune)
3142 OMA-URI:
3143 ```
3144 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3145 ```
3146 Value (string):
3147 ```
3148 <enabled/> or <disabled/>
3149 ```
3150 ### LocalFileLinks
3151 Enable linking to local files by origin.
3152
3153 **Compatibility:** Firefox 68, Firefox ESR 68\
3154 **CCK2 Equivalent:** N/A\
3155 **Preferences Affected:** `capability.policy.localfilelinks.*`
3156
3157 #### Windows (GPO)
3158 ```
3159 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3160 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3161 ```
3162 #### Windows (Intune)
3163 OMA-URI:
3164 ```
3165 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3166 ```
3167 Value (string):
3168 ```
3169 <enabled/>
3170 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3171 ```
3172 #### macOS
3173 ```
3174 <dict>
3175 <key>LocalFileLinks</key>
3176 <array>
3177 <string>http://example.org</string>
3178 <string>http://example.edu</string>
3179 </array>
3180 </dict>
3181 ```
3182 #### policies.json
3183 ```
3184 {
3185 "policies": {
3186 "LocalFileLinks": ["http://example.org/",
3187 "http://example.edu/"]
3188 }
3189 }
3190 ```
3191 ### ManagedBookmarks
3192 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3193
3194 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3195
3196 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3197 ```
3198 {
3199 "items": {
3200 "id": "BookmarkType",
3201 "properties": {
3202 "children": {
3203 "items": {
3204 "$ref": "BookmarkType"
3205 },
3206 "type": "array"
3207 },
3208 "name": {
3209 "type": "string"
3210 },
3211 "toplevel_name": {
3212 "type": "string"
3213 },
3214 "url": {
3215 "type": "string"
3216 }
3217 },
3218 "type": "object"
3219 },
3220 "type": "array"
3221 }
3222 ```
3223 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3224 **CCK2 Equivalent:** N/A\
3225 **Preferences Affected:** N/A
3226
3227 #### Windows (GPO)
3228 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3229 ```
3230 [
3231 {
3232 "toplevel_name": "My managed bookmarks folder"
3233 },
3234 {
3235 "url": "example.com",
3236 "name": "Example"
3237 },
3238 {
3239 "name": "Mozilla links",
3240 "children": [
3241 {
3242 "url": "https://mozilla.org",
3243 "name": "Mozilla.org"
3244 },
3245 {
3246 "url": "https://support.mozilla.org/",
3247 "name": "SUMO"
3248 }
3249 ]
3250 }
3251 ]
3252 ```
3253 #### Windows (Intune)
3254 OMA-URI:
3255 ```
3256 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3257 ```
3258 Value (string):
3259 ```
3260 <enabled/>
3261 <data id="JSON" value='
3262 [
3263 {
3264 "toplevel_name": "My managed bookmarks folder"
3265 },
3266 {
3267 "url": "example.com",
3268 "name": "Example"
3269 },
3270 {
3271 "name": "Mozilla links",
3272 "children": [
3273 {
3274 "url": "https://mozilla.org",
3275 "name": "Mozilla.org"
3276 },
3277 {
3278 "url": "https://support.mozilla.org/",
3279 "name": "SUMO"
3280 }
3281 ]
3282 }
3283 ]'/>
3284 ```
3285 #### macOS
3286 ```
3287 <dict>
3288 <key>ManagedBookmarks</key>
3289 <array>
3290 <dict>
3291 <key>toplevel_name</key>
3292 <string>My managed bookmarks folder</string>
3293 <dict>
3294 <key>url</key>
3295 <string>example.com</string>
3296 <key>name</key>
3297 <string>Example</string>
3298 </dict>
3299 <dict>
3300 <key>name</key>
3301 <string>Mozilla links</string>
3302 <key>children</key>
3303 <array>
3304 <dict>
3305 <key>url</key>
3306 <string>https://mozilla.org</string>
3307 <key>name</key>
3308 <string>Mozilla</string>
3309 </dict>
3310 <dict>
3311 <key>url</key>
3312 <string>https://support.mozilla.org/</string>
3313 <key>name</key>
3314 <string>SUMO</string>
3315 </dict>
3316 </array>
3317 </dict>
3318 </array>
3319 </dict>
3320 ```
3321 #### policies.json
3322 ```
3323 {
3324 "policies": {
3325 "ManagedBookmarks": [
3326 {
3327 "toplevel_name": "My managed bookmarks folder"
3328 },
3329 {
3330 "url": "example.com",
3331 "name": "Example"
3332 },
3333 {
3334 "name": "Mozilla links",
3335 "children": [
3336 {
3337 "url": "https://mozilla.org",
3338 "name": "Mozilla.org"
3339 },
3340 {
3341 "url": "https://support.mozilla.org/",
3342 "name": "SUMO"
3343 }
3344 ]
3345 }
3346 ]
3347 }
3348 }
3349 ```
3350 ### ManualAppUpdateOnly
3351
3352 Switch to manual updates only.
3353
3354 If this policy is enabled:
3355 1. The user will never be prompted to install updates
3356 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3357 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3358
3359 This policy is primarily intended for advanced end users, not for enterprises.
3360
3361 **Compatibility:** Firefox 87\
3362 **CCK2 Equivalent:** N/A\
3363 **Preferences Affected:** N/A
3364
3365 #### policies.json
3366 ```
3367 {
3368 "policies": {
3369 "ManualAppUpdateOnly": true | false
3370 }
3371 }
3372 ```
3373 ### PrimaryPassword
3374 Require or prevent using a primary (formerly master) password.
3375
3376 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
3377
3378 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
3379
3380 **Compatibility:** Firefox 79, Firefox ESR 78.1\
3381 **CCK2 Equivalent:** `noMasterPassword`\
3382 **Preferences Affected:** N/A
3383
3384 #### Windows (GPO)
3385 ```
3386 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
3387 ```
3388 #### Windows (Intune)
3389 OMA-URI:
3390 ```
3391 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
3392 ```
3393 Value (string):
3394 ```
3395 <enabled/> or <disabled/>
3396 ```
3397 #### macOS
3398 ```
3399 <dict>
3400 <key>PrimaryPassword</key>
3401 <true/> | <false/>
3402 </dict>
3403 ```
3404 #### policies.json
3405 ```
3406 {
3407 "policies": {
3408 "PrimaryPassword": true | false
3409 }
3410 }
3411 ```
3412 ### NetworkPrediction
3413 Enable or disable network prediction (DNS prefetching).
3414
3415 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3416 **CCK2 Equivalent:** N/A\
3417 **Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS`
3418
3419 #### Windows (GPO)
3420 ```
3421 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3422 ```
3423 #### Windows (Intune)
3424 OMA-URI:
3425 ```
3426 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3427 ```
3428 Value (string):
3429 ```
3430 <enabled/> or <disabled/>
3431 ```
3432 #### macOS
3433 ```
3434 <dict>
3435 <key>NetworkPrediction</key>
3436 <true/> | <false/>
3437 </dict>
3438 ```
3439 #### policies.json
3440 ```
3441 {
3442 "policies": {
3443 "NetworkPrediction": true | false
3444 }
3445 ```
3446 ### NewTabPage
3447 Enable or disable the New Tab page.
3448
3449 **Compatibility:** Firefox 68, Firefox ESR 68\
3450 **CCK2 Equivalent:** N/A\
3451 **Preferences Affected:** `browser.newtabpage.enabled`
3452
3453 #### Windows (GPO)
3454 ```
3455 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3456 ```
3457 #### Windows (Intune)
