]> git.p6c8.net - policy-templates.git/blob - README.md
Merge pull request #1017 from mozilla/Containers
[policy-templates.git] / README.md
1 **These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
2
3 **You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
4
5 Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
6
7 Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
8
9 ```
10 {
11 "policies": {
12 "Authentication": {
13 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
14 }
15 "Authentication_Comment": "These domains are required for us"
16 }
17 }
18 ```
19
20 | Policy Name | Description
21 | --- | --- |
22 | **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
23 | **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
24 | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
25 | **[`AppUpdatePin`](#appupdatepin)** | Prevent Firefox from being updated beyond the specified version.
26 | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
27 | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
28 | **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
29 | **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
30 | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
31 | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
32 | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
33 | **[`BlockAboutSupport`](#blockaboutsupport)** | Block access to Troubleshooting Information (about:support).
34 | **[`Bookmarks`](#bookmarks)** | Add bookmarks in either the bookmarks toolbar or menu.
35 | **[`CaptivePortal`](#captiveportal)** | Enable or disable the detection of captive portals.
36 | **[`Certificates`](#certificates)** |
37 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
38 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
39 | **[`Containers`](#containers)** | Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
40 | **[`Cookies`](#cookies)** | Configure cookie preferences.
41 | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
42 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
43 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
44 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
45 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
46 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
47 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
48 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
49 | **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
50 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
51 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
52 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
53 | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
54 | **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
55 | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
56 | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
57 | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
58 | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
59 | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
60 | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases.
61 | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
62 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
63 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
64 | **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
65 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
66 | **[`DisplayBookmarksToolbar (Deprecated)`](#displaybookmarkstoolbar-deprecated)** | Set the initial state of the bookmarks toolbar.
67 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
68 | **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
69 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
70 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
71 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
72 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
73 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
74 | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
75 | **[`ExemptDomainFileTypePairsFromFileTypeDownloadWarnings`](#exemptdomainfiletypepairsfromfiletypedownloadwarnings)** | Disable warnings based on file extension for specific file types on domains.
76 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
77 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
78 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
79 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
80 | **[`FlashPlugin (Deprecated)`](#flashplugin-deprecated)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
81 | **[`GoToIntranetSiteForSingleWordEntryInAddressBar`](#gotointranetsiteforsinglewordentryinaddressbar)** | Force direct intranet site navigation instead of searching when typing single word entries in the address bar.
82 | **[`Handlers`](#handlers)** | Configure default application handlers.
83 | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
84 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
85 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
86 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
87 | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
88 | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
89 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
90 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
91 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
92 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
93 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
94 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
95 | **[`OfferToSaveLogins`](#offertosavelogins)** | Control whether or not Firefox offers to save passwords.
96 | **[`OfferToSaveLoginsDefault`](#offertosaveloginsdefault)** | Set the default value for whether or not Firefox offers to save passwords.
97 | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
98 | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
99 | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
100 | **[`PasswordManagerExceptions`](#passwordmanagerexceptions)** | Prevent Firefox from saving passwords for specific sites.
101 | **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
102 | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
103 | **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
104 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
105 | **[`Preferences`](#preferences)** | Set and lock preferences.
106 | **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
107 | **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
108 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
109 | **[`Proxy`](#proxy)** | Configure proxy settings.
110 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
111 | **[`SanitizeOnShutdown` (All)](#sanitizeonshutdown-all)** | Clear all data on shutdown.
112 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
113 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
114 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
115 | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
116 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
117 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
118 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
119 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
120 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
121 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
122 | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
123 | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
124 | **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
125 | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
126 | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
127 | **[`UseSystemPrintDialog`](#usesystemprintdialog)** | Print using the system print dialog instead of print preview.
128 | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
129 | **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
130
131 ### 3rdparty
132
133 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
134
135 For GPO and Intune, the extension developer should provide an ADMX file.
136
137 **Compatibility:** Firefox 68\
138 **CCK2 Equivalent:** N/A\
139 **Preferences Affected:** N/A
140
141 #### macOS
142 ```
143 <dict>
144 <key>3rdparty</key>
145 <dict>
146 <key>Extensions</key>
147 <dict>
148 <key>uBlock0@raymondhill.net</key>
149 <dict>
150 <key>adminSettings</key>
151 <dict>
152 <key>selectedFilterLists</key>
153 <array>
154 <string>ublock-privacy</string>
155 <string>ublock-badware</string>
156 <string>ublock-filters</string>
157 <string>user-filters</string>
158 </array>
159 </dict>
160 </dict>
161 </dict>
162 </dict>
163 </dict>
164 ```
165 #### policies.json
166 ```
167 {
168 "policies": {
169 "3rdparty": {
170 "Extensions": {
171 "uBlock0@raymondhill.net": {
172 "adminSettings": {
173 "selectedFilterLists": [
174 "ublock-privacy",
175 "ublock-badware",
176 "ublock-filters",
177 "user-filters"
178 ]
