]> git.p6c8.net - policy-templates.git/blob - README.md
c4aa88ff3ce76869d042e72e73ad1d545533c8c1
[policy-templates.git] / README.md
1 **These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
2
3 **You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
4
5 Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
6
7 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
8
9 ```
10 {
11 "policies": {
12 "Authentication": {
13 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
14 }
15 "Authentication_Comment": "These domains are required for us"
16 }
17 }
18 ```
19
20 | Policy Name | Description
21 | --- | --- |
22 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
23 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
24 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
25 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
26 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
27 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
28 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
29 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
30 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
31 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
32 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
33 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
34 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
35 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
36 | **[`Certificates`](#certificates)** |
37 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
38 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
39 | **[`Cookies`](#cookies)** | Configure cookie preferences.
40 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
41 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
42 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
43 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
44 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
45 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
46 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
47 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
48 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
49 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
50 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
51 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
52 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
53 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
54 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
55 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
56 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
57 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
58 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
59 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
60 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
61 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
62 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
63 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
64 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
65 | **[`DisplayBookmarksToolbar (Deprecated)`](#displaybookmarkstoolbar-deprecated)** | Set the initial state of the bookmarks toolbar.
66 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
67 | **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
68 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
69 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
70 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
71 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
72 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
73 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
74 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
75 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
76 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
77 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
78 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
79 | **[`FlashPlugin (Deprecated)`](#flashplugin-deprecated)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
80 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
81 | **[`Handlers`](#handlers)** | Configure default application handlers.
82 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
83 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
84 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
85 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
86 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
87 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
88 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
89 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
90 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
91 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
92 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
93 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
94 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
95 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
96 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
97 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
98 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
99 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
100 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
101 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
102 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
103 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
104 | **[`Preferences`](#preferences)** | Set and lock preferences.
105 | **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
106 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
107 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
108 | **[`Proxy`](#proxy)** | Configure proxy settings.
109 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
110 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
111 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
112 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
113 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
114 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
115 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
116 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
117 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
118 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
119 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
120 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
121 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
122 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
123 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
124 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
125 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
126 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
127 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
128 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
129
130 ### 3rdparty
131
132 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
133
134 For GPO and Intune, the extension developer should provide an ADMX file.
135
136 **Compatibility:** Firefox 68\
137 **CCK2 Equivalent:** N/A\
138 **Preferences Affected:** N/A
139
140 #### macOS
141 ```
142 <dict>
143 <key>3rdparty</key>
144 <dict>
145 <key>Extensions</key>
146 <dict>
147 <key>uBlock0@raymondhill.net</key>
148 <dict>
149 <key>adminSettings</key>
150 <dict>
151 <key>selectedFilterLists</key>
152 <array>
153 <string>ublock-privacy</string>
154 <string>ublock-badware</string>
155 <string>ublock-filters</string>
156 <string>user-filters</string>
157 </array>
158 </dict>
159 </dict>
160 </dict>
161 </dict>
162 </dict>
163 ```
164 #### policies.json
165 ```
166 {
167 "policies": {
168 "3rdparty": {
169 "Extensions": {
170 "uBlock0@raymondhill.net": {
171 "adminSettings": {
172 "selectedFilterLists": [
173 "ublock-privacy",
174 "ublock-badware",
175 "ublock-filters",
176 "user-filters"
177 ]
178 }
179 }
180 }
181 }
182 }
183 }
184 ```
185
186 ### AllowedDomainsForApps
187
188 Define domains allowed to access Google Workspace.
189
190 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
191
192 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
193
194 **Compatibility:** Firefox 89, Firefox ESR 78.11\
195 **CCK2 Equivalent:** N/A\
196 **Preferences Affected:** N/A
197
198 #### Windows (GPO)
199 ```
200 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
201 ```
202 #### Windows (Intune)
203 OMA-URI:
204 ```
205 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
206 ```
207 Value (string):
208 ```
209 <enabled/>
210 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
211 ```
212 #### macOS
213 ```
214 <dict>
215 <key>AllowedDomainsForApps</key>
216 <string>managedfirefox.com,example.com</string>
217 </dict>
218 ```
219 #### policies.json
220 ```
221 {
222 "policies": {
223 "AllowedDomainsForApps": "managedfirefox.com,example.com"
224 }
225 }
226 ```
227 ### AppAutoUpdate
228
229 Enable or disable **automatic** application update.
230
231 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
232
233 If set to false, application updates are downloaded but the user can choose when to install the update.
234
235 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
236
237 **Compatibility:** Firefox 75, Firefox ESR 68.7\
238 **CCK2 Equivalent:** N/A\
239 **Preferences Affected:** `app.update.auto`
240
241 #### Windows (GPO)
242 ```
243 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
244 ```
245 #### Windows (Intune)
246 OMA-URI:
247 ```
248 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
249 ```
250 Value (string):
251 ```
252 <enabled/> or <disabled/>
253 ```
254 #### macOS
255 ```
256 <dict>
257 <key>AppAutoUpdate</key>
258 <true/> | <false/>
259 </dict>
260 ```
261 #### policies.json
262 ```
263 {
264 "policies": {
265 "AppAutoUpdate": true | false
266 }
267 }
268 ```
269 ### AppUpdatePin
270
271 Prevent Firefox from being updated beyond the specified version.
272
273 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
274
275 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
276
277 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
278
279 **Compatibility:** Firefox 102,\
280 **CCK2 Equivalent:** N/A\
281 **Preferences Affected:** N/A
282
283 #### Windows (GPO)
284 ```
285 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
286 ```
287 #### Windows (Intune)
288 OMA-URI:
289 ```
290 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
291 ```
292 Value (string):
293 ```
294 <enabled/>
295 <data id="AppUpdatePin" value="106."/>
296 ```
297 #### macOS
298 ```
299 <dict>
300 <key>AppUpdatePin</key>
301 <string>106.</string>
302 </dict>
303 ```
304 #### policies.json
305 ```
306 {
307 "policies": {
308 "AppUpdatePin": "106."
309 }
310 }
311 ```
312 ### AppUpdateURL
313
314 Change the URL for application update if you are providing Firefox updates from a custom update server.
315
316 **Compatibility:** Firefox 62, Firefox ESR 60.2\
317 **CCK2 Equivalent:** N/A\
318 **Preferences Affected:** `app.update.url`
319
320 #### Windows (GPO)
321 ```
322 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
323 ```
324 #### Windows (Intune)
325 OMA-URI:
326 ```
327 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
328 ```
329 Value (string):
330 ```
331 <enabled/>
332 <data id="AppUpdateURL" value="https://yoursite.com"/>
333 ```
334 #### macOS
335 ```
336 <dict>
337 <key>AppUpdateURL</key>
338 <string>https://yoursite.com</string>
339 </dict>
340 ```
341 #### policies.json
342 ```
343 {
344 "policies": {
345 "AppUpdateURL": "https://yoursite.com"
346 }
347 }
348 ```
349 ### Authentication
350
351 Configure sites that support integrated authentication.
352
353 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
354
355 `PrivateBrowsing` enables integrated authentication in private browsing.
356
357 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
358 **CCK2 Equivalent:** N/A\
359 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
360
361 #### Windows (GPO)
362 ```
363 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
364 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
365 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
366 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
367 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
368 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
369 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
370 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
371 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
372 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
373 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
374 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
375 ```
376 #### Windows (Intune)
377 OMA-URI:
378 ```
379 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
380 ```
381 Value (string):
382 ```
383 <enabled/>
384 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
385 ```
386 OMA-URI:
387 ```
388 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
389 ```
390 Value (string):
391 ```
392 <enabled/>
393 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
394 ```
395 OMA-URI:
396 ```
397 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
398 ```
399 Value (string):
400 ```
401 <enabled/>
402 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
403 ```
404 OMA-URI:
405 ```
406 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
407 ```
408 Value (string):
409 ```
410 <enabled/>
411 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
412 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
413 ```
414 OMA-URI:
415 ```
416 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
417 ```
418 Value (string):
419 ```
420 <enabled/> or <disabled/>
421 ```
422 OMA-URI:
423 ```
424 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
425 ```
426 Value (string):
427 ```
428 <enabled/> or <disabled/>
429 ```
430 #### macOS
431 ```
432 <dict>
433 <key>Authentication</key>
434 <dict>
435 <key>SPNEGO</key>
436 <array>
437 <string>mydomain.com</string>
438 <string>https://myotherdomain.com</string>
439 </array>
440 <key>Delegated</key>
441 <array>
442 <string>mydomain.com</string>
443 <string>https://myotherdomain.com</string>
444 </array>
445 <key>NTLM</key>
446 <array>
447 <string>mydomain.com</string>
448 <string>https://myotherdomain.com</string>
449 </array>
450 <key>AllowNonFQDN</key>
451 <dict>
452 <key>SPNEGO</key>
453 <true/> | <false/>
454 <key>NTLM</key>
455 <true/> | <false/>
456 </dict>
457 <key>AllowProxies</key>
458 <dict>
459 <key>SPNEGO</key>
460 <true/> | <false/>
461 <key>NTLM</key>
462 <true/> | <false/>
463 </dict>
464 <key>Locked</key>
465 <true/> | <false/>
466 <key>PrivateBrowsing</key>
467 <true/> | <false/>
468 </dict>
469 </dict>
470 ```
471 #### policies.json
472 ```
473 {
474 "policies": {
475 "Authentication": {
476 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
477 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
478 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
479 "AllowNonFQDN": {
480 "SPNEGO": true | false,
481 "NTLM": true | false
482 },
483 "AllowProxies": {
484 "SPNEGO": true | false,
485 "NTLM": true | false
486 },
487 "Locked": true | false,
488 "PrivateBrowsing": true | false
489 }
490 }
491 }
492 ```
493 ### AutoLaunchProtocolsFromOrigins
494 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
495
496 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
497
498 The schema is:
499 ```
500 {
501 "items": {
502 "properties": {
503 "allowed_origins": {
504 "items": {
505 "type": "string"
506 },
507 "type": "array"
508 },
509 "protocol": {
510 "type": "string"
511 }
512 },
513 "required": [
514 "protocol",
515 "allowed_origins"
516 ],
517 "type": "object"
518 },
519 "type": "array"
520 }
521 ```
522 **Compatibility:** Firefox 90, Firefox ESR 78.12\
523 **CCK2 Equivalent:** N/A\
524 **Preferences Affected:** N/A
525
526 #### Windows (GPO)
527 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
528 ```
529 [
530 {
531 "protocol": "zoommtg",
532 "allowed_origins": [
533 "https://somesite.zoom.us"
534 ]
535 }
536 ]
537 ```
538 #### Windows (Intune)
539 OMA-URI:
540 ```
541 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
542 ```
543 Value (string):
544 ```
545 <enabled/>
546 <data id="JSON" value='
547 [
548 {
549 "protocol": "zoommtg",
550 "allowed_origins": [
551 "https://somesite.zoom.us"
552 ]
553 }
554 ]'/>
555 ```
556 #### macOS
557 ```
558 <dict>
559 <key>AutoLaunchProtocolsFromOrigins</key>
560 <array>
561 <dict>
562 <key>protocol</key>
563 <string>zoommtg</string>
564 <key>allowed_origins</key>
565 <array>
566 <string>https://somesite.zoom.us</string>
567 </array>
568 </dict>
569 </array>
570 </dict>
571 ```
572 #### policies.json
573 ```
574 {
575 "policies": {
576 "AutoLaunchProtocolsFromOrigins": [{
577 "protocol": "zoommtg",
578 "allowed_origins": [
579 "https://somesite.zoom.us"
580 ]
581 }]
582 }
583 }
584 ```
585 ### BackgroundAppUpdate
586
587 Enable or disable **automatic** application update **in the background**, when the application is not running.
588
589 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
590
591 If set to false, the application will not try to install updates when the application is not running.
592
593 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
594
595 **Compatibility:** Firefox 90 (Windows only)\
596 **CCK2 Equivalent:** N/A\
597 **Preferences Affected:** `app.update.background.enabled`
598
599 #### Windows (GPO)
600 ```
601 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
602 ```
603 #### Windows (Intune)
604 OMA-URI:
605 ```
606 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
607 ```
608 Value (string):
609 ```
610 <enabled/> or <disabled/>
611 ```
612 #### macOS
613 ```
614 <dict>
615 <key>BackgroundAppUpdate</key>
616 <true/> | <false/>
617 </dict>
618 ```
619 #### policies.json
620 ```
621 {
622 "policies": {
623 "BackgroundAppUpdate": true | false
624 }
625 }
626 ```
627 ### BlockAboutAddons
628
629 Block access to the Add-ons Manager (about:addons).
630
631 **Compatibility:** Firefox 60, Firefox ESR 60\
632 **CCK2 Equivalent:** `disableAddonsManager`\
633 **Preferences Affected:** N/A
634
635 #### Windows (GPO)
636 ```
637 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
638 ```
639 #### Windows (Intune)
640 OMA-URI:
641 ```
642 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
643 ```
644 Value (string):
645 ```
646 <enabled/> or <disabled/>
647 ```
648 #### macOS
649 ```
650 <dict>
651 <key>BlockAboutAddons</key>
652 <true/> | <false/>
653 </dict>
654 ```
655 #### policies.json
656 ```
657 {
658 "policies": {
659 "BlockAboutAddons": true | false
660 }
661 }
662 ```
663 ### BlockAboutConfig
664
665 Block access to about:config.
666
667 **Compatibility:** Firefox 60, Firefox ESR 60\
668 **CCK2 Equivalent:** `disableAboutConfig`\
669 **Preferences Affected:** N/A
670
671 #### Windows (GPO)
672 ```
673 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
674 ```
675 #### Windows (Intune)
676 OMA-URI:
677 ```
678 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
679 ```
680 Value (string):
681 ```
682 <enabled/> or <disabled/>
683 ```
684 #### macOS
685 ```
686 <dict>
687 <key>BlockAboutConfig</key>
688 <true/> | <false/>
689 </dict>
690 ```
691 #### policies.json
692 ```
693 {
694 "policies": {
695 "BlockAboutConfig": true | false
696 }
697 }
698 ```
699 ### BlockAboutProfiles
700
701 Block access to About Profiles (about:profiles).
702
703 **Compatibility:** Firefox 60, Firefox ESR 60\
704 **CCK2 Equivalent:** `disableAboutProfiles`\
705 **Preferences Affected:** N/A
706
707 #### Windows (GPO)
708 ```
709 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
710 ```
711 #### Windows (Intune)
712 OMA-URI:
713 ```
714 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
715 ```
716 Value (string):
717 ```
718 <enabled/> or <disabled/>
719 ```
720 #### macOS
721 ```
722 <dict>
723 <key>BlockAboutProfiles</key>
724 <true/> | <false/>
725 </dict>
726 ```
727 #### policies.json
728 ```
729 {
730 "policies": {
731 "BlockAboutProfiles": true | false
732 }
733 }
734 ```
735 ### BlockAboutSupport
736
737 Block access to Troubleshooting Information (about:support).
738
739 **Compatibility:** Firefox 60, Firefox ESR 60\
740 **CCK2 Equivalent:** `disableAboutSupport`\
741 **Preferences Affected:** N/A
742
743 #### Windows (GPO)
744 ```
745 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
746 ```
747 #### Windows (Intune)
748 OMA-URI:
749 ```
750 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
751 ```
752 Value (string):
753 ```
754 <enabled/> or <disabled/>
755 ```
756 #### macOS
757 ```
758 <dict>
759 <key>BlockAboutSupport</key>
760 <true/> | <false/>
761 </dict>
762 ```
763 #### policies.json
764 ```
765 {
766 "policies": {
767 "BlockAboutSupport": true | false
768 }
769 }
770 ```
771 ### Bookmarks
772
773 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
774
775 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
776
777 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
778
779 **Compatibility:** Firefox 60, Firefox ESR 60\
780 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
781 **Preferences Affected:** N/A
782
783 #### Windows (GPO)
784 ```
785 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
786 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
787 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
788 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
789 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
790
791 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
792 ```
793 []
794 ```
795
796 ```
797 #### Windows (Intune)
798 OMA-URI:
799 ```
800 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
801 ```
802 Value (string):
803 ```
804 <enabled/>
805 <data id="BookmarkTitle" value="Example"/>
806 <data id="BookmarkURL" value="https://example.com"/>
807 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
808 <data id="BookmarkPlacement" value="toolbar | menu"/>
809 <data id="BookmarkFolder" value="FolderName"/>
810 ```
811 OMA-URI:
812 ```
813 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
814 ```
815 Value (string):
816 ```
817 <enabled/>
818 <data id="JSON" value='[]'/>
819 ```
820 #### macOS
821 ```
822 <dict>
823 <key>Bookmarks</key>
824 <array>
825 <dict>
826 <key>Title</key>
827 <string>Example</string>
828 <key>URL</key>
829 <string>https://example.com</string>
830 <key>Favicon</key>
831 <string>https://example.com/favicon.ico</string>
832 <key>Placement</key>
833 <string>toolbar | menu</string>
834 <key>Folder</key>
835 <string>FolderName</string>
836 </dict>
837 </array>
838 </dict>
839 ```
840 #### policies.json
841 ```
842 {
843 "policies": {
844 "Bookmarks": [
845 {
846 "Title": "Example",
847 "URL": "https://example.com",
848 "Favicon": "https://example.com/favicon.ico",
849 "Placement": "toolbar" | "menu",
850 "Folder": "FolderName"
851 }
852 ]
853 }
854 }
855 ```
856 ### CaptivePortal
857 Enable or disable the detection of captive portals.
858
859 **Compatibility:** Firefox 67, Firefox ESR 60.7\
860 **CCK2 Equivalent:** N/A\
861 **Preferences Affected:** `network.captive-portal-service.enabled`
862
863 #### Windows (GPO)
864 ```
865 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
866 ```
867 #### Windows (Intune)
868 OMA-URI:
869 ```
870 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
871 ```
872 Value (string):
873 ```
874 <enabled/> or <disabled/>
875 ```
876 #### macOS
877 ```
878 <dict>
879 <key>CaptivePortal</key>
880 <true/> | <false/>
881 </dict>
882 ```
883 #### policies.json
884 ```
885 {
886 "policies": {
887 "CaptivePortal": true | false
888 }
889 }
890 ```
891 ### Certificates
892
893 ### Certificates | ImportEnterpriseRoots
894
895 Trust certificates that have been added to the operating system certificate store by a user or administrator.
896
897 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
898
899 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
900
901 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
902 **CCK2 Equivalent:** N/A\
903 **Preferences Affected:** `security.enterprise_roots.enabled`
904
905 #### Windows (GPO)
906 ```
907 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
908 ```
909 #### Windows (Intune)
910 OMA-URI:
911 ```
912 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
913 ```
914 Value (string):
915 ```
916 <enabled/> or <disabled/>
917 ```
918 #### macOS
919 ```
920 <dict>
921 <key>Certificates</key>
922 <dict>
923 <key>ImportEnterpriseRoots</key>
924 <true/> | <false/>
925 </dict>
926 </dict>
927 ```
928 #### policies.json
929 ```
930 {
931 "policies": {
932 "Certificates": {
933 "ImportEnterpriseRoots": true | false
934 }
935 }
936 }
937 ```
938 ### Certificates | Install
939
940 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
941
942 - Windows
943 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
944 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
945 - macOS
946 - /Library/Application Support/Mozilla/Certificates
947 - ~/Library/Application Support/Mozilla/Certificates
948 - Linux
949 - /usr/lib/mozilla/certificates
950 - /usr/lib64/mozilla/certificates
951 - ~/.mozilla/certificates
952
953 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
954
955 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
956
957 Certificates are installed using the trust string `CT,CT,`.
958
959 Binary (DER) and ASCII (PEM) certificates are both supported.
960
961 **Compatibility:** Firefox 64, Firefox ESR 64\
962 **CCK2 Equivalent:** `certs.ca`\
963 **Preferences Affected:** N/A
964
965 #### Windows (GPO)
966 ```
967 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
968 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
969 ```
970 #### Windows (Intune)
971 OMA-URI:
972 ```
973 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
974 ```
975 Value (string):
976 ```
977 <enabled/>
978 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
979 ```
980 #### macOS
981 ```
982 <dict>
983 <key>Certificates</key>
984 <dict>
985 <key>Install</key>
986 <array>
987 <string>cert1.der</string>
988 <string>/Users/username/cert2.pem</string>
989 </array>
990 </dict>
991 </dict>
992 ```
993 #### policies.json
994 ```
995 {
996 "policies": {
997 "Certificates": {
998 "Install": ["cert1.der", "/home/username/cert2.pem"]
999 }
1000 }
1001 }
1002 ```
1003 ### Cookies
1004 Configure cookie preferences.
1005
1006 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1007
1008 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1009
1010 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1011
1012 `Behavior` sets the default behavior for cookies based on the values below.