3458 OMA-URI:
3459 ```
3460 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3461 ```
3462 Value (string):
3463 ```
3464 <enabled/> or <disabled/>
3465 ```
3466 #### macOS
3467 ```
3468 <dict>
3469 <key>NewTabPage</key>
3470 <true/> | <false/>
3471 </dict>
3472 ```
3473 #### policies.json
3474 ```
3475 {
3476 "policies": {
3477 "NewTabPage": true | false
3478 }
3479 ```
3480 ### NoDefaultBookmarks
3481 Disable the creation of default bookmarks.
3482
3483 This policy is only effective if the user profile has not been created yet.
3484
3485 **Compatibility:** Firefox 60, Firefox ESR 60\
3486 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3487 **Preferences Affected:** N/A
3488
3489 #### Windows (GPO)
3490 ```
3491 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3492 ```
3493 #### Windows (Intune)
3494 OMA-URI:
3495 ```
3496 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3497 ```
3498 Value (string):
3499 ```
3500 <enabled/> or <disabled/>
3501 ```
3502 #### macOS
3503 ```
3504 <dict>
3505 <key>NoDefaultBookmarks</key>
3506 <true/> | <false/>
3507 </dict>
3508 ```
3509 #### policies.json
3510 ```
3511 {
3512 "policies": {
3513 "NoDefaultBookmarks": true | false
3514 }
3515 }
3516 ```
3517 ### OfferToSaveLogins
3518 Control whether or not Firefox offers to save passwords.
3519
3520 **Compatibility:** Firefox 60, Firefox ESR 60\
3521 **CCK2 Equivalent:** `dontRememberPasswords`\
3522 **Preferences Affected:** `signon.rememberSignons`
3523
3524 #### Windows (GPO)
3525 ```
3526 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3527 ```
3528 #### Windows (Intune)
3529 OMA-URI:
3530 ```
3531 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3532 ```
3533 Value (string):
3534 ```
3535 <enabled/> or <disabled/>
3536 ```
3537 #### macOS
3538 ```
3539 <dict>
3540 <key>OfferToSaveLogins</key>
3541 <true/> | <false/>
3542 </dict>
3543 ```
3544 #### policies.json
3545 ```
3546 {
3547 "policies": {
3548 "OfferToSaveLogins": true | false
3549 }
3550 }
3551 ```
3552 ### OfferToSaveLoginsDefault
3553 Sets the default value of signon.rememberSignons without locking it.
3554
3555 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3556 **CCK2 Equivalent:** `dontRememberPasswords`\
3557 **Preferences Affected:** `signon.rememberSignons`
3558
3559 #### Windows (GPO)
3560 ```
3561 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
3562 ```
3563 #### Windows (Intune)
3564 OMA-URI:
3565 ```
3566 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
3567 ```
3568 Value (string):
3569 ```
3570 <enabled/> or <disabled/>
3571 ```
3572 #### macOS
3573 ```
3574 <dict>
3575 <key>OfferToSaveLoginsDefault</key>
3576 <true/> | <false/>
3577 </dict>
3578 ```
3579 #### policies.json
3580 ```
3581 {
3582 "policies": {
3583 "OfferToSaveLoginsDefault": true | false
3584 }
3585 }
3586 ```
3587 ### OverrideFirstRunPage
3588 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
3589
3590 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
3591
3592 **Compatibility:** Firefox 60, Firefox ESR 60\
3593 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
3594 **Preferences Affected:** `startup.homepage_welcome_url`
3595
3596 #### Windows (GPO)
3597 ```
3598 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
3599 ```
3600 #### Windows (Intune)
3601 OMA-URI:
3602 ```
3603 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
3604 ```
3605 Value (string):
3606 ```
3607 <enabled/>
3608 <data id="OverridePage" value="https://example.com"/>
3609 ```
3610 #### macOS
3611 ```
3612 <dict>
3613 <key>OverrideFirstRunPage</key>
3614 <string>http://example.org</string>
3615 </dict>
3616 ```
3617 #### policies.json
3618 ```
3619 {
3620 "policies": {
3621 "OverrideFirstRunPage": "http://example.org"
3622 }
3623 }
3624 ```
3625 ### OverridePostUpdatePage
3626 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
3627
3628 **Compatibility:** Firefox 60, Firefox ESR 60\
3629 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
3630 **Preferences Affected:** `startup.homepage_override_url`
3631
3632 #### Windows (GPO)
3633 ```
3634 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
3635 ```
3636 #### Windows (Intune)
3637 OMA-URI:
3638 ```
3639 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
3640 ```
3641 Value (string):
3642 ```
3643 <enabled/>
3644 <data id="OverridePage" value="https://example.com"/>
3645 ```
3646 #### macOS
3647 ```
3648 <dict>
3649 <key>OverridePostUpdatePage</key>
3650 <string>http://example.org</string>
3651 </dict>
3652 ```
3653 #### policies.json
3654 ```
3655 {
3656 "policies": {
3657 "OverridePostUpdatePage": "http://example.org"
3658 }
3659 }
3660 ```
3661 ### PasswordManagerEnabled
3662 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
3663
3664 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3665 **CCK2 Equivalent:** N/A\
3666 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
3667
3668 #### Windows (GPO)
3669 ```
3670 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
3671 ```
3672 #### Windows (Intune)
3673 OMA-URI:
3674 ```
3675 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
3676 ```
3677 Value (string):
3678 ```
3679 <enabled/> or <disabled/>
3680 ```
3681 #### macOS
3682 ```
3683 <dict>
3684 <key>PasswordManagerEnabled</key>
3685 <true/> | <false/>
3686 </dict>
3687 ```
3688 #### policies.json
3689 ```
3690 {
3691 "policies": {
3692 "PasswordManagerEnabled": true | false
3693 }
3694 }
3695 ```
3696 ### PDFjs
3697 Disable or configure PDF.js, the built-in PDF viewer.
3698
3699 If `Enabled` is set to false, the built-in PDF viewer is disabled.
3700
3701 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
3702
3703 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
3704
3705 **Compatibility:** Firefox 77, Firefox ESR 68.9\
3706 **CCK2 Equivalent:** N/A\
3707 **Preferences Affected:** `pdfjs.diabled`,`pdfjs.enablePermissions`
3708
3709 #### Windows (GPO)
3710 ```
3711 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
3712 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
3713 ```
3714 #### Windows (Intune)
3715 OMA-URI:
3716 ```
3717 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
3718 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
3719 ```
3720 Value (string):
3721 ```
3722 <enabled/>or <disabled/>
3723 ```
3724 #### macOS
3725 ```
3726 <dict>
3727 <key>PDFjs</key>
3728 <dict>
3729 <key>Enabled</key>
3730 <true/> | <false/>
3731 <key>EnablePermissions</key>
3732 <true/> | <false/>
3733 </dict>
3734 </dict>
3735 ```
3736 #### policies.json
3737 ```
3738 {
3739 "policies": {
3740 "PSFjs": {
3741 "Enabled": true | false,
3742 "EnablePermissions": true | false
3743 }
3744 }
3745 }
3746 ```
3747 ### Permissions
3748 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
3749
3750 `Allow` is a list of origins where the feature is allowed.
3751
3752 `Block` is a list of origins where the feature is not allowed.
3753
3754 `BlockNewRequests` determines whether or not new requests can be made for the feature.
3755
3756 `Locked` prevents the user from changing preferences for the feature.