179 }
180 }
181 }
182 }
183 }
184 }
185 ```
186
187 ### AllowedDomainsForApps
188
189 Define domains allowed to access Google Workspace.
190
191 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
192
193 If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
194
195 **Compatibility:** Firefox 89, Firefox ESR 78.11\
196 **CCK2 Equivalent:** N/A\
197 **Preferences Affected:** N/A
198
199 #### Windows (GPO)
200 ```
201 Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
202 ```
203 #### Windows (Intune)
204 OMA-URI:
205 ```
206 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
207 ```
208 Value (string):
209 ```
210 <enabled/>
211 <data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
212 ```
213 #### macOS
214 ```
215 <dict>
216 <key>AllowedDomainsForApps</key>
217 <string>managedfirefox.com,example.com</string>
218 </dict>
219 ```
220 #### policies.json
221 ```
222 {
223 "policies": {
224 "AllowedDomainsForApps": "managedfirefox.com,example.com"
225 }
226 }
227 ```
228 ### AppAutoUpdate
229
230 Enable or disable **automatic** application update.
231
232 If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
233
234 If set to false, application updates are downloaded but the user can choose when to install the update.
235
236 If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
237
238 **Compatibility:** Firefox 75, Firefox ESR 68.7\
239 **CCK2 Equivalent:** N/A\
240 **Preferences Affected:** `app.update.auto`
241
242 #### Windows (GPO)
243 ```
244 Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
245 ```
246 #### Windows (Intune)
247 OMA-URI:
248 ```
249 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
250 ```
251 Value (string):
252 ```
253 <enabled/> or <disabled/>
254 ```
255 #### macOS
256 ```
257 <dict>
258 <key>AppAutoUpdate</key>
259 <true/> | <false/>
260 </dict>
261 ```
262 #### policies.json
263 ```
264 {
265 "policies": {
266 "AppAutoUpdate": true | false
267 }
268 }
269 ```
270 ### AppUpdatePin
271
272 Prevent Firefox from being updated beyond the specified version.
273
274 You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version.
275
276 You can also specify the version as ```xx.xx``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version.
277
278 You should specify a version that exists or is guaranteed to exist. If you specify a version that doesn't end up existing, Firefox will update beyond that version.
279
280 **Compatibility:** Firefox 102,\
281 **CCK2 Equivalent:** N/A\
282 **Preferences Affected:** N/A
283
284 #### Windows (GPO)
285 ```
286 Software\Policies\Mozilla\Firefox\AppUpdatePin = "106."
287 ```
288 #### Windows (Intune)
289 OMA-URI:
290 ```
291 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdatePin
292 ```
293 Value (string):
294 ```
295 <enabled/>
296 <data id="AppUpdatePin" value="106."/>
297 ```
298 #### macOS
299 ```
300 <dict>
301 <key>AppUpdatePin</key>
302 <string>106.</string>
303 </dict>
304 ```
305 #### policies.json
306 ```
307 {
308 "policies": {
309 "AppUpdatePin": "106."
310 }
311 }
312 ```
313 ### AppUpdateURL
314
315 Change the URL for application update if you are providing Firefox updates from a custom update server.
316
317 **Compatibility:** Firefox 62, Firefox ESR 60.2\
318 **CCK2 Equivalent:** N/A\
319 **Preferences Affected:** `app.update.url`
320
321 #### Windows (GPO)
322 ```
323 Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
324 ```
325 #### Windows (Intune)
326 OMA-URI:
327 ```
328 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
329 ```
330 Value (string):
331 ```
332 <enabled/>
333 <data id="AppUpdateURL" value="https://yoursite.com"/>
334 ```
335 #### macOS
336 ```
337 <dict>
338 <key>AppUpdateURL</key>
339 <string>https://yoursite.com</string>
340 </dict>
341 ```
342 #### policies.json
343 ```
344 {
345 "policies": {
346 "AppUpdateURL": "https://yoursite.com"
347 }
348 }
349 ```
350 ### Authentication
351
352 Configure sites that support integrated authentication.
353
354 See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
355
356 `PrivateBrowsing` enables integrated authentication in private browsing.
357
358 **Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
359 **CCK2 Equivalent:** N/A\
360 **Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
361
362 #### Windows (GPO)
363 ```
364 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\1 = "mydomain.com"
365 Software\Policies\Mozilla\Firefox\Authentication\SPNEGO\2 = "https://myotherdomain.com"
366 Software\Policies\Mozilla\Firefox\Authentication\Delegated\1 = "mydomain.com"
367 Software\Policies\Mozilla\Firefox\Authentication\Delegated\2 = "https://myotherdomain.com"
368 Software\Policies\Mozilla\Firefox\Authentication\NTLM\1 = "mydomain.com"
369 Software\Policies\Mozilla\Firefox\Authentication\NTLM\2 = "https://myotherdomain.com"
370 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\SPNEGO = 0x1 | 0x0
371 Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
372 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
373 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
374 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
375 Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
376 ```
377 #### Windows (Intune)
378 OMA-URI:
379 ```
380 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
381 ```
382 Value (string):
383 ```
384 <enabled/>
385 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
386 ```
387 OMA-URI:
388 ```
389 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
390 ```