1013
1014 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1015
1016 | Value | Description
1017 | --- | ---
1018 | accept | Accept all cookies
1019 | reject-foreign | Reject third party cookies
1020 | reject | Reject all cookies
1021 | limit-foreign | Reject third party cookies for sites you haven't visited
1022 | reject-tracker | Reject cookies for known trackers (default)
1023 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1024
1025 `Default` (Deprecated) determines whether cookies are accepted at all.
1026
1027 `AcceptThirdParty` (Deprecated) determines how third-party cookies are handled.
1028
1029 `ExpireAtSessionEnd` determines when cookies expire.
1030
1031 `RejectTracker` (Deprecated) only rejects cookies for trackers.
1032
1033 `Locked` prevents the user from changing cookie preferences.
1034
1035 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1036 **CCK2 Equivalent:** N/A\
1037 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1038
1039 #### Windows (GPO)
1040 ```
1041 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1042 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1043 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1044 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1045 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1046 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1047 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1048 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1049 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1050 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1051 ```
1052 #### Windows (Intune)
1053 OMA-URI:
1054 ```
1055 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1056 ```
1057 Value (string):
1058 ```
1059 <enabled/>
1060 <data id="Permissions" value="1&#xF000;https://example.com"/>
1061 ```
1062 OMA-URI:
1063 ```
1064 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1065 ```
1066 Value (string):
1067 ```
1068 <enabled/>
1069 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1070 ```
1071 OMA-URI:
1072 ```
1073 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1074 ```
1075 Value (string):
1076 ```
1077 <enabled/>
1078 <data id="Permissions" value="1&#xF000;https://example.org"/>
1079 ```
1080 OMA-URI:
1081 ```
1082 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1083 ```
1084 Value (string):
1085 ```
1086 <enabled/> or <disabled/>
1087 ```
1088 OMA-URI:
1089 ```
1090 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1091 ```
1092 Value (string):
1093 ```
1094 <enabled/>
1095 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1096 ```
1097 OMA-URI:
1098 ```
1099 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1100 ```
1101 Value (string):
1102 ```
1103 <enabled/> or <disabled/>
1104 ```
1105 OMA-URI:
1106 ```
1107 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1108 ```
1109 Value (string):
1110 ```
1111 <enabled/> or <disabled/>
1112 ```
1113 OMA-URI:
1114 ```
1115 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1116 ```
1117 Value (string):
1118 ```
1119 <enabled/> or <disabled/>
1120 ```
1121 OMA-URI:
1122 ```
1123 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1124 ```
1125 Value (string):
1126 ```
1127 <enabled/>
1128 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1129 ```
1130 OMA-URI:
1131 ```
1132 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1133 ```
1134 Value (string):
1135 ```
1136 <enabled/>
1137 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1138 ```
1139 #### macOS
1140 ```
1141 <dict>
1142 <key>Cookies</key>
1143 <dict>
1144 <key>Allow</key>
1145 <array>
1146 <string>http://example.com</string>
1147 </array>
1148 <key>AllowSession</key>
1149 <array>
1150 <string>http://example.edu</string>
1151 </array>
1152 <key>Block</key>
1153 <array>
1154 <string>http://example.org</string>
1155 </array>
1156 <key>Default</key>
1157 <true/> | <false/>
1158 <key>AcceptThirdParty</key>
1159 <string>always | never | from-visited</string>
1160 <key>ExpireAtSessionEnd</key>
1161 <true/> | <false/>
1162 <key>RejectTracker</key>
1163 <true/> | <false/>
1164 <key>Locked</key>
1165 <true/> | <false/>
1166 <key>Behavior</key>
1167 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1168 <key>BehaviorPrivateBrowsing</key>
1169 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1170 </dict>
1171 </dict>
1172 ```
1173 #### policies.json
1174 ```
1175 {
1176 "policies": {
1177 "Cookies": {
1178 "Allow": ["http://example.org/"],
1179 "AllowSession": ["http://example.edu/"],
1180 "Block": ["http://example.edu/"],
1181 "Default": true | false,
1182 "AcceptThirdParty": "always" | "never" | "from-visited",
1183 "ExpireAtSessionEnd": true | false,
1184 "RejectTracker": true | false,
1185 "Locked": true | false,
1186 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1187 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1188 }
1189 }
1190 }
1191 ```
1192 ### DefaultDownloadDirectory
1193 Set the default download directory.
1194
1195 You can use ${home} for the native home directory.
1196
1197 **Compatibility:** Firefox 68, Firefox ESR 68\
1198 **CCK2 Equivalent:** N/A\
1199 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1200
1201 #### Windows (GPO)
1202 ```
1203 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1204 ```
1205 #### Windows (Intune)
1206 OMA-URI:
1207 ```
1208 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1209 ```
1210 Value (string):
1211 ```
1212 <enabled/>
1213 <data id="Preferences_String" value="${home}\Downloads"/>
1214 ```
1215 #### macOS
1216 ```
1217 <dict>
1218 <key>DefaultDownloadDirectory</key>
1219 <string>${home}/Downloads</string>
1220 </dict>
1221 ```
1222 #### policies.json (macOS and Linux)
1223 ```
1224 {
1225 "policies": {
1226 "DefaultDownloadDirectory": "${home}/Downloads"
1227 }
1228 }
1229 ```
1230 #### policies.json (Windows)
1231 ```
1232 {
1233 "policies": {
1234 "DefaultDownloadDirectory": "${home}\\Downloads"
1235 }
1236 }
1237 ```
1238 ### DisableAppUpdate
1239 Turn off application updates within Firefox.
1240
1241 **Compatibility:** Firefox 60, Firefox ESR 60\
1242 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1243 **Preferences Affected:** N/A
1244
1245 #### Windows (GPO)
1246 ```
1247 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1248 ```
1249 #### Windows (Intune)
1250 OMA-URI:
1251 ```
1252 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1253 ```
1254 Value (string):
1255 ```
1256 <enabled/> or <disabled/>
1257 ```
1258 #### macOS
1259 ```
1260 <dict>
1261 <key>DisableAppUpdate</key>
1262 <true/> | <false/>
1263 </dict>
1264 ```
1265 #### policies.json
1266 ```
1267 {
1268 "policies": {
1269 "DisableAppUpdate": true | false
1270 }
1271 }
1272 ```
1273 ### DisableBuiltinPDFViewer
1274 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1275
1276 **Compatibility:** Firefox 60, Firefox ESR 60\
1277 **CCK2 Equivalent:** `disablePDFjs`\
1278 **Preferences Affected:** `pdfjs.disabled`
1279
1280 #### Windows (GPO)
1281 ```
1282 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1283 ```
1284 #### Windows (Intune)
1285 OMA-URI:
1286 ```
1287 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1288 ```
1289 Value (string):
1290 ```
1291 <enabled/> or <disabled/>
1292 ```
1293 #### macOS
1294 ```
1295 <dict>
1296 <key>DisableBuiltinPDFViewer</key>
1297 <true/> | <false/>
1298 </dict>
1299 ```
1300 #### policies.json
1301 ```
1302 {
1303 "policies": {
1304 "DisableBuiltinPDFViewer": true | false
1305 }
1306 }
1307 ```
1308 ### DisabledCiphers
1309 Disable specific cryptographic ciphers, listed below.
1310
1311 ```
1312 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1313 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1314 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1315 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1316 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1317 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1318 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1319 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1320 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1321 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1322 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1323 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1324 TLS_RSA_WITH_AES_128_GCM_SHA256
1325 TLS_RSA_WITH_AES_256_GCM_SHA384
1326 TLS_RSA_WITH_AES_128_CBC_SHA
1327 TLS_RSA_WITH_AES_256_CBC_SHA
1328 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1329 ```
1330
1331 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1332
1333 ---
1334 **Note:**
1335
1336 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1337
1338 ---
1339 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1340 **CCK2 Equivalent:** N/A\
1341 **Preferences Affected:** N/A
1342
1343 #### Windows (GPO)
1344 ```
1345 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1346 ```
1347 #### Windows (Intune)
1348 OMA-URI:
1349 ```
1350 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1351
1352 ```
1353 Value (string):
1354 ```
1355 <enabled/> or <disabled/>
1356 ```
1357 #### macOS
1358 ```
1359 <dict>
1360 <key>DisabledCiphers</key>
1361 <dict>
1362 <key>CIPHER_NAME</key>
1363 <true/> | <false/>
1364 </dict>
1365 </dict>
1366 ```
1367 #### policies.json
1368 ```
1369 {
1370 "policies": {
1371 "DisabledCiphers": {
1372 "CIPHER_NAME": true | false,
1373 }
1374 }
1375 }
1376 ```
1377 ### DisableDefaultBrowserAgent
1378 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1379
1380 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1381
1382 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1383 **CCK2 Equivalent:** N/A\
1384 **Preferences Affected:** N/A
1385
1386 #### Windows (GPO)
1387 ```
1388 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1389 ```
1390 #### Windows (Intune)
1391 OMA-URI:
1392 ```
1393 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1394 ```
1395 Value (string):
1396 ```
1397 <enabled/> or <disabled/>
1398 ```
1399 #### policies.json
1400 ```
1401 {
1402 "policies": {
1403 "DisableDefaultBrowserAgent": true | false
1404 }
1405 }
1406 ```
1407 ### DisableDeveloperTools
1408 Remove access to all developer tools.
1409
1410 **Compatibility:** Firefox 60, Firefox ESR 60\
1411 **CCK2 Equivalent:** `removeDeveloperTools`\
1412 **Preferences Affected:** `devtools.policy.disabled`
1413
1414 #### Windows (GPO)
1415 ```
1416 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1417 ```
1418 #### Windows (Intune)
1419 OMA-URI:
1420 ```
1421 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1422 ```
1423 Value (string):
1424 ```
1425 <enabled/> or <disabled/>
1426 ```
1427 #### macOS
1428 ```
1429 <dict>
1430 <key>DisableDeveloperTools</key>
1431 <true/> | <false/>
1432 </dict>
1433 ```
1434 #### policies.json
1435 ```
1436 {
1437 "policies": {
1438 "DisableDeveloperTools": true | false
1439 }
1440 }
1441 ```
1442 ### DisableFeedbackCommands
1443 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1444
1445 **Compatibility:** Firefox 60, Firefox ESR 60\
1446 **CCK2 Equivalent:** N/A\
1447 **Preferences Affected:** N/A
1448
1449 #### Windows (GPO)
1450 ```
1451 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1452 ```
1453 #### Windows (Intune)
1454 OMA-URI:
1455 ```
1456 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1457 ```
1458 Value (string):
1459 ```
1460 <enabled/> or <disabled/>
1461 ```
1462 #### macOS
1463 ```
1464 <dict>
1465 <key>DisableFeedbackCommands</key>
1466 <true/> | <false/>
1467 </dict>
1468 ```
1469 #### policies.json
1470 ```
1471 {
1472 "policies": {
1473 "DisableFeedbackCommands": true | false
1474 }
1475 }
1476 ```
1477 ### DisableFirefoxAccounts
1478 Disable Firefox Accounts integration (Sync).
1479
1480 **Compatibility:** Firefox 60, Firefox ESR 60\
1481 **CCK2 Equivalent:** `disableSync`\
1482 **Preferences Affected:** `identity.fxaccounts.enabled`
1483
1484 #### Windows (GPO)
1485 ```
1486 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1487 ```
1488 #### Windows (Intune)
1489 OMA-URI:
1490 ```
1491 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1492 ```
1493 Value (string):
1494 ```
1495 <enabled/> or <disabled/>
1496 ```
1497 #### macOS
1498 ```
1499 <dict>
1500 <key>DisableFirefoxAccounts</key>
1501 <true/> | <false/>
1502 </dict>
1503 ```
1504 #### policies.json
1505 ```
1506 {
1507 "policies": {
1508 "DisableFirefoxAccounts": true | false
1509 }
1510 }
1511 ```
1512 ### DisableFirefoxScreenshots
1513 Remove access to Firefox Screenshots.
1514
1515 **Compatibility:** Firefox 60, Firefox ESR 60\
1516 **CCK2 Equivalent:** N/A\
1517 **Preferences Affected:** `extensions.screenshots.disabled`
1518
1519 #### Windows (GPO)
1520 ```
1521 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1522 ```
1523 #### Windows (Intune)
1524 OMA-URI:
1525 ```
1526 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1527 ```
1528 Value (string):
1529 ```
1530 <enabled/> or <disabled/>
1531 ```
1532 #### macOS
1533 ```
1534 <dict>
1535 <key>DisableFirefoxScreenshots</key>
1536 <true/> | <false/>
1537 </dict>
1538 ```
1539 #### policies.json
1540 ```
1541 {
1542 "policies": {
1543 "DisableFirefoxScreenshots": true | false
1544 }
1545 }
1546 ```
1547 ### DisableFirefoxStudies
1548 Disable Firefox studies (Shield).
1549
1550 **Compatibility:** Firefox 60, Firefox ESR 60\
1551 **CCK2 Equivalent:** N/A\
1552 **Preferences Affected:** N/A
1553
1554 #### Windows (GPO)
1555 ```
1556 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1557 ```
1558 #### Windows (Intune)
1559 OMA-URI:
1560 ```
1561 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1562 ```
1563 Value (string):
1564 ```
1565 <enabled/> or <disabled/>
1566 ```
1567 #### macOS
1568 ```
1569 <dict>
1570 <key>DisableFirefoxStudies</key>
1571 <true/> | <false/>
1572 </dict>
1573 ```
1574 #### policies.json
1575 ```
1576 {
1577 "policies": {
1578 "DisableFirefoxStudies": true | false
1579 }
1580 }
1581 ```
1582 ### DisableForgetButton
1583 Disable the "Forget" button.
1584
1585 **Compatibility:** Firefox 60, Firefox ESR 60\
1586 **CCK2 Equivalent:** `disableForget`\
1587 **Preferences Affected:** N/A
1588
1589 #### Windows (GPO)
1590 ```
1591 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1592 ```
1593 #### Windows (Intune)
1594 OMA-URI:
1595 ```
1596 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1597 ```
1598 Value (string):
1599 ```
1600 <enabled/> or <disabled/>
1601 ```
1602 #### macOS
1603 ```
1604 <dict>
1605 <key>DisableForgetButton</key>
1606 <true/> | <false/>
1607 </dict>
1608 ```
1609 #### policies.json
1610 ```
1611 {
1612 "policies": {
1613 "DisableForgetButton": true | false
1614 }
1615 }
1616 ```
1617 ### DisableFormHistory
1618 Turn off saving information on web forms and the search bar.
1619
1620 **Compatibility:** Firefox 60, Firefox ESR 60\
1621 **CCK2 Equivalent:** `disableFormFill`\
1622 **Preferences Affected:** `browser.formfill.enable`
1623
1624 #### Windows (GPO)
1625 ```
1626 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1627 ```
1628 #### Windows (Intune)