3757
3758 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
3759
3760 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
3761 **CCK2 Equivalent:** N/A\
3762 **Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`.`permissions.default.xr`
3763
3764 #### Windows (GPO)
3765 ```
3766 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
3767 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
3768 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
3769 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
3770 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
3771 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
3772 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
3773 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
3774 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
3775 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
3776 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
3777 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
3778 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
3779 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
3780 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
3781 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
3782 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
3783 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
3784 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
3785 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
3786 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
3787 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
3788 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
3789 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
3790 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
3791 ```
3792 #### Windows (Intune)
3793 OMA-URI:
3794 ```
3795 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
3796 ```
3797 Value (string):
3798 ```
3799 <enabled/> or <disabled/>
3800 ```
3801 OMA-URI:
3802 ```
3803 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
3804 ```
3805 Value (string):
3806 ```
3807 <enabled/> or <disabled/>
3808 ```
3809 OMA-URI:
3810 ```
3811 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
3812 ```
3813 Value (string):
3814 ```
3815 <enabled/>
3816 <data id="Permissions" value="1&#xF000;https://example.org"/>
3817 ```
3818 OMA-URI:
3819 ```
3820 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
3821 ```
3822 Value (string):
3823 ```
3824 <enabled/> or <disabled/>
3825 ```
3826 OMA-URI:
3827 ```
3828 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
3829 ```
3830 Value (string):
3831 ```
3832 <enabled/> or <disabled/>
3833 ```
3834 OMA-URI:
3835 ```
3836 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
3837 ```
3838 Value (string):
3839 ```
3840 <enabled/>
3841 <data id="Permissions" value="1&#xF000;https://example.org"/>
3842 ```
3843 OMA-URI:
3844 ```
3845 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
3846 ```
3847 Value (string):
3848 ```
3849 <enabled/>
3850 <data id="Permissions" value="1&#xF000;https://example.edu"/>
3851 ```
3852 OMA-URI:
3853 ```
3854 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
3855 ```
3856 Value (string):
3857 ```
3858 <enabled/>
3859 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
3860 ```
3861 OMA-URI:
3862 ```
3863 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
3864 ```
3865 Value (string):
3866 ```
3867 <enabled/> or <disabled/>
3868 ```
3869 OMA-URI:
3870 ```
3871 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
3872 ```
3873 Value (string):
3874 ```
3875 <enabled/>
3876 <data id="Permissions" value="1&#xF000;https://example.org"/>
3877 ```
3878 OMA-URI:
3879 ```
3880 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
3881 ```
3882 Value (string):
3883 ```
3884 <enabled/>
3885 <data id="Permissions" value="1&#xF000;https://example.edu"/>
3886 ```
3887 OMA-URI:
3888 ```
3889 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
3890 ```
3891 Value (string):
3892 ```
3893 <enabled/> or <disabled/>
3894 ```
3895 OMA-URI:
3896 ```
3897 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
3898 ```
3899 Value (string):
3900 ```
3901 <enabled/> or <disabled/>
3902 ```
3903 #### macOS
3904 ```
3905 <dict>
3906 <key>Permissions</key>
3907 <dict>
3908 <key>Camera</key>
3909 <dict>
3910 <key>Allow</key>
3911 <array>
3912 <string>https://example.org</string>
3913 <string>https://example.org:1234</string>
3914 </array>
3915 <key>Block</key>
3916 <array>
3917 <string>https://example.edu</string>
3918 </array>
3919 <key>BlockNewRequests</key>
3920 <true/> | <false/>
3921 <key>Locked</key>
3922 <true/> | <false/>
3923 </dict>
3924 <key>Microphone</key>
3925 <dict>
3926 <key>Allow</key>
3927 <array>
3928 <string>https://example.org</string>
3929 </array>
3930 <key>Block</key>
3931 <array>
3932 <string>https://example.edu</string>
3933 </array>
3934 <key>BlockNewRequests</key>
3935 <true/> | <false/>
3936 <key>Locked</key>
3937 <true/> | <false/>
3938 </dict>
3939 <key>Location</key>
3940 <dict>
3941 <key>Allow</key>
3942 <array>
3943 <string>https://example.org</string>
3944 </array>
3945 <key>Block</key>
3946 <array>
3947 <string>https://example.edu</string>
3948 </array>
3949 <key>BlockNewRequests</key>
3950 <true/> | <false/>
3951 <key>Locked</key>
3952 <true/> | <false/>
3953 </dict>
3954 <key>Notifications</key>
3955 <dict>
3956 <key>Allow</key>
3957 <array>
3958 <string>https://example.org</string>
3959 </array>
3960 <key>Block</key>
3961 <array>
3962 <string>https://example.edu</string>
3963 </array>
3964 <key>BlockNewRequests</key>
3965 <true/>
3966 <key>Locked</key>
3967 <true/>
3968 </dict>
3969 <key>Autoplay</key>
3970 <dict>
3971 <key>Allow</key>
3972 <array>
3973 <string>https://example.org</string>
3974 </array>
3975 <key>Block</key>
3976 <array>
3977 <string>https://example.edu</string>
3978 </array>
3979 <key>Default</key>
3980 <string>allow-audio-video | block-audio | block-audio-video</string>
3981 <key>Locked</key>
3982 <true/> | <false/>
3983 </dict>
3984 </dict>
3985 </dict>
3986 ```
3987 #### policies.json
3988 ```
3989 {
3990 "policies": {
3991 "Permissions": {
3992 "Camera": {
3993 "Allow": ["https://example.org","https://example.org:1234"],
3994 "Block": ["https://example.edu"],
3995 "BlockNewRequests": true | false,
3996 "Locked": true | false
3997 },
3998 "Microphone": {
3999 "Allow": ["https://example.org"],
4000 "Block": ["https://example.edu"],
4001 "BlockNewRequests": true | false,
4002 "Locked": true | false
4003 },
4004 "Location": {
4005 "Allow": ["https://example.org"],
4006 "Block": ["https://example.edu"],
4007 "BlockNewRequests": true | false,
4008 "Locked": true | false
4009 },
4010 "Notifications": {
4011 "Allow": ["https://example.org"],
4012 "Block": ["https://example.edu"],
4013 "BlockNewRequests": true | false,
4014 "Locked": true | false
4015 },
4016 "Autoplay": {
4017 "Allow": ["https://example.org"],
4018 "Block": ["https://example.edu"],
4019 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4020 "Locked": true | false
4021 }
4022 }
4023 }
4024 }
4025 ```
4026 ### PictureInPicture
4027
4028 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4029
4030 **Compatibility:** Firefox 78, Firefox ESR 78\
4031 **CCK2 Equivalent:** N/A\
4032 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4033
4034 #### Windows (GPO)
4035 ```
4036 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4037 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4038
4039 ```
4040 #### Windows (Intune)
4041 OMA-URI:
4042 ```
4043 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4044 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4045 ```
4046 Value (string):
4047 ```
4048 <enabled/> or <disabled/>
4049 ```
4050 #### macOS
4051 ```
4052 <dict>
4053 <key>PictureInPicture</key>
4054 <dict>
4055 <key>Enabled</key>
4056 <true/> | <false/>
4057 <key>Locked</key>
4058 <true/> | <false/>
4059 </dict>
4060 </dict>
4061 ```
4062 #### policies.json
4063 ```
4064 {
4065 "policies": {
4066 "PictureInPicture": {
4067 "Enabled": true | false,
4068 "Locked": true | false
4069 }
4070 }
4071 }
4072 ```
4073 ### PopupBlocking
4074 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4075
4076 `Allow` is a list of origins where popup-windows are allowed.
4077
4078 `Default` determines whether or not pop-up windows are allowed by default.
4079
4080 `Locked` prevents the user from changing pop-up preferences.