391 Value (string):
392 ```
393 <enabled/>
394 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
395 ```
396 OMA-URI:
397 ```
398 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
399 ```
400 Value (string):
401 ```
402 <enabled/>
403 <data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
404 ```
405 OMA-URI:
406 ```
407 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
408 ```
409 Value (string):
410 ```
411 <enabled/>
412 <data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
413 <data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
414 ```
415 OMA-URI:
416 ```
417 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
418 ```
419 Value (string):
420 ```
421 <enabled/> or <disabled/>
422 ```
423 OMA-URI:
424 ```
425 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
426 ```
427 Value (string):
428 ```
429 <enabled/> or <disabled/>
430 ```
431 #### macOS
432 ```
433 <dict>
434 <key>Authentication</key>
435 <dict>
436 <key>SPNEGO</key>
437 <array>
438 <string>mydomain.com</string>
439 <string>https://myotherdomain.com</string>
440 </array>
441 <key>Delegated</key>
442 <array>
443 <string>mydomain.com</string>
444 <string>https://myotherdomain.com</string>
445 </array>
446 <key>NTLM</key>
447 <array>
448 <string>mydomain.com</string>
449 <string>https://myotherdomain.com</string>
450 </array>
451 <key>AllowNonFQDN</key>
452 <dict>
453 <key>SPNEGO</key>
454 <true/> | <false/>
455 <key>NTLM</key>
456 <true/> | <false/>
457 </dict>
458 <key>AllowProxies</key>
459 <dict>
460 <key>SPNEGO</key>
461 <true/> | <false/>
462 <key>NTLM</key>
463 <true/> | <false/>
464 </dict>
465 <key>Locked</key>
466 <true/> | <false/>
467 <key>PrivateBrowsing</key>
468 <true/> | <false/>
469 </dict>
470 </dict>
471 ```
472 #### policies.json
473 ```
474 {
475 "policies": {
476 "Authentication": {
477 "SPNEGO": ["mydomain.com", "https://myotherdomain.com"],
478 "Delegated": ["mydomain.com", "https://myotherdomain.com"],
479 "NTLM": ["mydomain.com", "https://myotherdomain.com"],
480 "AllowNonFQDN": {
481 "SPNEGO": true | false,
482 "NTLM": true | false
483 },
484 "AllowProxies": {
485 "SPNEGO": true | false,
486 "NTLM": true | false
487 },
488 "Locked": true | false,
489 "PrivateBrowsing": true | false
490 }
491 }
492 }
493 ```
494 ### AutoLaunchProtocolsFromOrigins
495 Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
496
497 The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
498
499 The schema is:
500 ```
501 {
502 "items": {
503 "properties": {
504 "allowed_origins": {
505 "items": {
506 "type": "string"
507 },
508 "type": "array"
509 },
510 "protocol": {
511 "type": "string"
512 }
513 },
514 "required": [
515 "protocol",
516 "allowed_origins"
517 ],
518 "type": "object"
519 },
520 "type": "array"
521 }
522 ```
523 **Compatibility:** Firefox 90, Firefox ESR 78.12\
524 **CCK2 Equivalent:** N/A\
525 **Preferences Affected:** N/A
526
527 #### Windows (GPO)
528 Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
529 ```
530 [
531 {
532 "protocol": "zoommtg",
533 "allowed_origins": [
534 "https://somesite.zoom.us"
535 ]
536 }
537 ]
538 ```
539 #### Windows (Intune)
540 OMA-URI:
541 ```
542 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
543 ```
544 Value (string):
545 ```
546 <enabled/>
547 <data id="JSON" value='
548 [
549 {
550 "protocol": "zoommtg",
551 "allowed_origins": [
552 "https://somesite.zoom.us"
553 ]
554 }
555 ]'/>
556 ```
557 #### macOS
558 ```
559 <dict>
560 <key>AutoLaunchProtocolsFromOrigins</key>
561 <array>
562 <dict>
563 <key>protocol</key>
564 <string>zoommtg</string>
565 <key>allowed_origins</key>
566 <array>
567 <string>https://somesite.zoom.us</string>
568 </array>
569 </dict>
570 </array>
571 </dict>
572 ```
573 #### policies.json
574 ```
575 {
576 "policies": {
577 "AutoLaunchProtocolsFromOrigins": [{
578 "protocol": "zoommtg",
579 "allowed_origins": [
580 "https://somesite.zoom.us"
581 ]
582 }]
583 }
584 }
585 ```
586 ### BackgroundAppUpdate
587
588 Enable or disable **automatic** application update **in the background**, when the application is not running.
589
590 If set to true, application updates may be installed (without user approval) in the background, even when the application is not running. The operating system might still require approval.
591
592 If set to false, the application will not try to install updates when the application is not running.
593
594 If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
595
596 **Compatibility:** Firefox 90 (Windows only)\
597 **CCK2 Equivalent:** N/A\
598 **Preferences Affected:** `app.update.background.enabled`
599
600 #### Windows (GPO)
601 ```
602 Software\Policies\Mozilla\Firefox\BackgroundAppUpdate = 0x1 | 0x0
603 ```
604 #### Windows (Intune)
605 OMA-URI:
606 ```
607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BackgroundAppUpdate
608 ```
609 Value (string):
610 ```
611 <enabled/> or <disabled/>
612 ```
613 #### macOS
614 ```
615 <dict>
616 <key>BackgroundAppUpdate</key>
617 <true/> | <false/>
618 </dict>
619 ```
620 #### policies.json
621 ```
622 {
623 "policies": {
624 "BackgroundAppUpdate": true | false
625 }
626 }
627 ```
628 ### BlockAboutAddons
629
630 Block access to the Add-ons Manager (about:addons).
631
632 **Compatibility:** Firefox 60, Firefox ESR 60\
633 **CCK2 Equivalent:** `disableAddonsManager`\
634 **Preferences Affected:** N/A
635
636 #### Windows (GPO)
637 ```
638 Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
639 ```
640 #### Windows (Intune)