1629 OMA-URI:
1630 ```
1631 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1632 ```
1633 Value (string):
1634 ```
1635 <enabled/> or <disabled/>
1636 ```
1637 #### macOS
1638 ```
1639 <dict>
1640 <key>DisableFormHistory</key>
1641 <true/> | <false/>
1642 </dict>
1643 ```
1644 #### policies.json
1645 ```
1646 {
1647 "policies": {
1648 "DisableFormHistory": true | false
1649 }
1650 }
1651 ```
1652 ### DisableMasterPasswordCreation
1653 Remove the master password functionality.
1654
1655 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1656
1657 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1658
1659 **Compatibility:** Firefox 60, Firefox ESR 60\
1660 **CCK2 Equivalent:** `noMasterPassword`\
1661 **Preferences Affected:** N/A
1662
1663 #### Windows (GPO)
1664 ```
1665 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1666 ```
1667 #### Windows (Intune)
1668 OMA-URI:
1669 ```
1670 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1671 ```
1672 Value (string):
1673 ```
1674 <enabled/> or <disabled/>
1675 ```
1676 #### macOS
1677 ```
1678 <dict>
1679 <key>DisableMasterPasswordCreation</key>
1680 <true/> | <false/>
1681 </dict>
1682 ```
1683 #### policies.json
1684 ```
1685 {
1686 "policies": {
1687 "DisableMasterPasswordCreation": true | false
1688 }
1689 }
1690 ```
1691 ### DisablePasswordReveal
1692 Do not allow passwords to be shown in saved logins
1693
1694 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1695 **CCK2 Equivalent:** N/A
1696 **Preferences Affected:** N/A
1697
1698 #### Windows (GPO)
1699 ```
1700 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1701 ```
1702 #### Windows (Intune)
1703 OMA-URI:
1704 ```
1705 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1706 ```
1707 Value (string):
1708 ```
1709 <enabled/> or <disabled/>
1710 ```
1711 #### macOS
1712 ```
1713 <dict>
1714 <key>DisablePasswordReveal</key>
1715 <true/> | <false/>
1716 </dict>
1717 ```
1718 #### policies.json
1719 ```
1720 {
1721 "policies": {
1722 "DisablePasswordReveal": true | false
1723 }
1724 }
1725 ```
1726 ### DisablePocket
1727 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1728
1729 **Compatibility:** Firefox 60, Firefox ESR 60\
1730 **CCK2 Equivalent:** `disablePocket`\
1731 **Preferences Affected:** `extensions.pocket.enabled`
1732
1733 #### Windows (GPO)
1734 ```
1735 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1736 ```
1737 #### Windows (Intune)
1738 OMA-URI:
1739 ```
1740 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1741 ```
1742 Value (string):
1743 ```
1744 <enabled/> or <disabled/>
1745 ```
1746 #### macOS
1747 ```
1748 <dict>
1749 <key>DisablePocket</key>
1750 <true/> | <false/>
1751 </dict>
1752 ```
1753 #### policies.json
1754 ```
1755 {
1756 "policies": {
1757 "DisablePocket": true | false
1758 }
1759 }
1760 ```
1761 ### DisablePrivateBrowsing
1762 Remove access to private browsing.
1763
1764 **Compatibility:** Firefox 60, Firefox ESR 60\
1765 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1766 **Preferences Affected:** N/A
1767
1768 #### Windows (GPO)
1769 ```
1770 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1771 ```
1772 #### Windows (Intune)
1773 OMA-URI:
1774 ```
1775 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1776 ```
1777 Value (string):
1778 ```
1779 <enabled/> or <disabled/>
1780 ```
1781 #### macOS
1782 ```
1783 <dict>
1784 <key>DisablePrivateBrowsing</key>
1785 <true/> | <false/>
1786 </dict>
1787 ```
1788 #### policies.json
1789 ```
1790 {
1791 "policies": {
1792 "DisablePrivateBrowsing": true | false
1793 }
1794 }
1795 ```
1796 ### DisableProfileImport
1797 Disables the "Import data from another browser" option in the bookmarks window.
1798
1799 **Compatibility:** Firefox 60, Firefox ESR 60\
1800 **CCK2 Equivalent:** N/A\
1801 **Preferences Affected:** N/A
1802
1803 #### Windows (GPO)
1804 ```
1805 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1806 ```
1807 #### Windows (Intune)
1808 OMA-URI:
1809 ```
1810 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1811 ```
1812 Value (string):
1813 ```
1814 <enabled/> or <disabled/>
1815 ```
1816 #### macOS
1817 ```
1818 <dict>
1819 <key>DisableProfileImport</key>
1820 <true/> | <false/>
1821 </dict>
1822 ```
1823 #### policies.json
1824 ```
1825 {
1826 "policies": {
1827 "DisableProfileImport": true | false
1828 }
1829 }
1830 ```
1831 ### DisableProfileRefresh
1832 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1833
1834 **Compatibility:** Firefox 60, Firefox ESR 60\
1835 **CCK2 Equivalent:** `disableResetFirefox`\
1836 **Preferences Affected:** `browser.disableResetPrompt`
1837
1838 #### Windows (GPO)
1839 ```
1840 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1841 ```
1842 #### Windows (Intune)
1843 OMA-URI:
1844 ```
1845 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1846 ```
1847 Value (string):
1848 ```
1849 <enabled/> or <disabled/>
1850 ```
1851 #### macOS
1852 ```
1853 <dict>
1854 <key>DisableProfileRefresh</key>
1855 <true/> | <false/>
1856 </dict>
1857 ```
1858 #### policies.json
1859 ```
1860 {
1861 "policies": {
1862 "DisableProfileRefresh": true | false
1863 }
1864 }
1865 ```
1866 ### DisableSafeMode
1867 Disable safe mode within the browser.
1868
1869 On Windows, this disables safe mode via the command line as well.
1870
1871 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1872 **CCK2 Equivalent:** `disableSafeMode`\
1873 **Preferences Affected:** N/A
1874
1875 #### Windows (GPO)
1876 ```
1877 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1878 ```
1879 #### Windows (Intune)
1880 OMA-URI:
1881 ```
1882 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1883 ```
1884 Value (string):
1885 ```
1886 <enabled/> or <disabled/>
1887 ```
1888 #### macOS
1889 ```
1890 <dict>
1891 <key>DisableSafeMode</key>
1892 <true/> | <false/>
1893 </dict>
1894 ```
1895 #### policies.json
1896 ```
1897 {
1898 "policies": {
1899 "DisableSafeMode": true | false
1900 }
1901 }
1902 ```
1903 ### DisableSecurityBypass
1904 Prevent the user from bypassing security in certain cases.
1905
1906 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1907
1908 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1909
1910 **Compatibility:** Firefox 60, Firefox ESR 60\
1911 **CCK2 Equivalent:** N/A\
1912 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
1913
1914 #### Windows (GPO)
1915 ```
1916 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
1917 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
1918 ```
1919 #### Windows (Intune)
1920 OMA-URI:
1921 ```
1922 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
1923 ```
1924 Value (string):
1925 ```
1926 <enabled/> or <disabled/>
1927 ```
1928 OMA-URI:
1929 ```
1930 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
1931 ```
1932 Value (string):
1933 ```
1934 <enabled/> or <disabled/>
1935 ```
1936
1937 #### macOS
1938 ```
1939 <dict>
1940 <key>DisableSecurityBypass</key>
1941 <dict>
1942 <key>InvalidCertificate</key>
1943 <true/> | <false/>
1944 <key>SafeBrowsing</key>
1945 <true/> | <false/>
1946 </dict>
1947 </dict>
1948 ```
1949 #### policies.json
1950 ```
1951 {
1952 "policies": {
1953 "DisableSecurityBypass": {
1954 "InvalidCertificate": true | false,
1955 "SafeBrowsing": true | false
1956 }
1957 }
1958 }
1959 ```
1960 ### DisableSetDesktopBackground
1961 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
1962
1963 **Compatibility:** Firefox 60, Firefox ESR 60\
1964 **CCK2 Equivalent:** `removeSetDesktopBackground`\
1965 **Preferences Affected:** N/A
1966
1967 #### Windows (GPO)
1968 ```
1969 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
1970 ```
1971 #### Windows (Intune)
1972 OMA-URI:
1973 ```
1974 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
1975 ```
1976 Value (string):
1977 ```
1978 <enabled/> or <disabled/>
1979 ```
1980 #### macOS
1981 ```
1982 <dict>
1983 <key>DisableSetDesktopBackground</key>
1984 <true/> | <false/>
1985 </dict>
1986 ```
1987 #### policies.json
1988 ```
1989 {
1990 "policies": {
1991 "DisableSetDesktopBackground": true | false
1992 }
1993 }
1994 ```
1995 ### DisableSystemAddonUpdate
1996 Prevent system add-ons from being installed or updated.
1997
1998 **Compatibility:** Firefox 60, Firefox ESR 60\
1999 **CCK2 Equivalent:** N/A\
2000 **Preferences Affected:** N/A
2001
2002 #### Windows (GPO)
2003 ```
2004 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2005 ```
2006 #### Windows (Intune)
2007 OMA-URI:
2008 ```
2009 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2010 ```
2011 Value (string):
2012 ```
2013 <enabled/> or <disabled/>
2014 ```
2015 #### macOS
2016 ```
2017 <dict>
2018 <key>DisableSystemAddonUpdate</key>
2019 <true/> | <false/>
2020 </dict>
2021 ```
2022 #### policies.json
2023 ```
2024 {
2025 "policies": {
2026 "DisableSystemAddonUpdate": true | false
2027 }
2028 }
2029 ```
2030 ### DisableTelemetry
2031 Prevent the upload of telemetry data.
2032
2033 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2034
2035 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2036
2037 **Compatibility:** Firefox 60, Firefox ESR 60\
2038 **CCK2 Equivalent:** `disableTelemetry`\
2039 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2040
2041 #### Windows (GPO)
2042 ```
2043 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2044 ```
2045 #### Windows (Intune)
2046 OMA-URI:
2047 ```
2048 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2049 ```
2050 Value (string):
2051 ```
2052 <enabled/> or <disabled/>
2053 ```
2054 #### macOS
2055 ```
2056 <dict>
2057 <key>DisableTelemetry</key>
2058 <true/> | <false/>
2059 </dict>
2060 ```
2061 #### policies.json
2062 ```
2063 {
2064 "policies": {
2065 "DisableTelemetry": true | false
2066 }
2067 }
2068 ```
2069 ### DisableThirdPartyModuleBlocking
2070 Do not allow blocking third-party modules from the `about:third-party` page.
2071
2072 This policy only works on Windows through GPO (not policies.json).
2073
2074 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2075 **CCK2 Equivalent:** N/A\
2076 **Preferences Affected:** N/A
2077
2078 #### Windows (GPO)
2079 ```
2080 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2081 ```
2082 #### Windows (Intune)
2083 OMA-URI:
2084 ```
2085 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2086 ```
2087 Value (string):
2088 ```
2089 <enabled/> or <disabled/>
2090 ```
2091 ### DisplayBookmarksToolbar
2092 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2093
2094 `always` means the bookmarks toolbar is always shown.
2095
2096 `never` means the bookmarks toolbar is not shown.
2097
2098 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2099
2100 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2101 **CCK2 Equivalent:** N/A\
2102 **Preferences Affected:** N/A
2103
2104 #### Windows (GPO)
2105 ```
2106 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2107 ```
2108 #### Windows (Intune)
2109 OMA-URI:
2110 ```
2111 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2112 ```
2113 Value (string):
2114 ```
2115 <enabled/>
2116 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2117 ```
2118 #### macOS
2119 ```
2120 <dict>
2121 <key>DisplayBookmarksToolbar</key>
2122 <string>always | never | newtab</string>
2123 </dict>
2124 ```
2125 #### policies.json
2126 ```
2127 {
2128 "policies": {
2129 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2130 }
2131 }
2132 ```
2133 ### DisplayBookmarksToolbar (Deprecated)
2134 Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden.
2135
2136 **Compatibility:** Firefox 60, Firefox ESR 60\
2137 **CCK2 Equivalent:** `displayBookmarksToolbar`\
2138 **Preferences Affected:** N/A
2139
2140 #### Windows (GPO)
2141 ```
2142 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
2143 ```
2144 #### Windows (Intune)
2145 OMA-URI:
2146 ```
2147 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar
2148 ```
2149 Value (string):
2150 ```
2151 <enabled/> or <disabled/>
2152 ```
2153 #### macOS
2154 ```
2155 <dict>
2156 <key>DisplayBookmarksToolbar</key>
2157 <true/> | <false/>
2158 </dict>
2159 ```
2160 #### policies.json
2161 ```
2162 {
2163 "policies": {
2164 "DisplayBookmarksToolbar": true | false
2165 }
2166 }
2167 ```
2168 ### DisplayMenuBar
2169 Set the state of the menubar.
2170
2171 `always` means the menubar is shown and cannot be hidden.
2172
2173 `never` means the menubar is hidden and cannot be shown.
2174
2175 `default-on` means the menubar is on by default but can be hidden.
2176
2177 `default-off` means the menubar is off by default but can be shown.
2178
2179 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2180 **CCK2 Equivalent:** `displayMenuBar`\
2181 **Preferences Affected:** N/A
2182
2183 #### Windows (GPO)
2184 ```
2185 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2186 ```
2187 #### Windows (Intune)
2188 OMA-URI:
2189 ```
2190 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2191 ```
2192 Value (string):
2193 ```
2194 <enabled/>
2195 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2196 ```
2197 #### macOS
2198 ```
2199 <dict>
2200 <key>DisplayMenuBar</key>
2201 <string>always | never | default-on | default-off</string>
2202 </dict>
2203 ```
2204 #### policies.json
2205 ```
2206 {
2207 "policies": {
2208 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2209 }
2210 }
2211 ```
2212 ### DisplayMenuBar (Deprecated)
2213 Set the initial state of the menubar. A user can still hide it and it will stay hidden.
2214
2215 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
2216 **CCK2 Equivalent:** `displayMenuBar`\
2217 **Preferences Affected:** N/A
2218
2219 #### Windows (GPO)
2220 ```
2221 Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
2222 ```
2223 #### macOS
2224 ```
2225 <dict>
2226 <key>DisplayMenuBar</key>
2227 <true/> | <false/>
2228 </dict>
2229 ```
2230 #### policies.json
2231 ```
2232 {
2233 "policies": {
2234 "DisplayMenuBar": true | false
2235 }
2236 }
2237 ```
2238 ### DNSOverHTTPS
2239 Configure DNS over HTTPS.
2240
2241 `Enabled` determines whether DNS over HTTPS is enabled
2242
2243 `ProviderURL` is a URL to another provider.
2244
2245 `Locked` prevents the user from changing DNS over HTTPS preferences.
2246
2247 `ExcludedDomains` excludes domains from DNS over HTTPS.
2248
2249 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
2250 **CCK2 Equivalent:** N/A\
2251 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2252
2253 #### Windows (GPO)
2254 ```
2255 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2256 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2257 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2258 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2259 ```
2260 #### Windows (Intune)
2261 OMA-URI:
2262 ```
2263 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2264 ```
2265 Value (string):
2266 ```
2267 <enabled/> or <disabled/>
2268 ```
2269 OMA-URI:
2270 ```
2271 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2272 ```
2273 Value (string):
2274 ```
2275 <enabled/>
2276 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2277 ```
2278 OMA-URI:
2279 ```
2280 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2281 ```
2282 Value (string):
2283 ```
2284 <enabled/> or <disabled/>
2285 ```
2286 OMA-URI:
2287 ```
2288 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2289 ```
2290 Value (string):
2291 ```
2292 <enabled/>
2293 <data id="List" value="1&#xF000;example.com"/>
2294 ```
2295 #### macOS
2296 ```
2297 <dict>
2298 <key>DNSOverHTTPS</key>
2299 <dict>
2300 <key>Enabled</key>
2301 <true/> | <false/>
2302 <key>ProviderURL</key>
2303 <string>URL_TO_ALTERNATE_PROVIDER</string>
2304 <key>Locked</key>
2305 <true/> | <false/>
2306 <key>ExcludedDomains</key>
2307 <array>
2308 <string>example.com</string>
2309 </array>
2310 </dict>
2311 </dict>
2312 ```
2313 #### policies.json
2314 ```
2315 {
2316 "policies": {
2317 "DNSOverHTTPS": {
2318 "Enabled": true | false,
2319 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2320 "Locked": true | false,
2321 "ExcludedDomains": ["example.com"]
2322 }
2323 }
2324 }
2325 ```
2326 ### DontCheckDefaultBrowser
2327 Don't check if Firefox is the default browser at startup.
2328
2329 **Compatibility:** Firefox 60, Firefox ESR 60\
2330 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2331 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2332
2333 #### Windows (GPO)
2334 ```
2335 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2336 ```
2337 #### Windows (Intune)
2338 OMA-URI:
2339 ```
2340 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2341 ```
2342 Value (string):
2343 ```
2344 <enabled/> or <disabled/>
2345 ```
2346 #### macOS
2347 ```
2348 <dict>
2349 <key>DontCheckDefaultBrowser</key>
2350 <true/> | <false/>
2351 </dict>
2352 ```
2353 #### policies.json
2354 ```
2355 {
2356 "policies": {
2357 "DontCheckDefaultBrowser": true | false
2358 }
2359 }
2360 ```
2361 ### DownloadDirectory
2362 Set and lock the download directory.
2363
2364 You can use ${home} for the native home directory.
2365
2366 **Compatibility:** Firefox 68, Firefox ESR 68\
2367 **CCK2 Equivalent:** N/A\
2368 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2369
2370 #### Windows (GPO)
2371 ```
2372 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2373 ```
2374 #### Windows (Intune)
2375 OMA-URI:
2376 ```
2377 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2378 ```
2379 Value (string):
2380 ```
2381 <enabled/>
2382 <data id="Preferences_String" value="${home}\Downloads"/>
2383 ```
2384 #### macOS
2385 ```
2386 <dict>
2387 <key>DownloadDirectory</key>
2388 <string>${home}/Downloads</string>
2389 </dict>
2390 ```
2391 #### policies.json (macOS and Linux)
2392 ```
2393 {
2394 "policies": {
2395 "DownloadDirectory": "${home}/Downloads"
2396 }
2397 ```
2398 #### policies.json (Windows)
2399 ```
2400 {
2401 "policies": {
2402 "DownloadDirectory": "${home}\\Downloads"
2403 }
2404 ```
2405 ### EnableTrackingProtection
2406 Configure tracking protection.
2407
2408 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2409
2410 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2411
2412 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2413
2414 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2415
2416 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2417
2418 `Exceptions` are origins for which tracking protection is not enabled.