4081
4082 **Compatibility:** Firefox 60, Firefox ESR 60\
4083 **CCK2 Equivalent:** `permissions.popup`\
4084 **Preferences Affected:** `dom.disable_open_during_load`
4085
4086 #### Windows (GPO)
4087 ```
4088 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4089 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4090 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4091 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4092 ```
4093 #### Windows (Intune)
4094 OMA-URI:
4095 ```
4096 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4097 ```
4098 Value (string):
4099 ```
4100 <enabled/>
4101 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4102 ```
4103 OMA-URI:
4104 ```
4105 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4106 ```
4107 Value (string):
4108 ```
4109 <enabled/> or <disabled/>
4110 ```
4111 OMA-URI:
4112 ```
4113 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4114 ```
4115 Value (string):
4116 ```
4117 <enabled/> or <disabled/>
4118 ```
4119 #### macOS
4120 ```
4121 <dict>
4122 <key>PopupBlocking</key>
4123 <dict>
4124 <key>Allow</key>
4125 <array>
4126 <string>http://example.org</string>
4127 <string>http://example.edu</string>
4128 </array>
4129 <key>Default</key>
4130 <true/> | <false/>
4131 <key>Locked</key>
4132 <true/> | <false/>
4133 </dict>
4134 </dict>
4135 ```
4136 #### policies.json
4137 ```
4138 {
4139 "policies": {
4140 "PopupBlocking": {
4141 "Allow": ["http://example.org/",
4142 "http://example.edu/"],
4143 "Default": true | false,
4144 "Locked": true | false
4145 }
4146 }
4147 }
4148 ```
4149 ### Preferences
4150 Set and lock preferences.
4151
4152 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section.
4153
4154 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4155
4156 Preferences that start with the following prefixes are supported:
4157 ```
4158 accessibility.
4159 app.update.* (Firefox 86, Firefox 78.8)
4160 browser.
4161 datareporting.policy.
4162 dom.
4163 extensions.
4164 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4165 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4166 geo.
4167 gfx.
4168 intl.
4169 layers.
4170 layout.
4171 media.
4172 network.
4173 pdfjs. (Firefox 84, Firefox ESR 78.6)
4174 places.
4175 print.
4176 signon. (Firefox 83, Firefox ESR 78.5)
4177 spellchecker. (Firefox 84, Firefox ESR 78.6)
4178 ui.
4179 widget.
4180 ```
4181 as well as the following security preferences:
4182 | Preference | Type | Default
4183 | --- | --- | ---
4184 | security.default_personal_cert | string | Ask Every Time
4185 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4186 | security.insecure_connection_text.enabled | bool | false
4187 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4188 | security.insecure_connection_text.pbmode.enabled | bool | false
4189 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4190 | security.insecure_field_warning.contextual.enabled | bool | true
4191 | &nbsp;&nbsp;&nbsp;&nbsp;If set to false, remove the warning for inscure login fields.
4192 | security.mixed_content.block_active_content | boolean | true
4193 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4194 | security.osclientcerts.autoload | boolean | false
4195 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4196 | security.ssl.errorReporting.enabled | boolean | true
4197 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4198 | security.tls.hello_downgrade_check | boolean | true
4199 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4200 | security.tls.version.enable-deprecated | boolean | false
4201 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8)
4202 | security.warn_submit_secure_to_insecure | boolean | true
4203 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting s form from https to http.
4204 &nbsp;
4205
4206 Using the preference as the key, set the `Value` to the corresponding preference value.
4207
4208 `Status` can be "default", "locked", "user" or "clear"
4209
4210 Default preferences can be modified by the user.
4211
4212 If a value is locked, it is also set as the default.
4213
4214 User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy.
4215
4216 User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4217
4218 See the examples below for more detail.
4219
4220 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4221
4222 Status
4223 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4224 **CCK2 Equivalent:** `preferences`\
4225 **Preferences Affected:** Many
4226
4227 #### Windows (GPO)
4228 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4229 ```
4230 {
4231 "accessibility.force_disabled": {
4232 "Value": 1,
4233 "Status": "default"
4234 },
4235 "browser.cache.disk.parent_directory": {
4236 "Value": "SOME_NATIVE_PATH",
4237 "Status": "user"
4238 },
4239 "browser.tabs.warnOnClose": {
4240 "Value": false,
4241 "Status": "locked"
4242 }
4243 }
4244 ```
4245 #### Windows (Intune)
4246 OMA-URI:
4247 ```
4248 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4249 ```
4250 Value (string):
4251 ```
4252 <enabled/>
4253 <data id="JSON" value='
4254 {
4255 "accessibility.force_disabled": {
4256 "Value": 1,
4257 "Status": "default"
4258 },
4259 "browser.cache.disk.parent_directory": {
4260 "Value": "SOME_NATIVE_PATH",
4261 "Status": "user"
4262 },
4263 "browser.tabs.warnOnClose": {
4264 "Value": false,
4265 "Status": "locked"
4266 }
4267 }'/>
4268 ```
4269 #### macOS
4270 ```
4271 <dict>
4272 <key>Preferences</key>
4273 <dict>
4274 <key>accessibility.force_disabled</key>
4275 <dict>
4276 <key>Value</key>
4277 <integer>1</integer>
4278 <key>Status</key>
4279 <string>default</string>
4280 </dict>
4281 <key>browser.cache.disk.parent_directory</key>
4282 <dict>
4283 <key>Value</key>
4284 <string>SOME_NATIVE_PATH</string>
4285 <key>Status</key>
4286 <string>user</string>
4287 </dict>
4288 <key>browser.tabs.warnOnClose</key>
4289 <dict>
4290 <key>Value</key>
4291 <false/>
4292 <key>Status</key>
4293 <string>locked</string>
4294 </dict>
4295 </dict>
4296 </dict>
4297 ```
4298 #### policies.json
4299 ```
4300 {
4301 "policies": {
4302 "Preferences": {
4303 "accessibility.force_disabled": {
4304 "Value": 1,
4305 "Status": "default"
4306 },
4307 "browser.cache.disk.parent_directory": {
4308 "Value": "SOME_NATIVE_PATH",
4309 "Status": "user"
4310 },
4311 "browser.tabs.warnOnClose": {
4312 "Value": false,
4313 "Status": "locked"
4314 }
4315 }
4316 }
4317 }
4318 ```
4319 ### Preferences (Deprecated)
4320 Set and lock certain preferences.
4321
4322 **Compatibility:** See below\
4323 **CCK2 Equivalent:** `preferences`\
4324 **Preferences Affected:** See below
4325
4326 | Preference | Type | Compatibility | Default
4327 | --- | --- | --- | ---
4328 | accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
4329 | &nbsp;&nbsp;&nbsp;&nbsp;If set to 1, platform accessibility is disabled.
4330 | app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
4331 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Firefox doesn't automatically install update.
4332 | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false
4333 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are exported on shutdown.
4334 | browser.bookmarks.file | string | Firefox 70, Firefox ESR 68.2 | N/A
4335 | &nbsp;&nbsp;&nbsp;&nbsp;If set, the name of the file where bookmarks are exported and imported.
4336 | browser.bookmarks.restore_default_bookmarks | boolean | Firefox 70, Firefox ESR 68.2 | N/A
4337 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are restored to their defaults.
4338 | browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true
4339 | &nbsp;&nbsp;&nbsp;&nbsp;If false, don't store cache on the hard drive.
4340 | ~browser.cache.disk.parent_directory~ | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
4341 | &nbsp;&nbsp;&nbsp;&nbsp;~If set, changes the location of the disk cache.~ This policy doesn't work. It's being worked on.
4342 | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
4343 | &nbsp;&nbsp;&nbsp;&nbsp;If true, single words are sent to DNS, not directly to search.
4344 | browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent
4345 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page. Due to Firefox limitations, search sites can't be added. In addition, sites with the same name but different TLDs (example.org/example.com) will not display properly.
4346 | browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
4347 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are always imported on startup.
4348 | browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4349 | &nbsp;&nbsp;&nbsp;&nbsp;If false, phishing protection is not enabled (Not recommended)
4350 | browser.safebrowsing.malware.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4351 | &nbsp;&nbsp;&nbsp;&nbsp;If false, malware protection is not enabled (Not recommended)
4352 | browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true
4353 | &nbsp;&nbsp;&nbsp;&nbsp;If false, updates for search engines are not checked.
4354 | browser.slowStartup.notificationDisabled | boolean | Firefox 70, Firefox ESR 68.2 | false
4355 | &nbsp;&nbsp;&nbsp;&nbsp;If true, a notification isn't shown if startup is slow.