641 OMA-URI:
642 ```
643 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
644 ```
645 Value (string):
646 ```
647 <enabled/> or <disabled/>
648 ```
649 #### macOS
650 ```
651 <dict>
652 <key>BlockAboutAddons</key>
653 <true/> | <false/>
654 </dict>
655 ```
656 #### policies.json
657 ```
658 {
659 "policies": {
660 "BlockAboutAddons": true | false
661 }
662 }
663 ```
664 ### BlockAboutConfig
665
666 Block access to about:config.
667
668 **Compatibility:** Firefox 60, Firefox ESR 60\
669 **CCK2 Equivalent:** `disableAboutConfig`\
670 **Preferences Affected:** N/A
671
672 #### Windows (GPO)
673 ```
674 Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
675 ```
676 #### Windows (Intune)
677 OMA-URI:
678 ```
679 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
680 ```
681 Value (string):
682 ```
683 <enabled/> or <disabled/>
684 ```
685 #### macOS
686 ```
687 <dict>
688 <key>BlockAboutConfig</key>
689 <true/> | <false/>
690 </dict>
691 ```
692 #### policies.json
693 ```
694 {
695 "policies": {
696 "BlockAboutConfig": true | false
697 }
698 }
699 ```
700 ### BlockAboutProfiles
701
702 Block access to About Profiles (about:profiles).
703
704 **Compatibility:** Firefox 60, Firefox ESR 60\
705 **CCK2 Equivalent:** `disableAboutProfiles`\
706 **Preferences Affected:** N/A
707
708 #### Windows (GPO)
709 ```
710 Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
711 ```
712 #### Windows (Intune)
713 OMA-URI:
714 ```
715 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
716 ```
717 Value (string):
718 ```
719 <enabled/> or <disabled/>
720 ```
721 #### macOS
722 ```
723 <dict>
724 <key>BlockAboutProfiles</key>
725 <true/> | <false/>
726 </dict>
727 ```
728 #### policies.json
729 ```
730 {
731 "policies": {
732 "BlockAboutProfiles": true | false
733 }
734 }
735 ```
736 ### BlockAboutSupport
737
738 Block access to Troubleshooting Information (about:support).
739
740 **Compatibility:** Firefox 60, Firefox ESR 60\
741 **CCK2 Equivalent:** `disableAboutSupport`\
742 **Preferences Affected:** N/A
743
744 #### Windows (GPO)
745 ```
746 Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
747 ```
748 #### Windows (Intune)
749 OMA-URI:
750 ```
751 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
752 ```
753 Value (string):
754 ```
755 <enabled/> or <disabled/>
756 ```
757 #### macOS
758 ```
759 <dict>
760 <key>BlockAboutSupport</key>
761 <true/> | <false/>
762 </dict>
763 ```
764 #### policies.json
765 ```
766 {
767 "policies": {
768 "BlockAboutSupport": true | false
769 }
770 }
771 ```
772 ### Bookmarks
773
774 Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add bookmarks. This policy will continue to be supported.
775
776 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
777
778 If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
779
780 **Compatibility:** Firefox 60, Firefox ESR 60\
781 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
782 **Preferences Affected:** N/A
783
784 #### Windows (GPO)
785 ```
786 Software\Policies\Mozilla\Firefox\Bookmarks\1\Title = "Example"
787 Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
788 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
789 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
790 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
791
792 Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
793 ```
794 []
795 ```
796
797 ```
798 #### Windows (Intune)
799 OMA-URI:
800 ```
801 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
802 ```
803 Value (string):
804 ```
805 <enabled/>
806 <data id="BookmarkTitle" value="Example"/>
807 <data id="BookmarkURL" value="https://example.com"/>
808 <data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
809 <data id="BookmarkPlacement" value="toolbar | menu"/>
810 <data id="BookmarkFolder" value="FolderName"/>
811 ```
812 OMA-URI:
813 ```
814 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
815 ```
816 Value (string):
817 ```
818 <enabled/>
819 <data id="JSON" value='[]'/>
820 ```
821 #### macOS
822 ```
823 <dict>
824 <key>Bookmarks</key>
825 <array>
826 <dict>
827 <key>Title</key>
828 <string>Example</string>
829 <key>URL</key>
830 <string>https://example.com</string>
831 <key>Favicon</key>
832 <string>https://example.com/favicon.ico</string>
833 <key>Placement</key>
834 <string>toolbar | menu</string>
835 <key>Folder</key>
836 <string>FolderName</string>
837 </dict>
838 </array>
839 </dict>
840 ```
841 #### policies.json
842 ```
843 {
844 "policies": {
845 "Bookmarks": [
846 {
847 "Title": "Example",
848 "URL": "https://example.com",
849 "Favicon": "https://example.com/favicon.ico",
850 "Placement": "toolbar" | "menu",
851 "Folder": "FolderName"
852 }
853 ]
854 }
855 }
856 ```
857 ### CaptivePortal
858 Enable or disable the detection of captive portals.
859
860 **Compatibility:** Firefox 67, Firefox ESR 60.7\
861 **CCK2 Equivalent:** N/A\
862 **Preferences Affected:** `network.captive-portal-service.enabled`
863
864 #### Windows (GPO)
865 ```
866 Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
867 ```
868 #### Windows (Intune)
869 OMA-URI:
870 ```
871 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
872 ```
873 Value (string):
874 ```
875 <enabled/> or <disabled/>
876 ```
877 #### macOS
878 ```
879 <dict>
880 <key>CaptivePortal</key>
881 <true/> | <false/>
882 </dict>
883 ```
884 #### policies.json
885 ```
886 {
887 "policies": {
888 "CaptivePortal": true | false
889 }
890 }
891 ```
892 ### Certificates
893
894 ### Certificates | ImportEnterpriseRoots
895
896 Trust certificates that have been added to the operating system certificate store by a user or administrator.
897
898 Note: This policy only works on Windows and macOS. For Linux discussion, see [bug 1600509](https://bugzilla.mozilla.org/show_bug.cgi?id=1600509).