2419
2420 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2421 **CCK2 Equivalent:** N/A\
2422 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2423
2424 #### Windows (GPO)
2425 ```
2426 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2427 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2428 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2429 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2430 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2431 ```
2432 #### Windows (Intune)
2433 OMA-URI:
2434 ```
2435 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2436 ```
2437 Value (string):
2438 ```
2439 <enabled/> or <disabled/>
2440 ```
2441 OMA-URI:
2442 ```
2443 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2444 ```
2445 Value (string):
2446 ```
2447 <enabled/> or <disabled/>
2448 ```
2449 OMA-URI:
2450 ```
2451 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2452 ```
2453 Value (string):
2454 ```
2455 <enabled/> or <disabled/>
2456 ```
2457 OMA-URI:
2458 ```
2459 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2460 ```
2461 Value (string):
2462 ```
2463 <enabled/>
2464 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2465 ```
2466 OMA-URI:
2467 ```
2468 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2469 ```
2470 Value (string):
2471 ```
2472 <enabled/> or <disabled/>
2473 ```
2474 #### macOS
2475 ```
2476 <dict>
2477 <key>EnableTrackingProtection</key>
2478 <dict>
2479 <key>Value</key>
2480 <true/> | <false/>
2481 <key>Locked</key>
2482 <true/> | <false/>
2483 <key>Cryptomining</key>
2484 <true/> | <false/>
2485 <key>Fingerprinting</key>
2486 <true/> | <false/>
2487 <key>Exceptions</key>
2488 <array>
2489 <string>https://example.com</string>
2490 </array>
2491 </dict>
2492 </dict>
2493 ```
2494 #### policies.json
2495 ```
2496 {
2497 "policies": {
2498 "EnableTrackingProtection": {
2499 "Value": true | false,
2500 "Locked": true | false,
2501 "Cryptomining": true | false,
2502 "Fingerprinting": true | false,
2503 "Exceptions": ["https://example.com"]
2504 }
2505 }
2506 }
2507 ```
2508 ### EncryptedMediaExtensions
2509 Enable or disable Encrypted Media Extensions and optionally lock it.
2510
2511 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2512
2513 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2514
2515 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2516 **CCK2 Equivalent:** N/A\
2517 **Preferences Affected:** `media.eme.enabled`
2518
2519 #### Windows (GPO)
2520 ```
2521 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2522 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2523 ```
2524 #### Windows (Intune)
2525 OMA-URI:
2526 ```
2527 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2528 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2529 ```
2530 Value (string):
2531 ```
2532 <enabled/>or <disabled/>
2533 ```
2534 #### macOS
2535 ```
2536 <dict>
2537 <key>EncryptedMediaExtensions</key>
2538 <dict>
2539 <key>Enabled</key>
2540 <true/> | <false/>
2541 <key>Locked</key>
2542 <true/> | <false/>
2543 </dict>
2544 </dict>
2545 ```
2546 #### policies.json
2547 ```
2548 {
2549 "policies": {
2550 "EncryptedMediaExtensions": {
2551 "Enabled": true | false,
2552 "Locked": true | false
2553 }
2554 }
2555 }
2556 ```
2557 ### EnterprisePoliciesEnabled
2558 Enable policy support on macOS.
2559
2560 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2561 **CCK2 Equivalent:** N/A\
2562 **Preferences Affected:** N/A
2563
2564 #### macOS
2565 ```
2566 <dict>
2567 <key>EnterprisePoliciesEnabled</key>
2568 <true/>
2569 </dict>
2570 ```
2571 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2572
2573 Disable warnings based on file extension for specific file types on domains.
2574
2575 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2576
2577 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2578
2579 **Compatibility:** Firefox 102\
2580 **CCK2 Equivalent:** N/A\
2581 **Preferences Affected:** N/A
2582
2583 #### Windows (GPO)
2584 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2585 ```
2586 [
2587 {
2588 "file_extension": "jnlp",
2589 "domains": ["example.com"]
2590 }
2591 ]
2592 ```
2593 #### Windows (Intune)
2594 OMA-URI:
2595 ```
2596 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2597 ```
2598 Value (string):
2599 ```
2600 <enabled/>
2601 <data id="JSON" value='
2602 [
2603 {
2604 "file_extension": "jnlp",
2605 "domains": ["example.com"]
2606 }
2607 ]
2608 '/>
2609 ```
2610 #### macOS
2611 ```
2612 <dict>
2613 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2614 <array>
2615 <dict>
2616 <key>file_extension</key>
2617 <string>jnlp</string>
2618 <key>domains</key>
2619 <array>
2620 <string>example.com</string>
2621 </array>
2622 </dict>
2623 </array>
2624 </dict>
2625 ```
2626 #### policies.json
2627 ```
2628 {
2629 "policies": {
2630 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2631 "file_extension": "jnlp",
2632 "domains": ["example.com"]
2633 }]
2634 }
2635 }
2636 ```
2637 ### Extensions
2638 Control the installation, uninstallation and locking of extensions.
2639
2640 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2641
2642 `Install` is a list of URLs or native paths for extensions to be installed.
2643
2644 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2645
2646 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2647
2648 **Compatibility:** Firefox 60, Firefox ESR 60\
2649 **CCK2 Equivalent:** `addons`\
2650 **Preferences Affected:** N/A
2651
2652 #### Windows (GPO)
2653 ```
2654 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2655 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2656 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2657 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2658 ```
2659 #### Windows (Intune)
2660 OMA-URI:
2661 ```
2662 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2663 ```
2664 Value (string):
2665 ```
2666 <enabled/>
2667 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2668 ```
2669 OMA-URI:
2670 ```
2671 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2672 ```
2673 Value (string):
2674 ```
2675 <enabled/>
2676 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2677 ```
2678 OMA-URI:
2679 ```
2680 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2681 ```
2682 Value (string):
2683 ```
2684 <enabled/>
2685 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2686 ```
2687 #### macOS
2688 ```
2689 <dict>
2690 <key>Extensions</key>
2691 <dict>
2692 <key>Install</key>
2693 <array>
2694 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2695 <string>//path/to/xpi</string>
2696 </array>
2697 <key>Uninstall</key>
2698 <array>
2699 <string>bad_addon_id@mozilla.org</string>
2700 </array>
2701 <key>Locked</key>
2702 <array>
2703 <string>addon_id@mozilla.org</string>
2704 </array>
2705 </dict>
2706 </dict>
2707 ```
2708 #### policies.json
2709 ```
2710 {
2711 "policies": {
2712 "Extensions": {
2713 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2714 "Uninstall": ["bad_addon_id@mozilla.org"],
2715 "Locked": ["addon_id@mozilla.org"]
2716 }
2717 }
2718 }
2719 ```
2720 ### ExtensionSettings
2721 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2722
2723 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2724
2725 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2726
2727 The configuration for each extension is another dictionary that can contain the fields documented below.
2728
2729 | Name | Description |
2730 | --- | --- |
2731 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2732 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2733 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2734 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2735 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2736 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2737 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2738 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2739 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2740 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2741 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2742
2743 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2744 **CCK2 Equivalent:** N/A\
2745 **Preferences Affected:** N/A
2746
2747 #### Windows (GPO)
2748 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2749 ```
2750 {
2751 "*": {
2752 "blocked_install_message": "Custom error message.",
2753 "install_sources": ["https://yourwebsite.com/*"],
2754 "installation_mode": "blocked",
2755 "allowed_types": ["extension"]
2756 },
2757 "uBlock0@raymondhill.net": {
2758 "installation_mode": "force_installed",
2759 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2760 },
2761 "https-everywhere@eff.org": {
2762 "installation_mode": "allowed"
2763 }
2764 }
2765 ```
2766 #### Windows (Intune)
2767 OMA-URI:
2768 ```
2769 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2770 ```
2771 Value (string):
2772 ```
2773 <enabled/>
2774 <data id="ExtensionSettings" value='
2775 {
2776 "*": {
2777 "blocked_install_message": "Custom error message.",
2778 "install_sources": ["https://yourwebsite.com/*"],
2779 "installation_mode": "blocked",
2780 "allowed_types": ["extension"]
2781 },
2782 "uBlock0@raymondhill.net": {
2783 "installation_mode": "force_installed",
2784 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2785 },
2786 "https-everywhere@eff.org": {
2787 "installation_mode": "allowed"
2788 }
2789 }'/>
2790 ```
2791 #### macOS
2792 ```
2793 <dict>
2794 <key>ExtensionSettings</key>
2795 <dict>
2796 <key>*</key>
2797 <dict>
2798 <key>blocked_install_message</key>
2799 <string>Custom error message.</string>
2800 <key>install_sources</key>
2801 <array>
2802 <string>"https://yourwebsite.com/*"</string>
2803 </array>
2804 <key>installation_mode</key>
2805 <string>blocked</string>
2806 <key>allowed_types</key>
2807 <array>
2808 <string>extension</string>
2809 </array>
2810 </dict>
2811 <key>uBlock0@raymondhill.net</key>
2812 <dict>
2813 <key>installation_mode</key>
2814 <string>force_installed</string>
2815 <key>install_url</key>
2816 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2817 </dict>
2818 <key>https-everywhere@eff.org</key>
2819 <dict>
2820 <key>installation_mode</key>
2821 <string>allowed</string>
2822 </dict>
2823 </dict>
2824 </dict>
2825 ```
2826 #### policies.json
2827 ```
2828 {
2829 "policies": {
2830 "ExtensionSettings": {
2831 "*": {
2832 "blocked_install_message": "Custom error message.",
2833 "install_sources": ["https://yourwebsite.com/*"],
2834 "installation_mode": "blocked",
2835 "allowed_types": ["extension"]
2836 },
2837 "uBlock0@raymondhill.net": {
2838 "installation_mode": "force_installed",
2839 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2840 },
2841 "https-everywhere@eff.org": {
2842 "installation_mode": "allowed"
2843 }
2844 }
2845 }
2846 }
2847 ```
2848 ### ExtensionUpdate
2849 Control extension updates.
2850
2851 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2852 **CCK2 Equivalent:** N/A\
2853 **Preferences Affected:** `extensions.update.enabled`
2854
2855 #### Windows (GPO)
2856 ```
2857 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2858 ```
2859 #### Windows (Intune)
2860 OMA-URI:
2861 ```
2862 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2863 ```
2864 Value (string):
2865 ```
2866 <enabled/> or <disabled/>
2867 ```
2868 #### macOS
2869 ```
2870 <dict>
2871 <key>ExtensionUpdate</key>
2872 <true/> | <false/>
2873 </dict>
2874 ```
2875 #### policies.json
2876 ```
2877 {
2878 "policies": {
2879 "ExtensionUpdate": true | false
2880 }
2881 }
2882 ```
2883 ### FirefoxHome
2884 Customize the Firefox Home page.
2885
2886 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
2887 **CCK2 Equivalent:** N/A\
2888 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
2889
2890 #### Windows (GPO)
2891 ```
2892 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2893 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2894 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
2895 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2896 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2897 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
2898 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2899 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2900 ```
2901 #### Windows (Intune)
2902 OMA-URI:
2903 ```
2904 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2905 ```
2906 Value (string):
2907 ```
2908 <enabled/>
2909 <data id="FirefoxHome_Search" value="true | false"/>
2910 <data id="FirefoxHome_TopSites" value="true | false"/>
2911 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
2912 <data id="FirefoxHome_Highlights" value="true | false"/>
2913 <data id="FirefoxHome_Pocket" value="true | false"/>
2914 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
2915 <data id="FirefoxHome_Snippets" value="true | false"/>
2916 <data id="FirefoxHome_Locked" value="true | false"/>
2917 ```
2918 #### macOS
2919 ```
2920 <dict>
2921 <key>FirefoxHome</key>
2922 <dict>
2923 <key>Search</key>
2924 <true/> | <false/>
2925 <key>TopSites</key>
2926 <true/> | <false/>
2927 <key>SponsoredTopSites</key>
2928 <true/> | <false/>
2929 <key>Highlights</key>
2930 <true/> | <false/>
2931 <key>Pocket</key>
2932 <true/> | <false/>
2933 <key>SponsoredPocket</key>
2934 <true/> | <false/>
2935 <key>Snippets</key>
2936 <true/> | <false/>
2937 <key>Locked</key>
2938 <true/> | <false/>
2939 </dict>
2940 </dict>
2941 ```
2942 #### policies.json
2943 ```
2944 {
2945 "policies": {
2946 "FirefoxHome": {
2947 "Search": true | false,
2948 "TopSites": true | false,
2949 "SponsoredTopSites": true | false,
2950 "Highlights": true | false,
2951 "Pocket": true | false,
2952 "SponsoredPocket": true | false,
2953 "Snippets": true | false,
2954 "Locked": true | false
2955 }
2956 }
2957 }
2958 ```
2959 ### FlashPlugin (Deprecated)
2960 Configure the default Flash plugin policy as well as origins for which Flash is allowed.
2961
2962 `Allow` is a list of origins where Flash are allowed.
2963
2964 `Block` is a list of origins where Flash is not allowed.
2965
2966 `Default` determines whether or not Flash is allowed by default.
2967
2968 `Locked` prevents the user from changing Flash preferences.
2969
2970 **Compatibility:** Firefox 60, Firefox ESR 60\
2971 **CCK2 Equivalent:** `permissions.plugin`\
2972 **Preferences Affected:** `plugin.state.flash`
2973
2974 #### Windows (GPO)
2975 ```
2976 Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org"
2977 Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu"
2978 Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
2979 Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
2980 ```
2981 #### Windows (Intune)
2982 OMA-URI:
2983 ```
2984 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow
2985 ```
2986 Value (string):
2987 ```
2988 <enabled/>
2989 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
2990 ```
2991 OMA-URI:
2992 ```
2993 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked
2994 ```
2995 Value (string):
2996 ```
2997 <enabled/> or <disabled/>
2998 ```
2999 OMA-URI:
3000 ```
3001 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default
3002 ```
3003 Value (string):
3004 ```
3005 <enabled/> or <disabled/>
3006 ```
3007 #### macOS
3008 ```
3009 <dict>
3010 <key>FlashPlugin</key>
3011 <dict>
3012 <key>Allow</key>
3013 <array>
3014 <string>http://example.org</string>
3015 </array>
3016 <key>Block</key>
3017 <array>
3018 <string>http://example.edu</string>
3019 </array>
3020 <key>Default</key>
3021 <true/> | <false/>
3022 <key>Locked</key>
3023 <true/> | <false/>
3024 </dict>
3025 </dict>
3026 ```
3027 #### policies.json
3028 ```
3029 {
3030 "policies": {
3031 "FlashPlugin": {
3032 "Allow": ["http://example.org/"],
3033 "Block": ["http://example.edu/"],
3034 "Default": true | false,
3035 "Locked": true | false
3036 }
3037 }
3038 }
3039 ```
3040 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3041 Whether to always go through the DNS server before sending a single word search string to a search engine.
3042
3043 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3044
3045 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3046
3047 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3048
3049 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3050
3051 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3052
3053 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3054 **CCK2 Equivalent:** `N/A`\
3055 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3056
3057 #### Windows (GPO)
3058 ```
3059 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3060 ```
3061 #### Windows (Intune)
3062 OMA-URI:
3063 ```
3064 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3065 ```
3066 Value (string):
3067 ```
3068 <enabled/> or <disabled/>
3069 ```
3070 #### macOS
3071 ```
3072 <dict>
3073 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3074 <true/> | <false/>
3075 </dict>
3076 ```
3077 #### policies.json
3078 ```
3079 {
3080 "policies": {
3081 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3082 }
3083 }
3084 ```
3085 ### Handlers
3086 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3087
3088 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3089
3090 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3091
3092 | Name | Description |
3093 | --- | --- |
3094 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3095 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3096 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3097 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3098 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3099 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3100
3101 **Compatibility:** Firefox 78, Firefox ESR 78\
3102 **CCK2 Equivalent:** N/A\
3103 **Preferences Affected:** N/A
3104
3105 #### Windows (GPO)
3106 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3107 ```
3108 {
3109 "mimeTypes": {
3110 "application/msword": {
3111 "action": "useSystemDefault",
3112 "ask": true | false
3113 }
3114 },
3115 "schemes": {
3116 "mailto": {
3117 "action": "useHelperApp",
3118 "ask": true | false,
3119 "handlers": [{
3120 "name": "Gmail",
3121 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3122 }]
3123 }
3124 },
3125 "extensions": {
3126 "pdf": {
3127 "action": "useHelperApp",
3128 "ask": true | false,
3129 "handlers": [{
3130 "name": "Adobe Acrobat",
3131 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3132 }]
3133 }
3134 }
3135 }
3136 ```
3137 #### Windows (Intune)
3138 OMA-URI:
3139 ```
3140 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3141 ```
3142 Value (string):
3143 ```
3144 <enabled/>
3145 <data id="Handlers" value='
3146 {
3147 "mimeTypes": {
3148 "application/msword": {
3149 "action": "useSystemDefault",
3150 "ask": true | false
3151 }
3152 },
3153 "schemes": {
3154 "mailto": {
3155 "action": "useHelperApp",
3156 "ask": true | false,
3157 "handlers": [{
3158 "name": "Gmail",
3159 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3160 }]
3161 }
3162 },
3163 "extensions": {
3164 "pdf": {
3165 "action": "useHelperApp",
3166 "ask": true | false,
3167 "handlers": [{
3168 "name": "Adobe Acrobat",
3169 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3170 }]
3171 }
3172 }
3173 }
3174 '/>
3175 ```
3176 #### macOS
3177 ```
3178 <dict>
3179 <key>Handlers</key>
3180 <dict>
3181 <key>mimeTypes</key>
3182 <dict>
3183 <key>application/msword</key>
3184 <dict>
3185 <key>action</key>
3186 <string>useSystemDefault</string>
3187 <key>ask</key>
3188 <true/> | <false/>
3189 </dict>
3190 </dict>
3191 <key>schemes</key>
3192 <dict>
3193 <key>mailto</key>
3194 <dict>
3195 <key>action</key>
3196 <string>useHelperApp</string>
3197 <key>ask</key>
3198 <true/> | <false/>
3199 <key>handlers</key>
3200 <array>
3201 <dict>
3202 <key>name</key>
3203 <string>Gmail</string>
3204 <key>uriTemplate</key>
3205 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3206 </dict>
3207 </array>
3208 </dict>
3209 </dict>
3210 <key>extensions</key>
3211 <dict>
3212 <key>pdf</key>
3213 <dict>
3214 <key>action</key>
3215 <string>useHelperApp</string>
3216 <key>ask</key>
3217 <true/> | <false/>
3218 <key>handlers</key>
3219 <array>
3220 <dict>
3221 <key>name</key>
3222 <string>Adobe Acrobat</string>
3223 <key>path</key>
3224 <string>/System/Applications/Preview.app</string>
3225 </dict>
3226 </array>
3227 </dict>
3228 </dict>
3229 </dict>
3230 </dict>
3231 ```
3232 #### policies.json
3233 ```
3234 {
3235 "policies": {
3236 "Handlers": {
3237 "mimeTypes": {
3238 "application/msword": {
3239 "action": "useSystemDefault",
3240 "ask": false
3241 }
3242 },
3243 "schemes": {
3244 "mailto": {
3245 "action": "useHelperApp",
3246 "ask": true | false,
3247 "handlers": [{
3248 "name": "Gmail",
3249 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3250 }]
3251 }
3252 },
3253 "extensions": {
3254 "pdf": {
3255 "action": "useHelperApp",
3256 "ask": true | false,
3257 "handlers": [{
3258 "name": "Adobe Acrobat",
3259 "path": "/usr/bin/acroread"
3260 }]
3261 }
3262 }
3263 }
3264 }
3265 }
3266 ```
3267 ### HardwareAcceleration
3268 Control hardware acceleration.
3269
3270 **Compatibility:** Firefox 60, Firefox ESR 60\
3271 **CCK2 Equivalent:** N/A\
3272 **Preferences Affected:** `layers.acceleration.disabled`
3273
3274 #### Windows (GPO)
3275 ```
3276 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3277 ```
3278 #### Windows (Intune)
3279 OMA-URI:
3280 ```
3281 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3282 ```
3283 Value (string):
3284 ```
3285 <enabled/> or <disabled/>
3286 ```
3287 #### macOS
3288 ```
3289 <dict>
3290 <key>HardwareAcceleration</key>
3291 <true/> | <false/>
3292 </dict>
3293 ```
3294 #### policies.json
3295 ```
3296 {
3297 "policies": {
3298 "HardwareAcceleration": true | false
3299 }
3300 }
3301 ```
3302 ### Homepage
3303 Configure the default homepage and how Firefox starts.
3304
3305 `URL` is the default homepage.