4356 | browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true
4357 | &nbsp;&nbsp;&nbsp;&nbsp;If false, there is no warning when the browser is closed.
4358 | browser.taskbar.previews.enable | boolean | Firefox 70, Firefox ESR 68.2 (Windows only) | false
4359 | &nbsp;&nbsp;&nbsp;&nbsp;If true, tab previews are shown in the Windows taskbar.
4360 | browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true
4361 | &nbsp;&nbsp;&nbsp;&nbsp;If false, bookmarks aren't suggested when typing in the URL bar.
4362 | browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true
4363 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history isn't suggested when typing in the URL bar.
4364 | browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true
4365 | &nbsp;&nbsp;&nbsp;&nbsp;If false, open tabs aren't suggested when typing in the URL bar.
4366 | datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false
4367 | &nbsp;&nbsp;&nbsp;&nbsp;If true, don't show the privacy policy tab on first run.
4368 | dom.allow_scripts_to_close_windows | boolean | Firefox 70, Firefox ESR 68.2 | false
4369 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web page can close windows.
4370 | dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true
4371 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can focus and activate windows.
4372 | dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false
4373 | &nbsp;&nbsp;&nbsp;&nbsp;If true, web pages can't move or resize windows.
4374 | dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4375 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can't override context menus.
4376 | dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A
4377 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4378 | dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
4379 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4380 | dom.xmldocument.load.enabled | boolean | Firefox ESR 68.5 | true.
4381 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.load is not available.
4382 | dom.xmldocument.async.enabled | boolean | Firefox ESR 68.5 | true
4383 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.async is not available.
4384 | extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4385 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the extensions blocklist is not used (Not recommended)
4386 | extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
4387 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Recommendations tab is not displayed in the Add-ons Manager.
4388 | extensions.htmlaboutaddons.recommendations.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4389 | &nbsp;&nbsp;&nbsp;&nbsp;If false, recommendations are not shown on the Extensions tab in the Add-ons Manager.
4390 | geo.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4391 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the geolocation API is disabled. | Language dependent
4392 | intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
4393 | &nbsp;&nbsp;&nbsp;&nbsp;If set, preferred language for web pages.
4394 | media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true
4395 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Encrypted Media Extensions are not enabled.
4396 | media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4397 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the OpenH264 plugin is not downloaded.
4398 | media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4399 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Widevine plugin is not downloaded.
4400 | media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4401 | &nbsp;&nbsp;&nbsp;&nbsp;If false, WebRTC is disabled
4402 | media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) | string | Firefox 72, Firefox ESR 68.4 | N/A
4403 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4404 disabled
4405 | media.peerconnection.ice.obfuscate_host_addresses.blocklist | string | Firefox 79, Firefox ESR 78.1 | N/A
4406 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4407 disabled
4408 | network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
4409 | &nbsp;&nbsp;&nbsp;&nbsp;If true, IPv6 DNS lokoups are disabled.
4410 | network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false
4411 | &nbsp;&nbsp;&nbsp;&nbsp;If true, display the punycode version of internationalized domain names.
4412 | places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4413 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history is not enabled.
4414 | print.save_print_settings | boolean | Firefox 70, Firefox ESR 68.2 | true
4415 | &nbsp;&nbsp;&nbsp;&nbsp;If false, print settings are not saved between jobs.
4416 | security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time
4417 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4418 | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
4419 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4420 | security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false
4421 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4422 | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4423 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4424 | security.tls.hello_downgrade_check | boolean | Firefox 72, Firefox ESR 68.4 | true
4425 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4426 | ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true
4427 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Alt key doesn't show the menubar on Windows.
4428 | widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A
4429 | &nbsp;&nbsp;&nbsp;&nbsp;If set, overrides the GTK theme for widgets.
4430 #### Windows (GPO)
4431 ```
4432 Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
4433 Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value"
4434 ```
4435 #### Windows (Intune)
4436 OMA-URI: (periods are replaced by underscores)
4437 ```
4438 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name
4439 ```
4440 Value (string):
4441 ```
4442 <enabled/> or <disabled/>
4443 ```
4444 OMA-URI: (periods are replaced by underscores)
4445 ```
4446 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/string_preference_name
4447 ```
4448 Value (string):
4449 ```
4450 <enabled/>
4451 <data id="Preferences_String" value="string_value"/>
4452 ```
4453 #### macOS
4454 ```
4455 <dict>
4456 <key>Preferences</key>
4457 <dict>
4458 <key>boolean_preference_name</key>
4459 <true/> | <false/>
4460 <key>string_preference_name</key>
4461 <string>string_value</string>
4462 </dict>
4463 </dict>
4464 ```
4465 #### policies.json
4466 ```
4467 {
4468 "policies": {
4469 "Preferences": {
4470 "boolean_preference_name": true | false,
4471 "string_preference_name": "string_value"
4472 }
4473 }
4474 }
4475 ```
4476 ### PromptForDownloadLocation
4477 Ask where to save each file before downloading.
4478
4479 **Compatibility:** Firefox 68, Firefox ESR 68\
4480 **CCK2 Equivalent:** N/A\
4481 **Preferences Affected:** `browser.download.useDownloadDir`
4482
4483 #### Windows (GPO)
4484 ```
4485 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4486 ```
4487 #### Windows (Intune)
4488 OMA-URI:
4489 ```
4490 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4491 ```
4492 Value (string):
4493 ```
4494 <enabled/> or <disabled/>
4495 ```
4496 #### macOS
4497 ```
4498 <dict>
4499 <key>PromptForDownloadLocation</key>
4500 <true/> | <false/>
4501 </dict>
4502 ```
4503 #### policies.json
4504 ```
4505 {
4506 "policies": {
4507 "PromptForDownloadLocation": true | false
4508 }
4509 }
4510 ```
4511 ### Proxy
4512 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
4513 To specify ports, append them to the hostnames with a colon (:).
4514
4515 `Mode` is the proxy method being used.
4516
4517 `Locked` is whether or not proxy settings can be changed.
4518
4519 `HTTPProxy` is the HTTP proxy server.
4520
4521 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
4522
4523 `SSLProxy` is the SSL proxy server.
4524
4525 `FTPProxy` is the FTP proxy server.
4526
4527 `SOCKSProxy` is the SOCKS proxy server
4528
4529 `SOCKSVersion` is the SOCKS version (4 or 5)
4530
4531 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
4532
4533 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
4534
4535 `AutoLogin` means do not prompt for authentication if password is saved.