899
900 See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for more detail.
901
902 **Compatibility:** Firefox 60, Firefox ESR 60 (macOS support in Firefox 63, Firefox ESR 68)\
903 **CCK2 Equivalent:** N/A\
904 **Preferences Affected:** `security.enterprise_roots.enabled`
905
906 #### Windows (GPO)
907 ```
908 Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
909 ```
910 #### Windows (Intune)
911 OMA-URI:
912 ```
913 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
914 ```
915 Value (string):
916 ```
917 <enabled/> or <disabled/>
918 ```
919 #### macOS
920 ```
921 <dict>
922 <key>Certificates</key>
923 <dict>
924 <key>ImportEnterpriseRoots</key>
925 <true/> | <false/>
926 </dict>
927 </dict>
928 ```
929 #### policies.json
930 ```
931 {
932 "policies": {
933 "Certificates": {
934 "ImportEnterpriseRoots": true | false
935 }
936 }
937 }
938 ```
939 ### Certificates | Install
940
941 Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
942
943 - Windows
944 - %USERPROFILE%\AppData\Local\Mozilla\Certificates
945 - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
946 - macOS
947 - /Library/Application Support/Mozilla/Certificates
948 - ~/Library/Application Support/Mozilla/Certificates
949 - Linux
950 - /usr/lib/mozilla/certificates
951 - /usr/lib64/mozilla/certificates
952 - ~/.mozilla/certificates
953
954 Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
955
956 If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
957
958 Certificates are installed using the trust string `CT,CT,`.
959
960 Binary (DER) and ASCII (PEM) certificates are both supported.
961
962 **Compatibility:** Firefox 64, Firefox ESR 64\
963 **CCK2 Equivalent:** `certs.ca`\
964 **Preferences Affected:** N/A
965
966 #### Windows (GPO)
967 ```
968 Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
969 Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
970 ```
971 #### Windows (Intune)
972 OMA-URI:
973 ```
974 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
975 ```
976 Value (string):
977 ```
978 <enabled/>
979 <data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
980 ```
981 #### macOS
982 ```
983 <dict>
984 <key>Certificates</key>
985 <dict>
986 <key>Install</key>
987 <array>
988 <string>cert1.der</string>
989 <string>/Users/username/cert2.pem</string>
990 </array>
991 </dict>
992 </dict>
993 ```
994 #### policies.json
995 ```
996 {
997 "policies": {
998 "Certificates": {
999 "Install": ["cert1.der", "/home/username/cert2.pem"]
1000 }
1001 }
1002 }
1003 ```
1004 ### Containers
1005 Set policies related to [containers](https://addons.mozilla.org/firefox/addon/multi-account-containers/).
1006
1007 Currently you can set the initial set of containers.
1008
1009 For each container, you can specify the name, icon, and color.
1010
1011 | Name | Description |
1012 | --- | --- |
1013 | `name`| Name of container
1014 | `icon` | Can be `fingerprint`, `briefcase`, `dollar`, `cart`, `vacation`, `gift`, `food`, `fruit`, `pet`, `tree`, `chill`, `circle`, `fence`
1015 | `color` | Can be `blue`, `turquoise`, `green`, `yellow`, `orange`, `red`, `pink`, `purple`, `toolbar`
1016
1017 **Compatibility:** Firefox 113\
1018 **CCK2 Equivalent:** N/A\
1019 **Preferences Affected:** N/A
1020
1021 #### Windows (GPO)
1022 Software\Policies\Mozilla\Firefox\Containers (REG_MULTI_SZ) =
1023 ```
1024 {
1025 "Default": [
1026 {
1027 "name": "My container",
1028 "icon": "pet",
1029 "color": "turquoise"
1030 }
1031 ]
1032 }
1033 ```
1034 #### Windows (Intune)
1035 OMA-URI:
1036 ```
1037 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Containers
1038 ```
1039 Value (string):
1040 ```
1041 <enabled/>
1042 <data id="JSON" value='
1043 {
1044 "Default": [
1045 {
1046 "name": "My container",
1047 "icon": "pet",
1048 "color": "turquoise"
1049 }
1050 ]
1051 }
1052 '/>
1053 ```
1054 #### macOS
1055 ```
1056 <dict>
1057 <key>Default</key>
1058 <dict>
1059 <key>Containers</key>
1060 <array>
1061 <dict>
1062 <key>name</key>
1063 <string>My container</string>
1064 <key>icon</key>
1065 <string>pet</string>
1066 <key>color</key>
1067 <string>turquoise</string>
1068 </dict>
1069 </array>
1070 </dict>
1071 </dict>
1072 ```
1073 #### policies.json
1074 ```
1075 {
1076 "policies": {
1077 "Containers": {
1078 "Default": [
1079 {
1080 "name": "My container",
1081 "icon": "pet",
1082 "color": "turquoise"
1083 }
1084 ]
1085 }
1086 }
1087 }
1088 ```
1089 ### Cookies
1090 Configure cookie preferences.
1091
1092 `Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
1093
1094 `AllowSession` is a list of origins (not domains) where cookies are only allowed for the current session. You must include http or https.
1095
1096 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
1097
1098 `Behavior` sets the default behavior for cookies based on the values below.
1099
1100 `BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
1101
1102 | Value | Description
1103 | --- | ---
1104 | accept | Accept all cookies
1105 | reject-foreign | Reject third party cookies
1106 | reject | Reject all cookies
1107 | limit-foreign | Reject third party cookies for sites you haven't visited
1108 | reject-tracker | Reject cookies for known trackers (default)
1109 | reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
1110
1111 `Default` (Deprecated) determines whether cookies are accepted at all.