3306
3307 `Locked` prevents the user from changing homepage preferences.
3308
3309 `Additional` allows for more than one homepage.
3310
3311 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3312
3313 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3314
3315 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3316 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3317 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3318
3319 #### Windows (GPO)
3320 ```
3321 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3322 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3323 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3324 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3325 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3326 ```
3327 #### Windows (Intune)
3328 OMA-URI:
3329 ```
3330 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3331 ```
3332 Value (string):
3333 ```
3334 <enabled/>
3335
3336 <data id="HomepageURL" value="https://example.com"/>
3337 <data id="HomepageLocked" value="true | false"/>
3338 ```
3339 OMA-URI:
3340 ```
3341 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3342 ```
3343 Value (string):
3344 ```
3345 <enabled/>
3346
3347 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3348 ```
3349 OMA-URI:
3350 ```
3351 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3352 ```
3353 Value (string):
3354 ```
3355 <enabled/>
3356
3357 <data id="StartPage" value="none | homepage | previous-session"/>
3358 ```
3359 #### macOS
3360 ```
3361 <dict>
3362 <key>Homepage</key>
3363 <dict>
3364 <key>URL</key>
3365 <string>http://example.com</string>
3366 <key>Locked</key>
3367 <true/> | <false/>
3368 <key>Additional</key>
3369 <array>
3370 <string>http://example.org</string>
3371 <string>http://example.edu</string>
3372 </array>
3373 <key>StartPage</key>
3374 <string>none | homepage | previous-session | homepage-locked</string>
3375 </dict>
3376 </dict>
3377 ```
3378 #### policies.json
3379 ```
3380 {
3381 "policies": {
3382 "Homepage": {
3383 "URL": "http://example.com/",
3384 "Locked": true | false,
3385 "Additional": ["http://example.org/",
3386 "http://example.edu/"],
3387 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3388 }
3389 }
3390 }
3391 ```
3392 ### InstallAddonsPermission
3393 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3394
3395 `Allow` is a list of origins where extension installs are allowed.
3396
3397 `Default` determines whether or not extension installs are allowed by default.
3398
3399 **Compatibility:** Firefox 60, Firefox ESR 60\
3400 **CCK2 Equivalent:** `permissions.install`\
3401 **Preferences Affected:** `xpinstall.enabled`
3402
3403 #### Windows (GPO)
3404 ```
3405 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3406 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3407 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3408 ```
3409 #### Windows (Intune)
3410 OMA-URI:
3411 ```
3412 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3413 ```
3414 Value (string):
3415 ```
3416 <enabled/>
3417 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3418 ```
3419 OMA-URI:
3420 ```
3421 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3422 ```
3423 Value (string):
3424 ```
3425 <enabled/>
3426 ```
3427 #### macOS
3428 ```
3429 <dict>
3430 <key>InstallAddonsPermission</key>
3431 <dict>
3432 <key>Allow</key>
3433 <array>
3434 <string>http://example.org</string>
3435 <string>http://example.edu</string>
3436 </array>
3437 <key>Default</key>
3438 <true/> | <false/>
3439 </dict>
3440 </dict>
3441 ```
3442 #### policies.json
3443 ```
3444 {
3445 "policies": {
3446 "InstallAddonsPermission": {
3447 "Allow": ["http://example.org/",
3448 "http://example.edu/"],
3449 "Default": true | false
3450 }
3451 }
3452 }
3453 ```
3454 ### LegacyProfiles
3455 Disable the feature enforcing a separate profile for each installation.
3456
3457 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3458
3459 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3460
3461 This policy only work on Windows via GPO (not policies.json).
3462
3463 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3464 **CCK2 Equivalent:** N/A\
3465 **Preferences Affected:** N/A
3466
3467 #### Windows (GPO)
3468 ```
3469 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3470 ```
3471 #### Windows (Intune)
3472 OMA-URI:
3473 ```
3474 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3475 ```
3476 Value (string):
3477 ```
3478 <enabled/> or <disabled/>
3479 ```
3480 ### LegacySameSiteCookieBehaviorEnabled
3481 Enable default legacy SameSite cookie behavior setting.
3482
3483 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3484
3485 **Compatibility:** Firefox 96\
3486 **CCK2 Equivalent:** N/A\
3487 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3488
3489 #### Windows (GPO)
3490 ```
3491 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3492 ```
3493 #### Windows (Intune)
3494 OMA-URI:
3495 ```
3496 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3497 ```
3498 Value (string):
3499 ```
3500 <enabled/> or <disabled/>
3501 ```
3502 #### macOS
3503 ```
3504 <dict>
3505 <key>LegacySameSiteCookieBehaviorEnabled</key>
3506 <true/> | <false/>
3507 </dict>
3508 ```
3509 #### policies.json
3510 ```
3511 {
3512 "policies": {
3513 "LegacySameSiteCookieBehaviorEnabled": true | false
3514 }
3515 ```
3516 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3517 Revert to legacy SameSite behavior for cookies on specified sites.
3518
3519 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3520
3521 **Compatibility:** Firefox 96\
3522 **CCK2 Equivalent:** N/A\
3523 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3524
3525 #### Windows (GPO)
3526 ```
3527 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3528 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3529 ```
3530 #### Windows (Intune)
3531 OMA-URI:
3532 ```
3533 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3534 ```
3535 Value (string):
3536 ```
3537 <enabled/>
3538 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3539 ```
3540 #### macOS
3541 ```
3542 <dict>
3543 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3544 <array>
3545 <string>example.org</string>
3546 <string>example.edu</string>
3547 </array>
3548 </dict>
3549 ```
3550 #### policies.json
3551 ```
3552 {
3553 "policies": {
3554 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3555 "example.edu"]
3556 }
3557 }
3558 ```
3559 ### LocalFileLinks
3560 Enable linking to local files by origin.
3561
3562 **Compatibility:** Firefox 68, Firefox ESR 68\
3563 **CCK2 Equivalent:** N/A\
3564 **Preferences Affected:** `capability.policy.localfilelinks.*`
3565
3566 #### Windows (GPO)
3567 ```
3568 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3569 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3570 ```
3571 #### Windows (Intune)
3572 OMA-URI:
3573 ```
3574 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3575 ```
3576 Value (string):
3577 ```
3578 <enabled/>
3579 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3580 ```
3581 #### macOS
3582 ```
3583 <dict>
3584 <key>LocalFileLinks</key>
3585 <array>
3586 <string>http://example.org</string>
3587 <string>http://example.edu</string>
3588 </array>
3589 </dict>
3590 ```
3591 #### policies.json
3592 ```
3593 {
3594 "policies": {
3595 "LocalFileLinks": ["http://example.org/",
3596 "http://example.edu/"]
3597 }
3598 }
3599 ```
3600 ### ManagedBookmarks
3601 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3602
3603 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3604
3605 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3606 ```
3607 {
3608 "items": {
3609 "id": "BookmarkType",
3610 "properties": {
3611 "children": {
3612 "items": {
3613 "$ref": "BookmarkType"
3614 },
3615 "type": "array"
3616 },
3617 "name": {
3618 "type": "string"
3619 },
3620 "toplevel_name": {
3621 "type": "string"
3622 },
3623 "url": {
3624 "type": "string"
3625 }
3626 },
3627 "type": "object"
3628 },
3629 "type": "array"
3630 }
3631 ```
3632 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3633 **CCK2 Equivalent:** N/A\
3634 **Preferences Affected:** N/A
3635
3636 #### Windows (GPO)
3637 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3638 ```
3639 [
3640 {
3641 "toplevel_name": "My managed bookmarks folder"
3642 },
3643 {
3644 "url": "example.com",
3645 "name": "Example"
3646 },
3647 {
3648 "name": "Mozilla links",
3649 "children": [
3650 {
3651 "url": "https://mozilla.org",
3652 "name": "Mozilla.org"
3653 },
3654 {
3655 "url": "https://support.mozilla.org/",
3656 "name": "SUMO"
3657 }
3658 ]
3659 }
3660 ]
3661 ```
3662 #### Windows (Intune)
3663 OMA-URI:
3664 ```
3665 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3666 ```
3667 Value (string):
3668 ```
3669 <enabled/>
3670 <data id="JSON" value='
3671 [
3672 {
3673 "toplevel_name": "My managed bookmarks folder"
3674 },
3675 {
3676 "url": "example.com",
3677 "name": "Example"
3678 },
3679 {
3680 "name": "Mozilla links",
3681 "children": [
3682 {
3683 "url": "https://mozilla.org",
3684 "name": "Mozilla.org"
3685 },
3686 {
3687 "url": "https://support.mozilla.org/",
3688 "name": "SUMO"
3689 }
3690 ]
3691 }
3692 ]'/>
3693 ```
3694 #### macOS
3695 ```
3696 <dict>
3697 <key>ManagedBookmarks</key>
3698 <array>
3699 <dict>
3700 <key>toplevel_name</key>
3701 <string>My managed bookmarks folder</string>
3702 <dict>
3703 <key>url</key>
3704 <string>example.com</string>
3705 <key>name</key>
3706 <string>Example</string>
3707 </dict>
3708 <dict>
3709 <key>name</key>
3710 <string>Mozilla links</string>
3711 <key>children</key>
3712 <array>
3713 <dict>
3714 <key>url</key>
3715 <string>https://mozilla.org</string>
3716 <key>name</key>
3717 <string>Mozilla</string>
3718 </dict>
3719 <dict>
3720 <key>url</key>
3721 <string>https://support.mozilla.org/</string>
3722 <key>name</key>
3723 <string>SUMO</string>
3724 </dict>
3725 </array>
3726 </dict>
3727 </array>
3728 </dict>
3729 ```
3730 #### policies.json
3731 ```
3732 {
3733 "policies": {
3734 "ManagedBookmarks": [
3735 {
3736 "toplevel_name": "My managed bookmarks folder"
3737 },
3738 {
3739 "url": "example.com",
3740 "name": "Example"
3741 },
3742 {
3743 "name": "Mozilla links",
3744 "children": [
3745 {
3746 "url": "https://mozilla.org",
3747 "name": "Mozilla.org"
3748 },
3749 {
3750 "url": "https://support.mozilla.org/",
3751 "name": "SUMO"
3752 }
3753 ]
3754 }
3755 ]
3756 }
3757 }
3758 ```
3759 ### ManualAppUpdateOnly
3760
3761 Switch to manual updates only.
3762
3763 If this policy is enabled:
3764 1. The user will never be prompted to install updates
3765 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3766 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3767
3768 This policy is primarily intended for advanced end users, not for enterprises.
3769
3770 **Compatibility:** Firefox 87\
3771 **CCK2 Equivalent:** N/A\
3772 **Preferences Affected:** N/A
3773
3774 #### policies.json
3775 ```
3776 {
3777 "policies": {
3778 "ManualAppUpdateOnly": true | false
3779 }
3780 }
3781 ```
3782 ### NetworkPrediction
3783 Enable or disable network prediction (DNS prefetching).
3784
3785 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3786 **CCK2 Equivalent:** N/A\
3787 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3788
3789 #### Windows (GPO)
3790 ```
3791 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3792 ```
3793 #### Windows (Intune)
3794 OMA-URI:
3795 ```
3796 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3797 ```
3798 Value (string):
3799 ```
3800 <enabled/> or <disabled/>
3801 ```
3802 #### macOS
3803 ```
3804 <dict>
3805 <key>NetworkPrediction</key>
3806 <true/> | <false/>
3807 </dict>
3808 ```
3809 #### policies.json
3810 ```
3811 {
3812 "policies": {
3813 "NetworkPrediction": true | false
3814 }
3815 ```
3816 ### NewTabPage
3817 Enable or disable the New Tab page.
3818
3819 **Compatibility:** Firefox 68, Firefox ESR 68\
3820 **CCK2 Equivalent:** N/A\
3821 **Preferences Affected:** `browser.newtabpage.enabled`
3822
3823 #### Windows (GPO)
3824 ```
3825 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3826 ```
3827 #### Windows (Intune)
3828 OMA-URI:
3829 ```
3830 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3831 ```
3832 Value (string):
3833 ```
3834 <enabled/> or <disabled/>
3835 ```
3836 #### macOS
3837 ```
3838 <dict>
3839 <key>NewTabPage</key>
3840 <true/> | <false/>
3841 </dict>
3842 ```
3843 #### policies.json
3844 ```
3845 {
3846 "policies": {
3847 "NewTabPage": true | false
3848 }
3849 ```
3850 ### NoDefaultBookmarks
3851 Disable the creation of default bookmarks.
3852
3853 This policy is only effective if the user profile has not been created yet.
3854
3855 **Compatibility:** Firefox 60, Firefox ESR 60\
3856 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3857 **Preferences Affected:** N/A
3858
3859 #### Windows (GPO)
3860 ```
3861 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3862 ```
3863 #### Windows (Intune)
3864 OMA-URI:
3865 ```
3866 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3867 ```
3868 Value (string):
3869 ```
3870 <enabled/> or <disabled/>
3871 ```
3872 #### macOS
3873 ```
3874 <dict>
3875 <key>NoDefaultBookmarks</key>
3876 <true/> | <false/>
3877 </dict>
3878 ```
3879 #### policies.json
3880 ```
3881 {
3882 "policies": {
3883 "NoDefaultBookmarks": true | false
3884 }
3885 }
3886 ```
3887 ### OfferToSaveLogins
3888 Control whether or not Firefox offers to save passwords.
3889
3890 **Compatibility:** Firefox 60, Firefox ESR 60\
3891 **CCK2 Equivalent:** `dontRememberPasswords`\
3892 **Preferences Affected:** `signon.rememberSignons`
3893
3894 #### Windows (GPO)
3895 ```
3896 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3897 ```
3898 #### Windows (Intune)