4536
4537 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
4538
4539 **Compatibility:** Firefox 60, Firefox ESR 60\
4540 **CCK2 Equivalent:** `networkProxy*`\
4541 **Preferences Affected:** `network.proxy.type`,`network.proxy.autoconfig_url`,`network.proxy.socks_remote_dns`,`signon.autologin.proxy`,`network.proxy.socks_version`,`network.proxy.no_proxies_on`,`network.proxy.share_proxy_settings`,`network.proxy.http`,`network.proxy.http_port`,`network.proxy.ftp`,`network.proxy.ftp_port`,`network.proxy.ssl`,`network.proxy.ssl_port`,`network.proxy.socks`,`network.proxy.socks_port`
4542
4543 #### Windows (GPO)
4544 ```
4545 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
4546 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
4547 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
4548 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
4549 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
4550 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
4551 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
4552 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
4553 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
4554 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
4555 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
4556 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
4557 ```
4558 #### Windows (Intune)
4559 OMA-URI:
4560 ```
4561 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
4562 ```
4563 Value (string):
4564 ```
4565 <enabled/>
4566 <data id="ProxyLocked" value="true | false"/>
4567 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
4568 <data id="HTTPProxy" value="https://httpproxy.example.com"/>
4569 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
4570 <data id="SSLProxy" value="https://sslproxy.example.com"/>
4571 <data id="FTPProxy" value="https://ftpproxy.example.com"/>
4572 <data id="SOCKSProxy" value="https://socksproxy.example.com"/>
4573 <data id="SOCKSVersion" value="4 | 5"/>
4574 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
4575 <data id="Passthrough" value="<local>"/>
4576 <data id="AutoLogin" value="true | false"/>
4577 <data id="UseProxyForDNS" value="true | false"/>
4578 ```
4579 #### macOS
4580 ```
4581 <dict>
4582 <key>Proxy</key>
4583 <dict>
4584 <key>Mode</key>
4585 <string>none | system | manual | autoDetect | autoConfig</string>
4586 <key>Locked</key>
4587 <true> | </false>
4588 <key>HTTPProxy</key>
4589 <string>https://httpproxy.example.com</string>
4590 <key>UseHTTPProxyForAllProtocols</key>
4591 <true> | </false>
4592 <key>SSLProxy</key>
4593 <string>https://sslproxy.example.com</string>
4594 <key>FTPProxy</key>
4595 <string>https://ftpproxy.example.com</string>
4596 <key>SOCKSProxy</key>
4597 <string>https://socksproxy.example.com</string>
4598 <key>SOCKSVersion</key>
4599 <string>4 | 5</string>
4600 <key>Passthrough</key>
4601 <string>&lt;local>&gt;</string>
4602 <key>AutoConfigURL</key>
4603 <string>URL_TO_AUTOCONFIG</string>
4604 <key>AutoLogin</key>
4605 <true> | </false>
4606 <key>UseProxyForDNS</key>
4607 <true> | </false>
4608 </dict>
4609 </dict>
4610 ```
4611 #### policies.json
4612 ```
4613 {
4614 "policies": {
4615 "Proxy": {
4616 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
4617 "Locked": true | false,
4618 "HTTPProxy": "hostname",
4619 "UseHTTPProxyForAllProtocols": true | false,
4620 "SSLProxy": "hostname",
4621 "FTPProxy": "hostname",
4622 "SOCKSProxy": "hostname",
4623 "SOCKSVersion": 4 | 5,
4624 "Passthrough": "<local>",
4625 "AutoConfigURL": "URL_TO_AUTOCONFIG",
4626 "AutoLogin": true | false,
4627 "UseProxyForDNS": true | false
4628 }
4629 }
4630 }
4631 ```
4632 ### RequestedLocales
4633 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
4634
4635 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
4636
4637 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
4638 **CCK2 Equivalent:** N/A\
4639 **Preferences Affected:** N/A
4640 #### Windows (GPO)
4641 ```
4642 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
4643 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
4644
4645 or
4646
4647 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
4648 ```
4649 #### Windows (Intune)
4650 OMA-URI:
4651 ```
4652 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
4653 ```
4654 Value (string):
4655 ```
4656 <enabled/>
4657 <data id="Preferences_String" value="de,en-US"/>
4658 ```
4659 #### macOS
4660 ```
4661 <dict>
4662 <key>RequestedLocales</key>
4663 <array>
4664 <string>de</string>
4665 <string>en-US</string>
4666 </array>
4667 </dict>
4668
4669 or
4670
4671 <dict>
4672 <key>RequestedLocales</key>
4673 <string>de,en-US</string>
4674 </dict>
4675
4676 ```
4677 #### policies.json
4678 ```
4679 {
4680 "policies": {
4681 "RequestedLocales": ["de", "en-US"]
4682 }
4683 }
4684
4685 or
4686
4687 {
4688 "policies": {
4689 "RequestedLocales": "de,en-US"
4690 }
4691 }
4692 ```
4693 <a name="SanitizeOnShutdown"></a>
4694
4695 ### SanitizeOnShutdown (Selective)
4696 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
4697
4698 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
4699
4700 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
4701 **CCK2 Equivalent:** N/A\
4702 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps`
4703 #### Windows (GPO)
4704 ```
4705 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
4706 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
4707 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
4708 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
4709 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
4710 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
4711 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
4712 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
4713 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
4714 ```
4715 #### Windows (Intune)
4716 OMA-URI:
4717 ```
4718 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
4719 ```
4720 Value (string):
4721 ```
4722 <enabled/> or <disabled/>
4723 ```
4724 OMA-URI:
4725 ```
4726 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
4727 ```
4728 Value (string):
4729 ```
4730 <enabled/> or <disabled/>
4731 ```
4732 OMA-URI:
4733 ```
4734 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
4735 ```
4736 Value (string):
4737 ```
4738 <enabled/> or <disabled/>
4739 ```
4740 OMA-URI:
4741 ```
4742 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
4743 ```
4744 Value (string):
4745 ```
4746 <enabled/> or <disabled/>
4747 ```
4748 OMA-URI:
4749 ```
4750 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
4751 ```
4752 Value (string):
4753 ```
4754 <enabled/> or <disabled/>
4755 ```
4756 OMA-URI:
4757 ```
4758 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
4759 ```
4760 Value (string):
4761 ```
4762 <enabled/> or <disabled/>
4763 ```
4764 OMA-URI:
4765 ```
4766 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
4767 ```
4768 Value (string):
4769 ```
4770 <enabled/> or <disabled/>
4771 ```
4772 OMA-URI:
4773 ```
4774 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
4775 ```
4776 Value (string):
4777 ```
4778 <enabled/> or <disabled/>
4779 ```
4780 OMA-URI:
4781 ```
4782 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
4783 ```
4784 Value (string):
4785 ```
4786 <enabled/> or <disabled/>
4787 ```
4788 #### macOS
4789 ```
4790 <dict>
4791 <key>SanitizeOnShutdown</key>
4792 <dict>
4793 <key>Cache</key>
4794 <true/> | <false/>
4795 <key>Cookies</key>
4796 <true/> | <false/>
4797 <key>Downloads</key>
4798 <true/> | <false/>
4799 <key>FormData</key>
4800 <true/> | <false/>
4801 <key>History</key>
4802 <true/> | <false/>
4803 <key>Sessions</key>
4804 <true/> | <false/>
4805 <key>SiteSettings</key>
4806 <true/> | <false/>
4807 <key>OfflineApps</key>
4808 <true/> | <false/>
4809 <key>Locked</key>
4810 <true/> | <false/>
4811 </dict>
4812 </dict>
4813 ```
4814 #### policies.json
4815 ```
4816 {
4817 "policies": {
4818 "SanitizeOnShutdown": {
4819 "Cache": true | false,
4820 "Cookies": true | false,
4821 "Downloads": true | false,
4822 "FormData": true | false,
4823 "History": true | false,
4824 "Sessions": true | false,
4825 "SiteSettings": true | false,
4826 "OfflineApps": true | false,
4827 "Locked": true | false
4828 }
4829 }
4830 }
4831 ```
4832 ### SanitizeOnShutdown (All)
4833 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
4834
4835 **Compatibility:** Firefox 60, Firefox ESR 60\
4836 **CCK2 Equivalent:** N/A\
4837 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps`
4838 #### Windows (GPO)
4839 ```
4840 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
4841 ```
4842 #### Windows (Intune)
4843 OMA-URI:
4844 ```
4845 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
4846 ```
4847 Value (string):
4848 ```
4849 <enabled/> or <disabled/>
4850 ```
4851 #### macOS
4852 ```
4853 <dict>
4854 <key>SanitizeOnShutdown</key>
4855 <true/> | <false/>
4856 </dict>
4857 ```
4858 #### policies.json
4859 ```
4860 {
4861 "policies": {
4862 "SanitizeOnShutdown": true | false
4863 }
4864 }
4865 ```
4866 ### SearchBar
4867 Set whether or not search bar is displayed.
4868
4869 **Compatibility:** Firefox 60, Firefox ESR 60\
4870 **CCK2 Equivalent:** `showSearchBar`\
4871 **Preferences Affected:** N/A
4872
4873 #### Windows (GPO)
4874 ```
4875 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
4876 ```
4877
4878 #### Windows (Intune)
4879 OMA-URI:
4880 ```
4881 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
4882 ```
4883 Value (string):
4884 ```
4885 <enabled/>
4886 <data id="SearchBar" value="unified | separate"/>
4887 ```
4888 #### macOS
4889 ```
4890 <dict>
4891 <key>SearchBar</key>
4892 <string>unified | separate</string>
4893 </dict>
4894 ```
4895 #### policies.json
4896 ```
4897 {
4898 "policies": {
4899 "SearchBar": "unified" | "separate"
4900 }
4901 }
4902 ```
4903 <a name="SearchEngines"></a>
4904
4905 ### SearchEngines (This policy is only available on the ESR.)