1112
1113 `AcceptThirdParty` (Deprecated) determines how third-party cookies are handled.
1114
1115 `ExpireAtSessionEnd` determines when cookies expire.
1116
1117 `RejectTracker` (Deprecated) only rejects cookies for trackers.
1118
1119 `Locked` prevents the user from changing cookie preferences.
1120
1121 **Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
1122 **CCK2 Equivalent:** N/A\
1123 **Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
1124
1125 #### Windows (GPO)
1126 ```
1127 Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
1128 Software\Policies\Mozilla\Firefox\Cookies\AllowSession\1 = "https://example.edu"
1129 Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
1130 Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
1131 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
1132 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
1133 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
1134 Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1135 Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
1136 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
1137 ```
1138 #### Windows (Intune)
1139 OMA-URI:
1140 ```
1141 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
1142 ```
1143 Value (string):
1144 ```
1145 <enabled/>
1146 <data id="Permissions" value="1&#xF000;https://example.com"/>
1147 ```
1148 OMA-URI:
1149 ```
1150 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AllowSession
1151 ```
1152 Value (string):
1153 ```
1154 <enabled/>
1155 <data id="Permissions" value="1&#xF000;https://example.edu"/>
1156 ```
1157 OMA-URI:
1158 ```
1159 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
1160 ```
1161 Value (string):
1162 ```
1163 <enabled/>
1164 <data id="Permissions" value="1&#xF000;https://example.org"/>
1165 ```
1166 OMA-URI:
1167 ```
1168 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
1169 ```
1170 Value (string):
1171 ```
1172 <enabled/> or <disabled/>
1173 ```
1174 OMA-URI:
1175 ```
1176 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
1177 ```
1178 Value (string):
1179 ```
1180 <enabled/>
1181 <data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
1182 ```
1183 OMA-URI:
1184 ```
1185 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
1186 ```
1187 Value (string):
1188 ```
1189 <enabled/> or <disabled/>
1190 ```
1191 OMA-URI:
1192 ```
1193 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
1194 ```
1195 Value (string):
1196 ```
1197 <enabled/> or <disabled/>
1198 ```
1199 OMA-URI:
1200 ```
1201 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
1202 ```
1203 Value (string):
1204 ```
1205 <enabled/> or <disabled/>
1206 ```
1207 OMA-URI:
1208 ```
1209 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
1210 ```
1211 Value (string):
1212 ```
1213 <enabled/>
1214 <data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1215 ```
1216 OMA-URI:
1217 ```
1218 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
1219 ```
1220 Value (string):
1221 ```
1222 <enabled/>
1223 <data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
1224 ```
1225 #### macOS
1226 ```
1227 <dict>
1228 <key>Cookies</key>
1229 <dict>
1230 <key>Allow</key>
1231 <array>
1232 <string>http://example.com</string>
1233 </array>
1234 <key>AllowSession</key>
1235 <array>
1236 <string>http://example.edu</string>
1237 </array>
1238 <key>Block</key>
1239 <array>
1240 <string>http://example.org</string>
1241 </array>
1242 <key>Default</key>
1243 <true/> | <false/>
1244 <key>AcceptThirdParty</key>
1245 <string>always | never | from-visited</string>
1246 <key>ExpireAtSessionEnd</key>
1247 <true/> | <false/>
1248 <key>RejectTracker</key>
1249 <true/> | <false/>
1250 <key>Locked</key>
1251 <true/> | <false/>
1252 <key>Behavior</key>
1253 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1254 <key>BehaviorPrivateBrowsing</key>
1255 <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
1256 </dict>
1257 </dict>
1258 ```
1259 #### policies.json
1260 ```
1261 {
1262 "policies": {
1263 "Cookies": {
1264 "Allow": ["http://example.org/"],
1265 "AllowSession": ["http://example.edu/"],
1266 "Block": ["http://example.edu/"],
1267 "Default": true | false,
1268 "AcceptThirdParty": "always" | "never" | "from-visited",
1269 "ExpireAtSessionEnd": true | false,
1270 "RejectTracker": true | false,
1271 "Locked": true | false,
1272 "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1273 "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
1274 }
1275 }
1276 }
1277 ```
1278 ### DefaultDownloadDirectory
1279 Set the default download directory.
1280
1281 You can use ${home} for the native home directory.
1282
1283 **Compatibility:** Firefox 68, Firefox ESR 68\
1284 **CCK2 Equivalent:** N/A\
1285 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
1286
1287 #### Windows (GPO)
1288 ```
1289 Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
1290 ```
1291 #### Windows (Intune)
1292 OMA-URI:
1293 ```
1294 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
1295 ```
1296 Value (string):
1297 ```
1298 <enabled/>
1299 <data id="Preferences_String" value="${home}\Downloads"/>
1300 ```
1301 #### macOS
1302 ```
1303 <dict>
1304 <key>DefaultDownloadDirectory</key>
1305 <string>${home}/Downloads</string>
1306 </dict>
1307 ```
1308 #### policies.json (macOS and Linux)
1309 ```
1310 {
1311 "policies": {
1312 "DefaultDownloadDirectory": "${home}/Downloads"
1313 }
1314 }
1315 ```
1316 #### policies.json (Windows)
1317 ```
1318 {
1319 "policies": {
1320 "DefaultDownloadDirectory": "${home}\\Downloads"