3899 OMA-URI:
3900 ```
3901 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3902 ```
3903 Value (string):
3904 ```
3905 <enabled/> or <disabled/>
3906 ```
3907 #### macOS
3908 ```
3909 <dict>
3910 <key>OfferToSaveLogins</key>
3911 <true/> | <false/>
3912 </dict>
3913 ```
3914 #### policies.json
3915 ```
3916 {
3917 "policies": {
3918 "OfferToSaveLogins": true | false
3919 }
3920 }
3921 ```
3922 ### OfferToSaveLoginsDefault
3923 Sets the default value of signon.rememberSignons without locking it.
3924
3925 **Compatibility:** Firefox 70, Firefox ESR 60.2\
3926 **CCK2 Equivalent:** `dontRememberPasswords`\
3927 **Preferences Affected:** `signon.rememberSignons`
3928
3929 #### Windows (GPO)
3930 ```
3931 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
3932 ```
3933 #### Windows (Intune)
3934 OMA-URI:
3935 ```
3936 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
3937 ```
3938 Value (string):
3939 ```
3940 <enabled/> or <disabled/>
3941 ```
3942 #### macOS
3943 ```
3944 <dict>
3945 <key>OfferToSaveLoginsDefault</key>
3946 <true/> | <false/>
3947 </dict>
3948 ```
3949 #### policies.json
3950 ```
3951 {
3952 "policies": {
3953 "OfferToSaveLoginsDefault": true | false
3954 }
3955 }
3956 ```
3957 ### OverrideFirstRunPage
3958 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
3959
3960 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
3961
3962 **Compatibility:** Firefox 60, Firefox ESR 60\
3963 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
3964 **Preferences Affected:** `startup.homepage_welcome_url`
3965
3966 #### Windows (GPO)
3967 ```
3968 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
3969 ```
3970 #### Windows (Intune)
3971 OMA-URI:
3972 ```
3973 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
3974 ```
3975 Value (string):
3976 ```
3977 <enabled/>
3978 <data id="OverridePage" value="https://example.com"/>
3979 ```
3980 #### macOS
3981 ```
3982 <dict>
3983 <key>OverrideFirstRunPage</key>
3984 <string>http://example.org</string>
3985 </dict>
3986 ```
3987 #### policies.json
3988 ```
3989 {
3990 "policies": {
3991 "OverrideFirstRunPage": "http://example.org"
3992 }
3993 }
3994 ```
3995 ### OverridePostUpdatePage
3996 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
3997
3998 **Compatibility:** Firefox 60, Firefox ESR 60\
3999 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4000 **Preferences Affected:** `startup.homepage_override_url`
4001
4002 #### Windows (GPO)
4003 ```
4004 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4005 ```
4006 #### Windows (Intune)
4007 OMA-URI:
4008 ```
4009 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4010 ```
4011 Value (string):
4012 ```
4013 <enabled/>
4014 <data id="OverridePage" value="https://example.com"/>
4015 ```
4016 #### macOS
4017 ```
4018 <dict>
4019 <key>OverridePostUpdatePage</key>
4020 <string>http://example.org</string>
4021 </dict>
4022 ```
4023 #### policies.json
4024 ```
4025 {
4026 "policies": {
4027 "OverridePostUpdatePage": "http://example.org"
4028 }
4029 }
4030 ```
4031 ### PasswordManagerEnabled
4032 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4033
4034 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4035 **CCK2 Equivalent:** N/A\
4036 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4037
4038 #### Windows (GPO)
4039 ```
4040 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4041 ```
4042 #### Windows (Intune)
4043 OMA-URI:
4044 ```
4045 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4046 ```
4047 Value (string):
4048 ```
4049 <enabled/> or <disabled/>
4050 ```
4051 #### macOS
4052 ```
4053 <dict>
4054 <key>PasswordManagerEnabled</key>
4055 <true/> | <false/>
4056 </dict>
4057 ```
4058 #### policies.json
4059 ```
4060 {
4061 "policies": {
4062 "PasswordManagerEnabled": true | false
4063 }
4064 }
4065 ```
4066 ### PasswordManagerExceptions
4067 Prevent Firefox from saving passwords for specific sites.
4068
4069 The sites are specified as a list of origins.
4070
4071 **Compatibility:** Firefox 101\
4072 **CCK2 Equivalent:** N/A\
4073 **Preferences Affected:** N/A
4074
4075 #### Windows (GPO)
4076 ```
4077 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4078 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4079 ```
4080 #### Windows (Intune)
4081 OMA-URI:
4082 ```
4083 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4084 ```
4085 Value (string):
4086 ```
4087 <enabled/>
4088 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4089 ```
4090 #### macOS
4091 ```
4092 <dict>
4093 <key>PasswordManagerExceptions</key>
4094 <array>
4095 <string>https://example.org</string>
4096 <string>https://example.edu</string>
4097 </array>
4098 </dict>
4099 ```
4100 #### policies.json
4101 ```
4102 {
4103 "policies": {
4104 "PasswordManagerExceptions": ["https://example.org",
4105 "https://example.edu"]
4106 }
4107 }
4108 ```
4109
4110 ### PDFjs
4111 Disable or configure PDF.js, the built-in PDF viewer.
4112
4113 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4114
4115 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4116
4117 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4118
4119 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4120 **CCK2 Equivalent:** N/A\
4121 **Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
4122
4123 #### Windows (GPO)
4124 ```
4125 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4126 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4127 ```
4128 #### Windows (Intune)
4129 OMA-URI:
4130 ```
4131 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4132 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4133 ```
4134 Value (string):
4135 ```
4136 <enabled/>or <disabled/>
4137 ```
4138 #### macOS
4139 ```
4140 <dict>
4141 <key>PDFjs</key>
4142 <dict>
4143 <key>Enabled</key>
4144 <true/> | <false/>
4145 <key>EnablePermissions</key>
4146 <true/> | <false/>
4147 </dict>
4148 </dict>
4149 ```
4150 #### policies.json
4151 ```
4152 {
4153 "policies": {
4154 "PDFjs": {
4155 "Enabled": true | false,
4156 "EnablePermissions": true | false
4157 }
4158 }
4159 }
4160 ```
4161 ### Permissions
4162 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4163
4164 `Allow` is a list of origins where the feature is allowed.
4165
4166 `Block` is a list of origins where the feature is not allowed.
4167
4168 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4169
4170 `Locked` prevents the user from changing preferences for the feature.
4171
4172 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4173
4174 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4175 **CCK2 Equivalent:** N/A\
4176 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4177
4178 #### Windows (GPO)
4179 ```
4180 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4181 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4182 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4183 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4184 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4185 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4186 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4187 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4188 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4189 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4190 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4191 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4192 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4193 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4194 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4195 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4196 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4197 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4198 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4199 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4200 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4201 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4202 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4203 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4204 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4205 ```
4206 #### Windows (Intune)
4207 OMA-URI:
4208 ```
4209 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4210 ```
4211 Value (string):
4212 ```
4213 <enabled/> or <disabled/>
4214 ```
4215 OMA-URI:
4216 ```
4217 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4218 ```
4219 Value (string):
4220 ```
4221 <enabled/> or <disabled/>
4222 ```
4223 OMA-URI:
4224 ```
4225 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4226 ```
4227 Value (string):
4228 ```
4229 <enabled/>
4230 <data id="Permissions" value="1&#xF000;https://example.org"/>
4231 ```
4232 OMA-URI:
4233 ```
4234 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4235 ```
4236 Value (string):
4237 ```
4238 <enabled/> or <disabled/>
4239 ```
4240 OMA-URI:
4241 ```
4242 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4243 ```
4244 Value (string):
4245 ```
4246 <enabled/> or <disabled/>
4247 ```
4248 OMA-URI:
4249 ```
4250 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4251 ```
4252 Value (string):
4253 ```
4254 <enabled/>
4255 <data id="Permissions" value="1&#xF000;https://example.org"/>
4256 ```
4257 OMA-URI:
4258 ```
4259 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4260 ```
4261 Value (string):
4262 ```
4263 <enabled/>
4264 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4265 ```
4266 OMA-URI:
4267 ```
4268 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4269 ```
4270 Value (string):
4271 ```
4272 <enabled/>
4273 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4274 ```
4275 OMA-URI:
4276 ```
4277 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4278 ```
4279 Value (string):
4280 ```
4281 <enabled/> or <disabled/>
4282 ```
4283 OMA-URI:
4284 ```
4285 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4286 ```
4287 Value (string):
4288 ```
4289 <enabled/>
4290 <data id="Permissions" value="1&#xF000;https://example.org"/>
4291 ```
4292 OMA-URI:
4293 ```
4294 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4295 ```
4296 Value (string):
4297 ```
4298 <enabled/>
4299 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4300 ```
4301 OMA-URI:
4302 ```
4303 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4304 ```
4305 Value (string):
4306 ```
4307 <enabled/> or <disabled/>
4308 ```
4309 OMA-URI:
4310 ```
4311 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4312 ```
4313 Value (string):
4314 ```
4315 <enabled/> or <disabled/>
4316 ```
4317 #### macOS
4318 ```
4319 <dict>
4320 <key>Permissions</key>
4321 <dict>
4322 <key>Camera</key>
4323 <dict>
4324 <key>Allow</key>
4325 <array>
4326 <string>https://example.org</string>
4327 <string>https://example.org:1234</string>
4328 </array>
4329 <key>Block</key>
4330 <array>
4331 <string>https://example.edu</string>
4332 </array>
4333 <key>BlockNewRequests</key>
4334 <true/> | <false/>
4335 <key>Locked</key>
4336 <true/> | <false/>
4337 </dict>
4338 <key>Microphone</key>
4339 <dict>
4340 <key>Allow</key>
4341 <array>
4342 <string>https://example.org</string>
4343 </array>
4344 <key>Block</key>
4345 <array>
4346 <string>https://example.edu</string>
4347 </array>
4348 <key>BlockNewRequests</key>
4349 <true/> | <false/>
4350 <key>Locked</key>
4351 <true/> | <false/>
4352 </dict>
4353 <key>Location</key>
4354 <dict>
4355 <key>Allow</key>
4356 <array>
4357 <string>https://example.org</string>
4358 </array>
4359 <key>Block</key>
4360 <array>
4361 <string>https://example.edu</string>
4362 </array>
4363 <key>BlockNewRequests</key>
4364 <true/> | <false/>
4365 <key>Locked</key>
4366 <true/> | <false/>
4367 </dict>
4368 <key>Notifications</key>
4369 <dict>
4370 <key>Allow</key>
4371 <array>
4372 <string>https://example.org</string>
4373 </array>
4374 <key>Block</key>
4375 <array>
4376 <string>https://example.edu</string>
4377 </array>
4378 <key>BlockNewRequests</key>
4379 <true/>
4380 <key>Locked</key>
4381 <true/>
4382 </dict>
4383 <key>Autoplay</key>
4384 <dict>
4385 <key>Allow</key>
4386 <array>
4387 <string>https://example.org</string>
4388 </array>
4389 <key>Block</key>
4390 <array>
4391 <string>https://example.edu</string>
4392 </array>
4393 <key>Default</key>
4394 <string>allow-audio-video | block-audio | block-audio-video</string>
4395 <key>Locked</key>
4396 <true/> | <false/>
4397 </dict>
4398 </dict>
4399 </dict>
4400 ```
4401 #### policies.json
4402 ```
4403 {
4404 "policies": {
4405 "Permissions": {
4406 "Camera": {
4407 "Allow": ["https://example.org","https://example.org:1234"],
4408 "Block": ["https://example.edu"],
4409 "BlockNewRequests": true | false,
4410 "Locked": true | false
4411 },
4412 "Microphone": {
4413 "Allow": ["https://example.org"],
4414 "Block": ["https://example.edu"],
4415 "BlockNewRequests": true | false,
4416 "Locked": true | false
4417 },
4418 "Location": {
4419 "Allow": ["https://example.org"],
4420 "Block": ["https://example.edu"],
4421 "BlockNewRequests": true | false,
4422 "Locked": true | false
4423 },
4424 "Notifications": {
4425 "Allow": ["https://example.org"],
4426 "Block": ["https://example.edu"],
4427 "BlockNewRequests": true | false,
4428 "Locked": true | false
4429 },
4430 "Autoplay": {
4431 "Allow": ["https://example.org"],
4432 "Block": ["https://example.edu"],
4433 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4434 "Locked": true | false
4435 }
4436 }
4437 }
4438 }
4439 ```
4440 ### PictureInPicture
4441
4442 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4443
4444 **Compatibility:** Firefox 78, Firefox ESR 78\
4445 **CCK2 Equivalent:** N/A\
4446 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4447
4448 #### Windows (GPO)
4449 ```
4450 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4451 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4452
4453 ```
4454 #### Windows (Intune)
4455 OMA-URI:
4456 ```
4457 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4458 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4459 ```
4460 Value (string):
4461 ```
4462 <enabled/> or <disabled/>
4463 ```
4464 #### macOS
4465 ```
4466 <dict>
4467 <key>PictureInPicture</key>
4468 <dict>
4469 <key>Enabled</key>
4470 <true/> | <false/>
4471 <key>Locked</key>
4472 <true/> | <false/>
4473 </dict>
4474 </dict>
4475 ```
4476 #### policies.json
4477 ```
4478 {
4479 "policies": {
4480 "PictureInPicture": {
4481 "Enabled": true | false,
4482 "Locked": true | false
4483 }
4484 }
4485 }
4486 ```
4487 ### PopupBlocking
4488 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4489
4490 `Allow` is a list of origins where popup-windows are allowed.
4491
4492 `Default` determines whether or not pop-up windows are allowed by default.
4493
4494 `Locked` prevents the user from changing pop-up preferences.
4495
4496 **Compatibility:** Firefox 60, Firefox ESR 60\
4497 **CCK2 Equivalent:** `permissions.popup`\
4498 **Preferences Affected:** `dom.disable_open_during_load`
4499
4500 #### Windows (GPO)
4501 ```
4502 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4503 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4504 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4505 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4506 ```
4507 #### Windows (Intune)
4508 OMA-URI:
4509 ```
4510 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4511 ```
4512 Value (string):
4513 ```
4514 <enabled/>
4515 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4516 ```
4517 OMA-URI:
4518 ```
4519 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4520 ```
4521 Value (string):
4522 ```
4523 <enabled/> or <disabled/>
4524 ```
4525 OMA-URI:
4526 ```
4527 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4528 ```
4529 Value (string):
4530 ```
4531 <enabled/> or <disabled/>
4532 ```
4533 #### macOS
4534 ```
4535 <dict>
4536 <key>PopupBlocking</key>
4537 <dict>
4538 <key>Allow</key>
4539 <array>
4540 <string>http://example.org</string>
4541 <string>http://example.edu</string>
4542 </array>
4543 <key>Default</key>
4544 <true/> | <false/>
4545 <key>Locked</key>
4546 <true/> | <false/>
4547 </dict>
4548 </dict>
4549 ```
4550 #### policies.json
4551 ```
4552 {
4553 "policies": {
4554 "PopupBlocking": {
4555 "Allow": ["http://example.org/",
4556 "http://example.edu/"],
4557 "Default": true | false,
4558 "Locked": true | false
4559 }
4560 }
4561 }
4562 ```
4563 ### Preferences
4564 Set and lock preferences.
4565
4566 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section.
4567
4568 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4569
4570 Preferences that start with the following prefixes are supported:
4571 ```
4572 accessibility.
4573 app.update.* (Firefox 86, Firefox 78.8)
4574 browser.
4575 datareporting.policy.
4576 dom.
4577 extensions.
4578 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4579 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4580 geo.
4581 gfx.
4582 intl.
4583 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4584 layers.
4585 layout.
4586 media.
4587 network.
4588 pdfjs. (Firefox 84, Firefox ESR 78.6)
4589 places.
4590 print.
4591 signon. (Firefox 83, Firefox ESR 78.5)
4592 spellchecker. (Firefox 84, Firefox ESR 78.6)
4593 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4594 ui.
4595 widget.
4596 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4597 ```
4598 as well as the following security preferences:
4599 | Preference | Type | Default
4600 | --- | --- | ---
4601 | security.default_personal_cert | string | Ask Every Time
4602 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4603 | security.insecure_connection_text.enabled | bool | false
4604 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4605 | security.insecure_connection_text.pbmode.enabled | bool | false
4606 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4607 | security.insecure_field_warning.contextual.enabled | bool | true
4608 | &nbsp;&nbsp;&nbsp;&nbsp;If set to false, remove the warning for inscure login fields.
4609 | security.mixed_content.block_active_content | boolean | true
4610 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4611 | security.osclientcerts.autoload | boolean | false
4612 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4613 | security.ssl.errorReporting.enabled | boolean | true
4614 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4615 | security.tls.enable_0rtt_data | boolean | true
4616 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
4617 | security.tls.hello_downgrade_check | boolean | true
4618 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4619 | security.tls.version.enable-deprecated | boolean | false
4620 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
4621 | security.warn_submit_secure_to_insecure | boolean | true
4622 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4623 &nbsp;
4624
4625 Using the preference as the key, set the `Value` to the corresponding preference value.
4626
4627 `Status` can be "default", "locked", "user" or "clear"
4628
4629 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4630 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4631 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4632 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4633
4634 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4635
4636 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4637
4638 See the examples below for more detail.
4639
4640 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4641
4642 Status
4643 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4644 **CCK2 Equivalent:** `preferences`\
4645 **Preferences Affected:** Many
4646
4647 #### Windows (GPO)
4648 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4649 ```
4650 {
4651 "accessibility.force_disabled": {
4652 "Value": 1,
4653 "Status": "default"
4654 },
4655 "browser.cache.disk.parent_directory": {
4656 "Value": "SOME_NATIVE_PATH",
4657 "Status": "user"
4658 },
4659 "browser.tabs.warnOnClose": {
4660 "Value": false,
4661 "Status": "locked"
4662 }
4663 }
4664 ```
4665 #### Windows (Intune)
4666 OMA-URI:
4667 ```
4668 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4669 ```
4670 Value (string):
4671 ```
4672 <enabled/>
4673 <data id="JSON" value='
4674 {
4675 "accessibility.force_disabled": {
4676 "Value": 1,
4677 "Status": "default"
4678 },
4679 "browser.cache.disk.parent_directory": {
4680 "Value": "SOME_NATIVE_PATH",
4681 "Status": "user"
4682 },
4683 "browser.tabs.warnOnClose": {
4684 "Value": false,
4685 "Status": "locked"
4686 }
4687 }'/>
4688 ```
4689 #### macOS
4690 ```
4691 <dict>
4692 <key>Preferences</key>
4693 <dict>
4694 <key>accessibility.force_disabled</key>
4695 <dict>
4696 <key>Value</key>
4697 <integer>1</integer>
4698 <key>Status</key>
4699 <string>default</string>
4700 </dict>
4701 <key>browser.cache.disk.parent_directory</key>
4702 <dict>
4703 <key>Value</key>
4704 <string>SOME_NATIVE_PATH</string>
4705 <key>Status</key>
4706 <string>user</string>
4707 </dict>
4708 <key>browser.tabs.warnOnClose</key>
4709 <dict>
4710 <key>Value</key>
4711 <false/>
4712 <key>Status</key>
4713 <string>locked</string>
4714 </dict>
4715 </dict>
4716 </dict>
4717 ```
4718 #### policies.json
4719 ```
4720 {
4721 "policies": {
4722 "Preferences": {
4723 "accessibility.force_disabled": {
4724 "Value": 1,
4725 "Status": "default"
4726 },
4727 "browser.cache.disk.parent_directory": {
4728 "Value": "SOME_NATIVE_PATH",
4729 "Status": "user"
4730 },
4731 "browser.tabs.warnOnClose": {
4732 "Value": false,
4733 "Status": "locked"
4734 }
4735 }
4736 }
4737 }
4738 ```
4739 ### Preferences (Deprecated)
4740 Set and lock certain preferences.
4741
4742 **Compatibility:** See below\
4743 **CCK2 Equivalent:** `preferences`\
4744 **Preferences Affected:** See below
4745
4746 | Preference | Type | Compatibility | Default
4747 | --- | --- | --- | ---
4748 | accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
4749 | &nbsp;&nbsp;&nbsp;&nbsp;If set to 1, platform accessibility is disabled.
4750 | app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
4751 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Firefox doesn't automatically install update.
4752 | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false
4753 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are exported on shutdown.