4906
4907 ### SearchEngines | Default
4908
4909 Set the default search engine. This policy is only available on the ESR.
4910
4911 **Compatibility:** Firefox ESR 60\
4912 **CCK2 Equivalent:** `defaultSearchEngine`\
4913 **Preferences Affected:** N/A
4914
4915 #### Windows (GPO)
4916 ```
4917 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
4918 ```
4919 #### Windows (Intune)
4920 OMA-URI:
4921 ```
4922 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
4923 ```
4924 Value (string):
4925 ```
4926 <enabled/>
4927 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
4928 ```
4929 #### macOS
4930 ```
4931 <dict>
4932 <key>SearchEngines</key>
4933 <dict>
4934 <key>Default</key>
4935 <string>NAME_OF_SEARCH_ENGINE</string>
4936 </dict>
4937 </dict>
4938 ```
4939 #### policies.json
4940 ```
4941 {
4942 "policies": {
4943 "SearchEngines": {
4944 "Default": "NAME_OF_SEARCH_ENGINE"
4945 }
4946 }
4947 }
4948 ```
4949 ### SearchEngines | PreventInstalls
4950
4951 Prevent installing search engines from webpages.
4952
4953 **Compatibility:** Firefox ESR 60\
4954 **CCK2 Equivalent:** `disableSearchEngineInstall`\
4955 **Preferences Affected:** N/A
4956
4957 #### Windows (GPO)
4958 ```
4959 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
4960 ```
4961 #### Windows (Intune)
4962 OMA-URI:
4963 ```
4964 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
4965 ```
4966 Value (string):
4967 ```
4968 <enabled/> or <disabled/>
4969 ```
4970 #### macOS
4971 ```
4972 <dict>
4973 <key>SearchEngines</key>
4974 <dict>
4975 <key>PreventInstalls</key>
4976 <true/> | <false/>
4977 </dict>
4978 </dict>
4979 ```
4980 #### policies.json
4981 ```
4982 {
4983 "policies": {
4984 "SearchEngines": {
4985 "PreventInstalls": true | false
4986 }
4987 }
4988 }
4989 ```
4990 ### SearchEngines | Remove
4991
4992 Hide built-in search engines. This policy is only available on the ESR.
4993
4994 **Compatibility:** Firefox ESR 60.2\
4995 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
4996 **Preferences Affected:** N/A
4997
4998 #### Windows (GPO)
4999 ```
5000 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5001 ```
5002 #### Windows (Intune)
5003 OMA-URI:
5004 ```
5005 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5006 ```
5007 Value (string):
5008 ```
5009 <enabled/>
5010 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5011 ```
5012 #### macOS
5013 ```
5014 <dict>
5015 <key>SearchEngines</key>
5016 <dict>
5017 <key>Remove</key>
5018 <array>
5019 <string>NAME_OF_SEARCH_ENGINE</string>
5020 </array>
5021 </dict>
5022 </dict>
5023 ```
5024 #### policies.json
5025 ```
5026 {
5027 "policies": {
5028 "SearchEngines": {
5029 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5030 }
5031 }
5032 }
5033 ```
5034 ### SearchEngines | Add
5035
5036 Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5037
5038 `Name` is the name of the search engine.
5039
5040 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5041
5042 `Method` is either GET or POST
5043
5044 `IconURL` is a URL for the icon to use.
5045
5046 `Alias` is a keyword to use for the engine.
5047
5048 `Description` is a description of the search engine.
5049
5050 `PostData` is the POST data as name value pairs separated by &.
5051
5052 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5053
5054 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68)\
5055 **CCK2 Equivalent:** `searchplugins`\
5056 **Preferences Affected:** N/A
5057
5058 #### Windows (GPO)
5059 ```
5060 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5061 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5062 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5063 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5064 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5065 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5066 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5067 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5068 ```
5069 #### Windows (Intune)
5070 OMA-URI:
5071 ```
5072 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5073 ```
5074 Value (string):
5075 ```
5076 <enabled/>
5077 <data id="SearchEngine_Name" value="Example1"/>
5078 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5079 <data id="SearchEngine_Method" value="GET | POST"/>
5080 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5081 <data id="SearchEngine_Alias" value="example"/>
5082 <data id="SearchEngine_Description" value="Example Description"/>
5083 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5084 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5085 ```
5086 #### macOS
5087 ```
5088 <dict>
5089 <key>SearchEngines</key>
5090 <dict>
5091 <key>Add</key>
5092 <array>
5093 <dict>
5094 <key>Name</key>
5095 <string>Example1</string>
5096 <key>URLTemplate</key>
5097 <string>https://www.example.org/q={searchTerms}</string>
5098 <key>Method</key>
5099 <string>GET | POST </string>
5100 <key>IconURL</key>
5101 <string>https://www.example.org/favicon.ico</string>
5102 <key>Alias</key>
5103 <string>example</string>
5104 <key>Description</key>
5105 <string>Example Description</string>
5106 <key>SuggestURLTemplate</key>
5107 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5108 <key>PostData</key>
5109 <string>name=value&q={searchTerms}</string>
5110 </dict>
5111 <array>
5112 </dict>
5113 </dict>
5114 ```
5115 #### policies.json
5116 ```
5117 {
5118 "policies": {
5119 "SearchEngines": {
5120 "Add": [
5121 {
5122 "Name": "Example1",
5123 "URLTemplate": "https://www.example.org/q={searchTerms}",
5124 "Method": "GET" | "POST",
5125 "IconURL": "https://www.example.org/favicon.ico",
5126 "Alias": "example",
5127 "Description": "Description",
5128 "PostData": "name=value&q={searchTerms}",
5129 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5130 }
5131 ]
5132 }
5133 }
5134 }
5135 ```
5136 ### SearchSuggestEnabled
5137
5138 Enable search suggestions.
5139
5140 **Compatibility:** Firefox 68, Firefox ESR 68\
5141 **CCK2 Equivalent:** N/A\
5142 **Preferences Affected:** `browser.urlbar.suggest.searches`,`browser.search.suggest.enabled`
5143
5144 #### Windows (GPO)
5145 ```
5146 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5147 ```
5148 #### Windows (Intune)