1321 }
1322 }
1323 ```
1324 ### DisableAppUpdate
1325 Turn off application updates within Firefox.
1326
1327 **Compatibility:** Firefox 60, Firefox ESR 60\
1328 **CCK2 Equivalent:** `disableFirefoxUpdates`\
1329 **Preferences Affected:** N/A
1330
1331 #### Windows (GPO)
1332 ```
1333 Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
1334 ```
1335 #### Windows (Intune)
1336 OMA-URI:
1337 ```
1338 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
1339 ```
1340 Value (string):
1341 ```
1342 <enabled/> or <disabled/>
1343 ```
1344 #### macOS
1345 ```
1346 <dict>
1347 <key>DisableAppUpdate</key>
1348 <true/> | <false/>
1349 </dict>
1350 ```
1351 #### policies.json
1352 ```
1353 {
1354 "policies": {
1355 "DisableAppUpdate": true | false
1356 }
1357 }
1358 ```
1359 ### DisableBuiltinPDFViewer
1360 Disable the built in PDF viewer. PDF files are downloaded and sent externally.
1361
1362 **Compatibility:** Firefox 60, Firefox ESR 60\
1363 **CCK2 Equivalent:** `disablePDFjs`\
1364 **Preferences Affected:** `pdfjs.disabled`
1365
1366 #### Windows (GPO)
1367 ```
1368 Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
1369 ```
1370 #### Windows (Intune)
1371 OMA-URI:
1372 ```
1373 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
1374 ```
1375 Value (string):
1376 ```
1377 <enabled/> or <disabled/>
1378 ```
1379 #### macOS
1380 ```
1381 <dict>
1382 <key>DisableBuiltinPDFViewer</key>
1383 <true/> | <false/>
1384 </dict>
1385 ```
1386 #### policies.json
1387 ```
1388 {
1389 "policies": {
1390 "DisableBuiltinPDFViewer": true | false
1391 }
1392 }
1393 ```
1394 ### DisabledCiphers
1395 Disable specific cryptographic ciphers, listed below.
1396
1397 ```
1398 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1399 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
1400 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1401 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1402 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
1403 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
1404 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
1405 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
1406 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1407 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
1408 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1409 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
1410 TLS_RSA_WITH_AES_128_GCM_SHA256
1411 TLS_RSA_WITH_AES_256_GCM_SHA384
1412 TLS_RSA_WITH_AES_128_CBC_SHA
1413 TLS_RSA_WITH_AES_256_CBC_SHA
1414 TLS_RSA_WITH_3DES_EDE_CBC_SHA
1415 ```
1416
1417 **Preferences Affected:** `security.ssl3.ecdhe_rsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256`, `security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256`, `security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_256_gcm_sha384`, `security.ssl3.ecdhe_rsa_aes_128_sha`, `security.ssl3.ecdhe_ecdsa_aes_128_sha`, `security.ssl3.ecdhe_rsa_aes_256_sha`, `security.ssl3.ecdhe_ecdsa_aes_256_sha`, `security.ssl3.dhe_rsa_aes_128_sha`, `security.ssl3.dhe_rsa_aes_256_sha`, `security.ssl3.rsa_aes_128_gcm_sha256`, `security.ssl3.rsa_aes_256_gcm_sha384`, `security.ssl3.rsa_aes_128_sha`, `security.ssl3.rsa_aes_256_sha`, `security.ssl3.deprecated.rsa_des_ede3_sha`
1418
1419 ---
1420 **Note:**
1421
1422 This policy was updated in Firefox 78 to allow enabling ciphers as well. Setting the value to true disables the cipher, setting the value to false enables the cipher. Previously setting the value to true or false disabled the cipher.
1423
1424 ---
1425 **Compatibility:** Firefox 76, Firefox ESR 68.8 (TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 were added in Firefox 78, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 were added in Firefox 97 and Firefox 91.6)\
1426 **CCK2 Equivalent:** N/A\
1427 **Preferences Affected:** N/A
1428
1429 #### Windows (GPO)
1430 ```
1431 Software\Policies\Mozilla\Firefox\DisabledCiphers\CIPHER_NAME = 0x1 | 0x0
1432 ```
1433 #### Windows (Intune)
1434 OMA-URI:
1435 ```
1436 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_CIPHER_NAME
1437
1438 ```
1439 Value (string):
1440 ```
1441 <enabled/> or <disabled/>
1442 ```
1443 #### macOS
1444 ```
1445 <dict>
1446 <key>DisabledCiphers</key>
1447 <dict>
1448 <key>CIPHER_NAME</key>
1449 <true/> | <false/>
1450 </dict>
1451 </dict>
1452 ```
1453 #### policies.json
1454 ```
1455 {
1456 "policies": {
1457 "DisabledCiphers": {
1458 "CIPHER_NAME": true | false,
1459 }
1460 }
1461 }
1462 ```
1463 ### DisableDefaultBrowserAgent
1464 Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
1465
1466 The browser agent is a Windows-only scheduled task which runs in the background to collect and submit data about the browser that the user has set as their OS default. More information is available [here](https://firefox-source-docs.mozilla.org/toolkit/mozapps/defaultagent/default-browser-agent/index.html).