4754 | browser.bookmarks.file | string | Firefox 70, Firefox ESR 68.2 | N/A
4755 | &nbsp;&nbsp;&nbsp;&nbsp;If set, the name of the file where bookmarks are exported and imported.
4756 | browser.bookmarks.restore_default_bookmarks | boolean | Firefox 70, Firefox ESR 68.2 | N/A
4757 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are restored to their defaults.
4758 | browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true
4759 | &nbsp;&nbsp;&nbsp;&nbsp;If false, don't store cache on the hard drive.
4760 | ~browser.cache.disk.parent_directory~ | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
4761 | &nbsp;&nbsp;&nbsp;&nbsp;~If set, changes the location of the disk cache.~ This policy doesn't work. It's being worked on.
4762 | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
4763 | &nbsp;&nbsp;&nbsp;&nbsp;If true, single words are sent to DNS, not directly to search.
4764 | browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent
4765 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page. Due to Firefox limitations, search sites can't be added. In addition, sites with the same name but different TLDs (example.org/example.com) will not display properly.
4766 | browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
4767 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are always imported on startup.
4768 | browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4769 | &nbsp;&nbsp;&nbsp;&nbsp;If false, phishing protection is not enabled (Not recommended)
4770 | browser.safebrowsing.malware.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4771 | &nbsp;&nbsp;&nbsp;&nbsp;If false, malware protection is not enabled (Not recommended)
4772 | browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true
4773 | &nbsp;&nbsp;&nbsp;&nbsp;If false, updates for search engines are not checked.
4774 | browser.slowStartup.notificationDisabled | boolean | Firefox 70, Firefox ESR 68.2 | false
4775 | &nbsp;&nbsp;&nbsp;&nbsp;If true, a notification isn't shown if startup is slow.
4776 | browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true
4777 | &nbsp;&nbsp;&nbsp;&nbsp;If false, there is no warning when the browser is closed.
4778 | browser.taskbar.previews.enable | boolean | Firefox 70, Firefox ESR 68.2 (Windows only) | false
4779 | &nbsp;&nbsp;&nbsp;&nbsp;If true, tab previews are shown in the Windows taskbar.
4780 | browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true
4781 | &nbsp;&nbsp;&nbsp;&nbsp;If false, bookmarks aren't suggested when typing in the URL bar.
4782 | browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true
4783 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history isn't suggested when typing in the URL bar.
4784 | browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true
4785 | &nbsp;&nbsp;&nbsp;&nbsp;If false, open tabs aren't suggested when typing in the URL bar.
4786 | datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false
4787 | &nbsp;&nbsp;&nbsp;&nbsp;If true, don't show the privacy policy tab on first run.
4788 | dom.allow_scripts_to_close_windows | boolean | Firefox 70, Firefox ESR 68.2 | false
4789 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web page can close windows.
4790 | dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true
4791 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can focus and activate windows.
4792 | dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false
4793 | &nbsp;&nbsp;&nbsp;&nbsp;If true, web pages can't move or resize windows.
4794 | dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4795 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can't override context menus.
4796 | dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A
4797 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4798 | dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
4799 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4800 | dom.xmldocument.load.enabled | boolean | Firefox ESR 68.5 | true.
4801 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.load is not available.
4802 | dom.xmldocument.async.enabled | boolean | Firefox ESR 68.5 | true
4803 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.async is not available.
4804 | extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4805 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the extensions blocklist is not used (Not recommended)
4806 | extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
4807 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Recommendations tab is not displayed in the Add-ons Manager.
4808 | extensions.htmlaboutaddons.recommendations.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4809 | &nbsp;&nbsp;&nbsp;&nbsp;If false, recommendations are not shown on the Extensions tab in the Add-ons Manager.
4810 | geo.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4811 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the geolocation API is disabled. | Language dependent
4812 | intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
4813 | &nbsp;&nbsp;&nbsp;&nbsp;If set, preferred language for web pages.
4814 | media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true
4815 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Encrypted Media Extensions are not enabled.
4816 | media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4817 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the OpenH264 plugin is not downloaded.
4818 | media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4819 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Widevine plugin is not downloaded.
4820 | media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4821 | &nbsp;&nbsp;&nbsp;&nbsp;If false, WebRTC is disabled
4822 | media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) | string | Firefox 72, Firefox ESR 68.4 | N/A
4823 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4824 disabled
4825 | media.peerconnection.ice.obfuscate_host_addresses.blocklist | string | Firefox 79, Firefox ESR 78.1 | N/A
4826 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4827 disabled
4828 | network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
4829 | &nbsp;&nbsp;&nbsp;&nbsp;If true, IPv6 DNS lokoups are disabled.
4830 | network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false
4831 | &nbsp;&nbsp;&nbsp;&nbsp;If true, display the punycode version of internationalized domain names.
4832 | places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4833 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history is not enabled.
4834 | print.save_print_settings | boolean | Firefox 70, Firefox ESR 68.2 | true
4835 | &nbsp;&nbsp;&nbsp;&nbsp;If false, print settings are not saved between jobs.
4836 | security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time
4837 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4838 | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
4839 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4840 | security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false
4841 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4842 | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4843 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4844 | security.tls.hello_downgrade_check | boolean | Firefox 72, Firefox ESR 68.4 | true
4845 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4846 | ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true
4847 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Alt key doesn't show the menubar on Windows.
4848 | widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A
4849 | &nbsp;&nbsp;&nbsp;&nbsp;If set, overrides the GTK theme for widgets.
4850 #### Windows (GPO)
4851 ```
4852 Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
4853 Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value"
4854 ```
4855 #### Windows (Intune)
4856 OMA-URI: (periods are replaced by underscores)
4857 ```
4858 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name
4859 ```
4860 Value (string):
4861 ```
4862 <enabled/> or <disabled/>
4863 ```
4864 OMA-URI: (periods are replaced by underscores)
4865 ```
4866 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/string_preference_name
4867 ```
4868 Value (string):
4869 ```
4870 <enabled/>
4871 <data id="Preferences_String" value="string_value"/>
4872 ```
4873 #### macOS
4874 ```
4875 <dict>
4876 <key>Preferences</key>
4877 <dict>
4878 <key>boolean_preference_name</key>
4879 <true/> | <false/>
4880 <key>string_preference_name</key>
4881 <string>string_value</string>
4882 </dict>
4883 </dict>
4884 ```
4885 #### policies.json
4886 ```
4887 {
4888 "policies": {
4889 "Preferences": {
4890 "boolean_preference_name": true | false,
4891 "string_preference_name": "string_value"
4892 }
4893 }
4894 }
4895 ```
4896 ### PrimaryPassword
4897 Require or prevent using a primary (formerly master) password.
4898
4899 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4900
4901 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4902
4903 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4904 **CCK2 Equivalent:** `noMasterPassword`\
4905 **Preferences Affected:** N/A
4906
4907 #### Windows (GPO)
4908 ```
4909 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
4910 ```
4911 #### Windows (Intune)
4912 OMA-URI:
4913 ```
4914 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
4915 ```
4916 Value (string):
4917 ```
4918 <enabled/> or <disabled/>
4919 ```
4920 #### macOS
4921 ```
4922 <dict>
4923 <key>PrimaryPassword</key>
4924 <true/> | <false/>
4925 </dict>
4926 ```
4927 #### policies.json
4928 ```
4929 {
4930 "policies": {
4931 "PrimaryPassword": true | false
4932 }
4933 }
4934 ```
4935 ### PromptForDownloadLocation
4936 Ask where to save each file before downloading.
4937
4938 **Compatibility:** Firefox 68, Firefox ESR 68\
4939 **CCK2 Equivalent:** N/A\
4940 **Preferences Affected:** `browser.download.useDownloadDir`
4941
4942 #### Windows (GPO)
4943 ```
4944 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
4945 ```
4946 #### Windows (Intune)
4947 OMA-URI:
4948 ```
4949 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
4950 ```
4951 Value (string):
4952 ```
4953 <enabled/> or <disabled/>
4954 ```
4955 #### macOS
4956 ```
4957 <dict>
4958 <key>PromptForDownloadLocation</key>
4959 <true/> | <false/>
4960 </dict>
4961 ```
4962 #### policies.json
4963 ```
4964 {
4965 "policies": {
4966 "PromptForDownloadLocation": true | false
4967 }
4968 }
4969 ```
4970 ### Proxy
4971 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
4972 To specify ports, append them to the hostnames with a colon (:).
4973
4974 Unless you lock this policy, changes the user already has in place will take effect.
4975
4976 `Mode` is the proxy method being used.
4977
4978 `Locked` is whether or not proxy settings can be changed.
4979
4980 `HTTPProxy` is the HTTP proxy server.
4981
4982 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
4983
4984 `SSLProxy` is the SSL proxy server.
4985
4986 `FTPProxy` is the FTP proxy server.
4987
4988 `SOCKSProxy` is the SOCKS proxy server
4989
4990 `SOCKSVersion` is the SOCKS version (4 or 5)
4991
4992 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
4993
4994 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
4995
4996 `AutoLogin` means do not prompt for authentication if password is saved.
4997
4998 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
4999
5000 **Compatibility:** Firefox 60, Firefox ESR 60\
5001 **CCK2 Equivalent:** `networkProxy*`\
5002 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5003
5004 #### Windows (GPO)
5005 ```
5006 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5007 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5008 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
5009 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5010 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5011 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5012 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5013 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5014 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5015 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5016 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5017 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5018 ```
5019 #### Windows (Intune)
5020 **Note**
5021 These setttings were moved to a category to make them easier to configure via Intune.
5022
5023 OMA-URI:
5024 ```
5025 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5026 ```
5027 Value (string):
5028 ```
5029 <enabled/> or <disabled/>
5030 ```
5031 OMA-URI:
5032 ```
5033 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5034 ```
5035 Value (string):
5036 ```
5037 <enabled/>
5038 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5039 ```
5040 OMA-URI:
5041 ```
5042 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5043 ```
5044 Value (string):
5045 ```
5046 <enabled/>
5047 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5048 ```
5049 OMA-URI:
5050 ```
5051 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5052 ```
5053 Value (string):
5054 ```
5055 <enabled/> or <disabled/>
5056 ```
5057 OMA-URI:
5058 ```
5059 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5060 ```
5061 Value (string):
5062 ```
5063 <enabled/>
5064 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5065 ```
5066 OMA-URI:
5067 ```
5068 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5069 ```
5070 Value (string):
5071 ```
5072 <enabled/>
5073 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5074 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5075 ```
5076 OMA-URI:
5077 ```
5078 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5079 ```
5080 Value (string):
5081 ```
5082 <enabled/>
5083 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5084 ```
5085 OMA-URI:
5086 ```
5087 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5088 ```
5089 Value (string):
5090 ```
5091 <enabled/>
5092 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5093 ```
5094 OMA-URI:
5095 ```
5096 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5097 ```
5098 Value (string):
5099 ```
5100 <enabled/> or <disabled/>
5101 ```
5102 OMA-URI:
5103 ```
5104 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5105 ```
5106 Value (string):
5107 ```
5108 <enabled/> or <disabled/>
5109 ```
5110 OMA-URI (Old way):
5111 ```
5112 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5113 ```
5114 Value (string):
5115 ```
5116 <enabled/>
5117 <data id="ProxyLocked" value="true | false"/>
5118 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5119 <data id="HTTPProxy" value="httpproxy.example.com"/>
5120 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5121 <data id="SSLProxy" value="sslproxy.example.com"/>
5122 <data id="FTPProxy" value="ftpproxy.example.com"/>
5123 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5124 <data id="SOCKSVersion" value="4 | 5"/>
5125 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5126 <data id="Passthrough" value="<local>"/>
5127 <data id="AutoLogin" value="true | false"/>
5128 <data id="UseProxyForDNS" value="true | false"/>
5129 ```
5130 #### macOS
5131 ```
5132 <dict>
5133 <key>Proxy</key>
5134 <dict>
5135 <key>Mode</key>
5136 <string>none | system | manual | autoDetect | autoConfig</string>
5137 <key>Locked</key>
5138 <true> | </false>
5139 <key>HTTPProxy</key>
5140 <string>https://httpproxy.example.com</string>
5141 <key>UseHTTPProxyForAllProtocols</key>
5142 <true> | </false>
5143 <key>SSLProxy</key>
5144 <string>https://sslproxy.example.com</string>
5145 <key>FTPProxy</key>
5146 <string>https://ftpproxy.example.com</string>
5147 <key>SOCKSProxy</key>
5148 <string>https://socksproxy.example.com</string>
5149 <key>SOCKSVersion</key>
5150 <string>4 | 5</string>
5151 <key>Passthrough</key>
5152 <string>&lt;local>&gt;</string>
5153 <key>AutoConfigURL</key>
5154 <string>URL_TO_AUTOCONFIG</string>
5155 <key>AutoLogin</key>
5156 <true> | </false>
5157 <key>UseProxyForDNS</key>
5158 <true> | </false>
5159 </dict>
5160 </dict>
5161 ```
5162 #### policies.json
5163 ```
5164 {
5165 "policies": {
5166 "Proxy": {
5167 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5168 "Locked": true | false,
5169 "HTTPProxy": "hostname",
5170 "UseHTTPProxyForAllProtocols": true | false,
5171 "SSLProxy": "hostname",
5172 "FTPProxy": "hostname",
5173 "SOCKSProxy": "hostname",
5174 "SOCKSVersion": 4 | 5,
5175 "Passthrough": "<local>",
5176 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5177 "AutoLogin": true | false,
5178 "UseProxyForDNS": true | false
5179 }
5180 }
5181 }
5182 ```
5183 ### RequestedLocales
5184 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5185
5186 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5187
5188 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5189 **CCK2 Equivalent:** N/A\
5190 **Preferences Affected:** N/A
5191 #### Windows (GPO)
5192 ```
5193 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5194 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5195
5196 or
5197
5198 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5199 ```
5200 #### Windows (Intune)
5201 OMA-URI:
5202 ```
5203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5204 ```
5205 Value (string):
5206 ```
5207 <enabled/>
5208 <data id="Preferences_String" value="de,en-US"/>
5209 ```
5210 #### macOS
5211 ```
5212 <dict>
5213 <key>RequestedLocales</key>
5214 <array>
5215 <string>de</string>
5216 <string>en-US</string>
5217 </array>
5218 </dict>
5219
5220 or
5221
5222 <dict>
5223 <key>RequestedLocales</key>
5224 <string>de,en-US</string>
5225 </dict>
5226
5227 ```
5228 #### policies.json
5229 ```
5230 {
5231 "policies": {
5232 "RequestedLocales": ["de", "en-US"]
5233 }
5234 }
5235
5236 or
5237
5238 {
5239 "policies": {
5240 "RequestedLocales": "de,en-US"
5241 }
5242 }
5243 ```
5244 <a name="SanitizeOnShutdown"></a>
5245
5246 ### SanitizeOnShutdown (Selective)
5247 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5248
5249 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5250
5251 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5252 **CCK2 Equivalent:** N/A\
5253 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5254 #### Windows (GPO)
5255 ```
5256 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5257 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5258 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5259 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5260 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5261 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5262 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5263 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5264 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5265 ```
5266 #### Windows (Intune)
5267 OMA-URI:
5268 ```
5269 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5270 ```
5271 Value (string):
5272 ```
5273 <enabled/> or <disabled/>
5274 ```
5275 OMA-URI:
5276 ```
5277 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5278 ```
5279 Value (string):
5280 ```
5281 <enabled/> or <disabled/>
5282 ```
5283 OMA-URI:
5284 ```
5285 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5286 ```
5287 Value (string):
5288 ```
5289 <enabled/> or <disabled/>
5290 ```
5291 OMA-URI:
5292 ```
5293 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5294 ```
5295 Value (string):
5296 ```
5297 <enabled/> or <disabled/>
5298 ```
5299 OMA-URI:
5300 ```
5301 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5302 ```
5303 Value (string):
5304 ```
5305 <enabled/> or <disabled/>
5306 ```
5307 OMA-URI:
5308 ```
5309 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5310 ```
5311 Value (string):
5312 ```
5313 <enabled/> or <disabled/>
5314 ```
5315 OMA-URI:
5316 ```
5317 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5318 ```
5319 Value (string):
5320 ```
5321 <enabled/> or <disabled/>
5322 ```
5323 OMA-URI:
5324 ```
5325 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5326 ```
5327 Value (string):
5328 ```
5329 <enabled/> or <disabled/>
5330 ```
5331 OMA-URI:
5332 ```
5333 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5334 ```
5335 Value (string):
5336 ```
5337 <enabled/> or <disabled/>
5338 ```
5339 #### macOS
5340 ```
5341 <dict>
5342 <key>SanitizeOnShutdown</key>
5343 <dict>
5344 <key>Cache</key>
5345 <true/> | <false/>
5346 <key>Cookies</key>
5347 <true/> | <false/>
5348 <key>Downloads</key>
5349 <true/> | <false/>
5350 <key>FormData</key>
5351 <true/> | <false/>
5352 <key>History</key>
5353 <true/> | <false/>
5354 <key>Sessions</key>
5355 <true/> | <false/>
5356 <key>SiteSettings</key>
5357 <true/> | <false/>
5358 <key>OfflineApps</key>
5359 <true/> | <false/>
5360 <key>Locked</key>
5361 <true/> | <false/>
5362 </dict>
5363 </dict>
5364 ```
5365 #### policies.json
5366 ```
5367 {
5368 "policies": {
5369 "SanitizeOnShutdown": {
5370 "Cache": true | false,
5371 "Cookies": true | false,
5372 "Downloads": true | false,
5373 "FormData": true | false,
5374 "History": true | false,
5375 "Sessions": true | false,
5376 "SiteSettings": true | false,
5377 "OfflineApps": true | false,
5378 "Locked": true | false
5379 }
5380 }
5381 }
5382 ```
5383 ### SanitizeOnShutdown (All)
5384 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5385
5386 **Compatibility:** Firefox 60, Firefox ESR 60\
5387 **CCK2 Equivalent:** N/A\
5388 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5389 #### Windows (GPO)
5390 ```
5391 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5392 ```
5393 #### Windows (Intune)
5394 OMA-URI:
5395 ```
5396 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5397 ```
5398 Value (string):
5399 ```
5400 <enabled/> or <disabled/>
5401 ```
5402 #### macOS
5403 ```
5404 <dict>
5405 <key>SanitizeOnShutdown</key>
5406 <true/> | <false/>
5407 </dict>
5408 ```
5409 #### policies.json
5410 ```
5411 {
5412 "policies": {
5413 "SanitizeOnShutdown": true | false
5414 }
5415 }
5416 ```
5417 ### SearchBar
5418 Set whether or not search bar is displayed.
5419
5420 **Compatibility:** Firefox 60, Firefox ESR 60\
5421 **CCK2 Equivalent:** `showSearchBar`\
5422 **Preferences Affected:** N/A
5423
5424 #### Windows (GPO)
5425 ```
5426 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5427 ```
5428
5429 #### Windows (Intune)
5430 OMA-URI:
5431 ```
5432 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5433 ```
5434 Value (string):
5435 ```
5436 <enabled/>
5437 <data id="SearchBar" value="unified | separate"/>
5438 ```
5439 #### macOS
5440 ```
5441 <dict>
5442 <key>SearchBar</key>
5443 <string>unified | separate</string>
5444 </dict>
5445 ```
5446 #### policies.json
5447 ```
5448 {
5449 "policies": {
5450 "SearchBar": "unified" | "separate"
5451 }
5452 }
5453 ```
5454 <a name="SearchEngines"></a>
5455
5456 ### SearchEngines (This policy is only available on the ESR.)