5149 OMA-URI:
5150 ```
5151 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5152 ```
5153 Value (string):
5154 ```
5155 <enabled/> or <disabled/>
5156 ```
5157 #### macOS
5158 ```
5159 <dict>
5160 <key>SearchSuggestEnabled</key>
5161 <true/> | <false/>
5162 </dict>
5163 ```
5164 #### policies.json
5165 ```
5166 {
5167 "policies": {
5168 "SearchSuggestEnabled": true | false
5169 }
5170 }
5171 ```
5172 ### SecurityDevices
5173
5174 Install PKCS #11 modules.
5175
5176 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5177 **CCK2 Equivalent:** `certs.devices`\
5178 **Preferences Affected:** N/A
5179
5180 #### Windows (GPO)
5181 ```
5182 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5183 ```
5184 #### Windows (Intune)
5185 OMA-URI:
5186 ```
5187 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5188 ```
5189 Value (string):
5190 ```
5191 <enabled/>
5192 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5193 ```
5194 #### macOS
5195 ```
5196 <dict>
5197 <key>SecurityDevices</key>
5198 <dict>
5199 <key>NAME_OF_DEVICE</key>
5200 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5201 </dict>
5202 </dict>
5203 ```
5204
5205 #### policies.json
5206 ```
5207 {
5208 "policies": {
5209 "SecurityDevices": {
5210 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5211 }
5212 }
5213 }
5214 ```
5215 ### ShowHomeButton
5216 Show the home button on the toolbar.
5217
5218 Future versions of Firefox will not show the home button by default.
5219
5220 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5221 **CCK2 Equivalent:** N/A\
5222 **Preferences Affected:** N/A
5223
5224 #### Windows (GPO)
5225 ```
5226 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5227 ```
5228 #### Windows (Intune)
5229 OMA-URI:
5230 ```
5231 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ShowHomeButton
5232 ```
5233 Value (string):
5234 ```
5235 <enabled/> or <disabled/>
5236 ```
5237 #### macOS
5238 ```
5239 <dict>
5240 <key>ShowHomeButton</key>
5241 <true/> | <false/>
5242 </dict>
5243 ```
5244 #### policies.json
5245 ```
5246 {
5247 "policies": {
5248 "ShowHomeButton": true | false
5249 }
5250 }
5251 ```
5252 ### SSLVersionMax
5253
5254 Set and lock the maximum version of TLS.
5255
5256 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5257 **CCK2 Equivalent:** N/A\
5258 **Preferences Affected:** `security.tls.version.max`
5259
5260 #### Windows (GPO)
5261 ```
5262 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5263 ```
5264 #### Windows (Intune)
5265 OMA-URI:
5266 ```
5267 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5268 ```
5269 Value (string):
5270 ```
5271 <enabled/>
5272 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5273 ```
5274 #### macOS
5275 ```
5276 <dict>
5277 <key>SSLVersionMax</key>
5278 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5279 </dict>
5280 ```
5281
5282 #### policies.json
5283 ```
5284 {
5285 "policies": {
5286 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5287 }
5288 }
5289 ```
5290 ### SSLVersionMin
5291
5292 Set and lock the minimum version of TLS.
5293
5294 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5295 **CCK2 Equivalent:** N/A\
5296 **Preferences Affected:** `security.tls.version.min`
5297
5298 #### Windows (GPO)
5299 ```
5300 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5301 ```
5302 #### Windows (Intune)
5303 OMA-URI:
5304 ```
5305 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5306 ```
5307 Value (string):
5308 ```
5309 <enabled/>
5310 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5311 ```
5312 #### macOS
5313 ```
5314 <dict>
5315 <key>SSLVersionMin</key>
5316 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5317 </dict>
5318 ```
5319
5320 #### policies.json
5321 ```
5322 {
5323 "policies": {
5324 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5325 }
5326 }
5327 ```
5328 ### SupportMenu
5329 Add a menuitem to the help menu for specifying support information.
5330
5331 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5332 **CCK2 Equivalent:** helpMenu\
5333 **Preferences Affected:** N/A
5334
5335 #### Windows (GPO)
5336 ```
5337 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5338 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5339 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5340 ```
5341 #### Windows (Intune)
5342 OMA-URI:
5343 ```
5344 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5345 ```
5346 Value (string):
5347 ```
5348 <enabled/>
5349 <data id="SupportMenuTitle" value="Support Menu"/>
5350 <data id="SupportMenuURL" value="http://example.com/support"/>
5351 <data id="SupportMenuAccessKey" value="S">
5352 ```
5353 #### macOS
5354 ```
5355 <dict>
5356 <key>SupportMenu</key>
5357 <dict>
5358 <key>Title</key>
5359 <string>SupportMenu</string>
5360 <key>URL</key>
5361 <string>http://example.com/support</string>
5362 <key>AccessKey</key>
5363 <string>S</string>
5364 </dict>
5365 </dict>
5366 ```
5367 #### policies.json
5368 ```
5369 {
5370 "policies": {
5371 "SupportMenu": {
5372 "Title": "Support Menu",
5373 "URL": "http://example.com/support",
5374 "AccessKey": "S"
5375 }
5376 }
5377 }
5378 ```
5379 ### UserMessaging
5380
5381 Prevent Firefox from messaging the user in certain situations.
5382
5383 `WhatsNew` Remove the "What's New" icon and menuitem.
5384
5385 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
5386
5387 `FeatureRecommendations` IF false, don't recommend browser features.
5388
5389 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
5390
5391 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
5392
5393 **Compatibility:** Firefox 75, Firefox ESR 68.7\
5394 **CCK2 Equivalent:** N/A\
5395 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`,`browser.aboutwelcome.enabled`
5396
5397 #### Windows (GPO)
5398 ```
5399 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
5400 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
5401 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
5402 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
5403 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
5404 ```
5405 #### Windows (Intune)
5406 OMA-URI:
5407 ```
5408 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
5409 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
5410 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
5411 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
5412 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
5413 ```
5414 Value (string):
5415 ```
5416 <enabled/> or <disabled/>
5417 ```
5418 #### macOS
5419 ```
5420 <dict>
5421 <key>UserMessaging</key>
5422 <dict>
5423 <key>WhatsNew</key>
5424 <true/> | <false/>
5425 <key>ExtensionRecommendations</key>
5426 <true/> | <false/>
5427 <key>FeatureRecommendations</key>
5428 <true/> | <false/>
5429 <key>UrlbarInterventions</key>
5430 <true/> | <false/>
5431 <key>SkipOnboarding</key>
5432 <true/> | <false/>
5433 </dict>
5434 </dict>
5435 ```
5436 #### policies.json
5437 ```
5438 {
5439 "policies": {
5440 "UserMessaging": {
5441 "WhatsNew": true | false,
5442 "ExtensionRecommendations": true | false,
5443 "FeatureRecommendations": true | false,
5444 "UrlbarInterventions": true | false
5445 "SkipOnboarding": true | false
5446 }
5447 }
5448 }
5449 ```
5450 ### WebsiteFilter
5451 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
5452 The arrays are limited to 1000 entries each.
5453
5454 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
5455
5456 For specific protocols, use `https://*/*` or `http://*/*`.
5457
5458 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
5459
5460 **Compatibility:** Firefox 60, Firefox ESR 60\
5461 **CCK2 Equivalent:** N/A\
5462 **Preferences Affected:** N/A
5463
5464 #### Windows (GPO)
5465 ```
5466 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
5467 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
5468 ```
5469 #### Windows (Intune)
5470 OMA-URI:
5471 ```
5472 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
5473 ```
5474 Value (string):
5475 ```
5476 <enabled/>
5477 <data id="WebsiteFilter" value="1&#xF000;<all_urls>"/>
5478 ```
5479 OMA-URI:
5480 ```
5481 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
5482 ```
5483 Value (string):
5484 ```
5485 <enabled/>
5486 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
5487 ```
5488 #### macOS
5489 ```
5490 <dict>
5491 <key>WebsiteFilter</key>
5492 <dict>
5493 <key>Block</key>
5494 <array>
5495 <string><all_urls></string>
5496 </array>
5497 <key>Exceptions</key>
5498 <array>
5499 <string>http://example.org/*</string>
5500 </array>
5501 </dict>
5502
5503 </dict>
5504 ```
5505 #### policies.json
5506 ```
5507 {
5508 "policies": {
5509 "WebsiteFilter": {
5510 "Block": ["<all_urls>"],
5511 "Exceptions": ["http://example.org/*"]
5512 }
5513 }
5514 }
5515 ```

patrick-canterino.de