5457
5458 ### SearchEngines | Add
5459
5460 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5461
5462 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5463
5464 `Name` is the name of the search engine.
5465
5466 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5467
5468 `Method` is either GET or POST
5469
5470 `IconURL` is a URL for the icon to use.
5471
5472 `Alias` is a keyword to use for the engine.
5473
5474 `Description` is a description of the search engine.
5475
5476 `PostData` is the POST data as name value pairs separated by &.
5477
5478 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5479
5480 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5481
5482 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5483 **CCK2 Equivalent:** `searchplugins`\
5484 **Preferences Affected:** N/A
5485
5486 #### Windows (GPO)
5487 ```
5488 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5489 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5490 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5491 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5492 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5493 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5494 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5495 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5496 ```
5497 #### Windows (Intune)
5498 OMA-URI:
5499 ```
5500 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5501 ```
5502 Value (string):
5503 ```
5504 <enabled/>
5505 <data id="SearchEngine_Name" value="Example1"/>
5506 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5507 <data id="SearchEngine_Method" value="GET | POST"/>
5508 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5509 <data id="SearchEngine_Alias" value="example"/>
5510 <data id="SearchEngine_Description" value="Example Description"/>
5511 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5512 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5513 ```
5514 #### macOS
5515 ```
5516 <dict>
5517 <key>SearchEngines</key>
5518 <dict>
5519 <key>Add</key>
5520 <array>
5521 <dict>
5522 <key>Name</key>
5523 <string>Example1</string>
5524 <key>URLTemplate</key>
5525 <string>https://www.example.org/q={searchTerms}</string>
5526 <key>Method</key>
5527 <string>GET | POST </string>
5528 <key>IconURL</key>
5529 <string>https://www.example.org/favicon.ico</string>
5530 <key>Alias</key>
5531 <string>example</string>
5532 <key>Description</key>
5533 <string>Example Description</string>
5534 <key>SuggestURLTemplate</key>
5535 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5536 <key>PostData</key>
5537 <string>name=value&q={searchTerms}</string>
5538 </dict>
5539 <array>
5540 </dict>
5541 </dict>
5542 ```
5543 #### policies.json
5544 ```
5545 {
5546 "policies": {
5547 "SearchEngines": {
5548 "Add": [
5549 {
5550 "Name": "Example1",
5551 "URLTemplate": "https://www.example.org/q={searchTerms}",
5552 "Method": "GET" | "POST",
5553 "IconURL": "https://www.example.org/favicon.ico",
5554 "Alias": "example",
5555 "Description": "Description",
5556 "PostData": "name=value&q={searchTerms}",
5557 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5558 }
5559 ]
5560 }
5561 }
5562 }
5563 ```
5564 ### SearchEngines | Default
5565
5566 Set the default search engine. This policy is only available on the ESR.
5567
5568 **Compatibility:** Firefox ESR 60\
5569 **CCK2 Equivalent:** `defaultSearchEngine`\
5570 **Preferences Affected:** N/A
5571
5572 #### Windows (GPO)
5573 ```
5574 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5575 ```
5576 #### Windows (Intune)
5577 OMA-URI:
5578 ```
5579 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5580 ```
5581 Value (string):
5582 ```
5583 <enabled/>
5584 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5585 ```
5586 #### macOS
5587 ```
5588 <dict>
5589 <key>SearchEngines</key>
5590 <dict>
5591 <key>Default</key>
5592 <string>NAME_OF_SEARCH_ENGINE</string>
5593 </dict>
5594 </dict>
5595 ```
5596 #### policies.json
5597 ```
5598 {
5599 "policies": {
5600 "SearchEngines": {
5601 "Default": "NAME_OF_SEARCH_ENGINE"
5602 }
5603 }
5604 }
5605 ```
5606 ### SearchEngines | PreventInstalls
5607
5608 Prevent installing search engines from webpages.
5609
5610 **Compatibility:** Firefox ESR 60\
5611 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5612 **Preferences Affected:** N/A
5613
5614 #### Windows (GPO)
5615 ```
5616 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5617 ```
5618 #### Windows (Intune)
5619 OMA-URI:
5620 ```
5621 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5622 ```
5623 Value (string):
5624 ```
5625 <enabled/> or <disabled/>
5626 ```
5627 #### macOS
5628 ```
5629 <dict>
5630 <key>SearchEngines</key>
5631 <dict>
5632 <key>PreventInstalls</key>
5633 <true/> | <false/>
5634 </dict>
5635 </dict>
5636 ```
5637 #### policies.json
5638 ```
5639 {
5640 "policies": {
5641 "SearchEngines": {
5642 "PreventInstalls": true | false
5643 }
5644 }
5645 }
5646 ```
5647 ### SearchEngines | Remove
5648
5649 Hide built-in search engines. This policy is only available on the ESR.
5650
5651 **Compatibility:** Firefox ESR 60.2\
5652 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5653 **Preferences Affected:** N/A
5654
5655 #### Windows (GPO)
5656 ```
5657 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5658 ```
5659 #### Windows (Intune)
5660 OMA-URI:
5661 ```
5662 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5663 ```
5664 Value (string):
5665 ```
5666 <enabled/>
5667 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5668 ```
5669 #### macOS
5670 ```
5671 <dict>
5672 <key>SearchEngines</key>
5673 <dict>
5674 <key>Remove</key>
5675 <array>
5676 <string>NAME_OF_SEARCH_ENGINE</string>
5677 </array>
5678 </dict>
5679 </dict>
5680 ```
5681 #### policies.json
5682 ```
5683 {
5684 "policies": {
5685 "SearchEngines": {
5686 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5687 }
5688 }
5689 }
5690 ```
5691 ### SearchSuggestEnabled
5692
5693 Enable search suggestions.
5694
5695 **Compatibility:** Firefox 68, Firefox ESR 68\
5696 **CCK2 Equivalent:** N/A\
5697 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5698
5699 #### Windows (GPO)
5700 ```
5701 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5702 ```
5703 #### Windows (Intune)
5704 OMA-URI:
5705 ```
5706 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5707 ```
5708 Value (string):
5709 ```
5710 <enabled/> or <disabled/>
5711 ```
5712 #### macOS
5713 ```
5714 <dict>
5715 <key>SearchSuggestEnabled</key>
5716 <true/> | <false/>
5717 </dict>
5718 ```
5719 #### policies.json
5720 ```
5721 {
5722 "policies": {
5723 "SearchSuggestEnabled": true | false
5724 }
5725 }
5726 ```
5727 ### SecurityDevices
5728
5729 Install PKCS #11 modules.
5730
5731 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5732 **CCK2 Equivalent:** `certs.devices`\
5733 **Preferences Affected:** N/A
5734
5735 #### Windows (GPO)
5736 ```
5737 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5738 ```
5739 #### Windows (Intune)
5740 OMA-URI:
5741 ```
5742 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5743 ```
5744 Value (string):
5745 ```
5746 <enabled/>
5747 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5748 ```
5749 #### macOS
5750 ```
5751 <dict>
5752 <key>SecurityDevices</key>
5753 <dict>
5754 <key>NAME_OF_DEVICE</key>
5755 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5756 </dict>
5757 </dict>
5758 ```
5759
5760 #### policies.json
5761 ```
5762 {
5763 "policies": {
5764 "SecurityDevices": {
5765 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5766 }
5767 }
5768 }
5769 ```
5770 ### ShowHomeButton
5771 Show the home button on the toolbar.
5772
5773 Future versions of Firefox will not show the home button by default.
5774
5775 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5776 **CCK2 Equivalent:** N/A\
5777 **Preferences Affected:** N/A
5778
5779 #### Windows (GPO)
5780 ```
5781 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5782 ```
5783 #### Windows (Intune)
5784 OMA-URI:
5785 ```
5786 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5787 ```
5788 Value (string):
5789 ```
5790 <enabled/> or <disabled/>
5791 ```
5792 #### macOS
5793 ```
5794 <dict>
5795 <key>ShowHomeButton</key>
5796 <true/> | <false/>
5797 </dict>
5798 ```
5799 #### policies.json
5800 ```
5801 {
5802 "policies": {
5803 "ShowHomeButton": true | false
5804 }
5805 }
5806 ```
5807 ### SSLVersionMax
5808
5809 Set and lock the maximum version of TLS.
5810
5811 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5812 **CCK2 Equivalent:** N/A\
5813 **Preferences Affected:** `security.tls.version.max`
5814
5815 #### Windows (GPO)
5816 ```
5817 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5818 ```
5819 #### Windows (Intune)
5820 OMA-URI:
5821 ```
5822 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5823 ```
5824 Value (string):
5825 ```
5826 <enabled/>
5827 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5828 ```
5829 #### macOS
5830 ```
5831 <dict>
5832 <key>SSLVersionMax</key>
5833 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5834 </dict>
5835 ```
5836
5837 #### policies.json
5838 ```
5839 {
5840 "policies": {
5841 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5842 }
5843 }
5844 ```
5845 ### SSLVersionMin
5846
5847 Set and lock the minimum version of TLS.
5848
5849 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5850 **CCK2 Equivalent:** N/A\
5851 **Preferences Affected:** `security.tls.version.min`
5852
5853 #### Windows (GPO)
5854 ```
5855 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5856 ```
5857 #### Windows (Intune)
5858 OMA-URI:
5859 ```
5860 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5861 ```
5862 Value (string):
5863 ```
5864 <enabled/>
5865 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5866 ```
5867 #### macOS
5868 ```
5869 <dict>
5870 <key>SSLVersionMin</key>
5871 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5872 </dict>
5873 ```
5874
5875 #### policies.json
5876 ```
5877 {
5878 "policies": {
5879 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5880 }
5881 }
5882 ```
5883 ### SupportMenu
5884 Add a menuitem to the help menu for specifying support information.
5885
5886 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5887 **CCK2 Equivalent:** helpMenu\
5888 **Preferences Affected:** N/A
5889
5890 #### Windows (GPO)
5891 ```
5892 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5893 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5894 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5895 ```
5896 #### Windows (Intune)
5897 OMA-URI:
5898 ```
5899 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5900 ```
5901 Value (string):
5902 ```
5903 <enabled/>
5904 <data id="SupportMenuTitle" value="Support Menu"/>
5905 <data id="SupportMenuURL" value="http://example.com/support"/>
5906 <data id="SupportMenuAccessKey" value="S"/>
5907 ```
5908 #### macOS
5909 ```
5910 <dict>
5911 <key>SupportMenu</key>
5912 <dict>
5913 <key>Title</key>
5914 <string>SupportMenu</string>
5915 <key>URL</key>
5916 <string>http://example.com/support</string>
5917 <key>AccessKey</key>
5918 <string>S</string>
5919 </dict>
5920 </dict>
5921 ```
5922 #### policies.json
5923 ```
5924 {
5925 "policies": {
5926 "SupportMenu": {
5927 "Title": "Support Menu",
5928 "URL": "http://example.com/support",
5929 "AccessKey": "S"
5930 }
5931 }
5932 }
5933 ```
5934 ### StartDownloadsInTempDirectory
5935 Force downloads to start off in a local, temporary location rather than the default download directory.
5936
5937 **Compatibility:** Firefox 102\
5938 **CCK2 Equivalent:** N/A\
5939 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
5940
5941 #### Windows (GPO)
5942 ```
5943 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
5944 ```
5945 #### Windows (Intune)
5946 OMA-URI:
5947 ```
5948 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
5949 ```
5950 Value (string):
5951 ```
5952 <enabled/> or <disabled/>
5953 ```
5954 #### macOS
5955 ```
5956 <dict>
5957 <key>StartDownloadsInTempDirectory</key>
5958 <true/> | <false/>
5959 </dict>
5960 ```
5961 #### policies.json
5962 ```
5963 {
5964 "policies": {
5965 "StartDownloadsInTempDirectory": true | false
5966 }
5967 ```
5968 ### UserMessaging
5969
5970 Prevent Firefox from messaging the user in certain situations.
5971
5972 `WhatsNew` Remove the "What's New" icon and menuitem.
5973
5974 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
5975
5976 `FeatureRecommendations` If false, don't recommend browser features.
5977
5978 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
5979
5980 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
5981
5982 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
5983
5984 **Compatibility:** Firefox 75, Firefox ESR 68.7\
5985 **CCK2 Equivalent:** N/A\
5986 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
5987
5988 #### Windows (GPO)
5989 ```
5990 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
5991 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
5992 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
5993 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
5994 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
5995 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
5996 ```
5997 #### Windows (Intune)
5998 OMA-URI:
5999 ```
6000 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6001 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6002 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6003 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6004 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6005 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6006 ```
6007 Value (string):
6008 ```
6009 <enabled/> or <disabled/>
6010 ```
6011 #### macOS
6012 ```
6013 <dict>
6014 <key>UserMessaging</key>
6015 <dict>
6016 <key>WhatsNew</key>
6017 <true/> | <false/>
6018 <key>ExtensionRecommendations</key>
6019 <true/> | <false/>
6020 <key>FeatureRecommendations</key>
6021 <true/> | <false/>
6022 <key>UrlbarInterventions</key>
6023 <true/> | <false/>
6024 <key>SkipOnboarding</key>
6025 <true/> | <false/>
6026 <key>MoreFromMozilla</key>
6027 <true/> | <false/>
6028 </dict>
6029 </dict>
6030 ```
6031 #### policies.json
6032 ```
6033 {
6034 "policies": {
6035 "UserMessaging": {
6036 "WhatsNew": true | false,
6037 "ExtensionRecommendations": true | false,
6038 "FeatureRecommendations": true | false,
6039 "UrlbarInterventions": true | false,
6040 "SkipOnboarding": true | false,
6041 "MoreFromMozilla": true | false
6042 }
6043 }
6044 }
6045 ```
6046 ### UseSystemPrintDialog
6047 Use the system print dialog instead of the print preview window.
6048
6049 **Compatibility:** Firefox 102\
6050 **CCK2 Equivalent:** N/A\
6051 **Preferences Affected:** `print.prefer_system_dialog`
6052
6053 #### Windows (GPO)
6054 ```
6055 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6056 ```
6057 #### Windows (Intune)
6058 OMA-URI:
6059 ```
6060 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6061 ```
6062 Value (string):
6063 ```
6064 <enabled/> or <disabled/>
6065 ```
6066 #### macOS
6067 ```
6068 <dict>
6069 <key>UseSystemPrintDialog</key>
6070 <true/> | <false/>
6071 </dict>
6072 ```
6073 #### policies.json
6074 ```
6075 {
6076 "policies": {
6077 "UseSystemPrintDialog": true | false
6078 }
6079 }
6080 ```
6081 ### WebsiteFilter
6082 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6083 The arrays are limited to 1000 entries each.
6084
6085 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6086
6087 For specific protocols, use `https://*/*` or `http://*/*`.
6088
6089 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6090
6091 **Compatibility:** Firefox 60, Firefox ESR 60\
6092 **CCK2 Equivalent:** N/A\
6093 **Preferences Affected:** N/A
6094
6095 #### Windows (GPO)
6096 ```
6097 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6098 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6099 ```
6100 #### Windows (Intune)
6101 OMA-URI:
6102 ```
6103 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6104 ```
6105 Value (string):
6106 ```
6107 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6108 ```
6109 OMA-URI:
6110 ```
6111 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6112 ```
6113 Value (string):
6114 ```
6115 <enabled/>
6116 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6117 ```
6118 #### macOS
6119 ```
6120 <dict>
6121 <key>WebsiteFilter</key>
6122 <dict>
6123 <key>Block</key>
6124 <array>
6125 <string><all_urls></string>
6126 </array>
6127 <key>Exceptions</key>
6128 <array>
6129 <string>http://example.org/*</string>
6130 </array>
6131 </dict>
6132
6133 </dict>
6134 ```
6135 #### policies.json
6136 ```
6137 {
6138 "policies": {
6139 "WebsiteFilter": {
6140 "Block": ["<all_urls>"],
6141 "Exceptions": ["http://example.org/*"]
6142 }
6143 }
6144 }
6145 ```
6146 ### WindowsSSO
6147 Allow Windows single sign-on for Microsoft, work, and school accounts.
6148
6149 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6150
6151 **Compatibility:** Firefox 91\
6152 **CCK2 Equivalent:** N/A\
6153 **Preferences Affected:** `network.http.windows-sso.enabled`
6154
6155 #### Windows (GPO)
6156 ```
6157 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6158 ```
6159 #### Windows (Intune)
6160 OMA-URI:
6161 ```
6162 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6163 ```
6164 Value (string):
6165 ```
6166 <enabled/> or <disabled/>
6167 ```
6168 #### policies.json
6169 ```
6170 {
6171 "policies": {
6172 "WindowsSSO": true | false
6173 }
6174 }
6175 ```

patrick-canterino.de