1467
1468 **Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
1469 **CCK2 Equivalent:** N/A\
1470 **Preferences Affected:** N/A
1471
1472 #### Windows (GPO)
1473 ```
1474 Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
1475 ```
1476 #### Windows (Intune)
1477 OMA-URI:
1478 ```
1479 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
1480 ```
1481 Value (string):
1482 ```
1483 <enabled/> or <disabled/>
1484 ```
1485 #### policies.json
1486 ```
1487 {
1488 "policies": {
1489 "DisableDefaultBrowserAgent": true | false
1490 }
1491 }
1492 ```
1493 ### DisableDeveloperTools
1494 Remove access to all developer tools.
1495
1496 **Compatibility:** Firefox 60, Firefox ESR 60\
1497 **CCK2 Equivalent:** `removeDeveloperTools`\
1498 **Preferences Affected:** `devtools.policy.disabled`
1499
1500 #### Windows (GPO)
1501 ```
1502 Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
1503 ```
1504 #### Windows (Intune)
1505 OMA-URI:
1506 ```
1507 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
1508 ```
1509 Value (string):
1510 ```
1511 <enabled/> or <disabled/>
1512 ```
1513 #### macOS
1514 ```
1515 <dict>
1516 <key>DisableDeveloperTools</key>
1517 <true/> | <false/>
1518 </dict>
1519 ```
1520 #### policies.json
1521 ```
1522 {
1523 "policies": {
1524 "DisableDeveloperTools": true | false
1525 }
1526 }
1527 ```
1528 ### DisableFeedbackCommands
1529 Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
1530
1531 **Compatibility:** Firefox 60, Firefox ESR 60\
1532 **CCK2 Equivalent:** N/A\
1533 **Preferences Affected:** N/A
1534
1535 #### Windows (GPO)
1536 ```
1537 Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
1538 ```
1539 #### Windows (Intune)
1540 OMA-URI:
1541 ```
1542 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
1543 ```
1544 Value (string):
1545 ```
1546 <enabled/> or <disabled/>
1547 ```
1548 #### macOS
1549 ```
1550 <dict>
1551 <key>DisableFeedbackCommands</key>
1552 <true/> | <false/>
1553 </dict>
1554 ```
1555 #### policies.json
1556 ```
1557 {
1558 "policies": {
1559 "DisableFeedbackCommands": true | false
1560 }
1561 }
1562 ```
1563 ### DisableFirefoxAccounts
1564 Disable Firefox Accounts integration (Sync).
1565
1566 **Compatibility:** Firefox 60, Firefox ESR 60\
1567 **CCK2 Equivalent:** `disableSync`\
1568 **Preferences Affected:** `identity.fxaccounts.enabled`
1569
1570 #### Windows (GPO)
1571 ```
1572 Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
1573 ```
1574 #### Windows (Intune)
1575 OMA-URI:
1576 ```
1577 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
1578 ```
1579 Value (string):
1580 ```
1581 <enabled/> or <disabled/>
1582 ```
1583 #### macOS
1584 ```
1585 <dict>
1586 <key>DisableFirefoxAccounts</key>
1587 <true/> | <false/>
1588 </dict>
1589 ```
1590 #### policies.json
1591 ```
1592 {
1593 "policies": {
1594 "DisableFirefoxAccounts": true | false
1595 }
1596 }
1597 ```
1598 ### DisableFirefoxScreenshots
1599 Remove access to Firefox Screenshots.
1600
1601 **Compatibility:** Firefox 60, Firefox ESR 60\
1602 **CCK2 Equivalent:** N/A\
1603 **Preferences Affected:** `extensions.screenshots.disabled`
1604
1605 #### Windows (GPO)
1606 ```
1607 Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
1608 ```
1609 #### Windows (Intune)
1610 OMA-URI:
1611 ```
1612 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
1613 ```
1614 Value (string):
1615 ```
1616 <enabled/> or <disabled/>
1617 ```
1618 #### macOS
1619 ```
1620 <dict>
1621 <key>DisableFirefoxScreenshots</key>
1622 <true/> | <false/>
1623 </dict>
1624 ```
1625 #### policies.json
1626 ```
1627 {
1628 "policies": {
1629 "DisableFirefoxScreenshots": true | false
1630 }
1631 }
1632 ```
1633 ### DisableFirefoxStudies
1634 Disable Firefox studies (Shield).
1635
1636 **Compatibility:** Firefox 60, Firefox ESR 60\
1637 **CCK2 Equivalent:** N/A\
1638 **Preferences Affected:** N/A
1639
1640 #### Windows (GPO)
1641 ```
1642 Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
1643 ```
1644 #### Windows (Intune)
1645 OMA-URI:
1646 ```
1647 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
1648 ```
1649 Value (string):
1650 ```
1651 <enabled/> or <disabled/>
1652 ```
1653 #### macOS
1654 ```
1655 <dict>
1656 <key>DisableFirefoxStudies</key>
1657 <true/> | <false/>
1658 </dict>
1659 ```
1660 #### policies.json
1661 ```
1662 {
1663 "policies": {
1664 "DisableFirefoxStudies": true | false
1665 }
1666 }
1667 ```
1668 ### DisableForgetButton
1669 Disable the "Forget" button.
1670
1671 **Compatibility:** Firefox 60, Firefox ESR 60\
1672 **CCK2 Equivalent:** `disableForget`\
1673 **Preferences Affected:** N/A
1674
1675 #### Windows (GPO)
1676 ```
1677 Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
1678 ```
1679 #### Windows (Intune)
1680 OMA-URI:
1681 ```
1682 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
1683 ```
1684 Value (string):
1685 ```
1686 <enabled/> or <disabled/>
1687 ```
1688 #### macOS
1689 ```
1690 <dict>
1691 <key>DisableForgetButton</key>
1692 <true/> | <false/>
1693 </dict>
1694 ```
1695 #### policies.json
1696 ```
1697 {
1698 "policies": {
1699 "DisableForgetButton": true | false
1700 }
1701 }
1702 ```
1703 ### DisableFormHistory
1704 Turn off saving information on web forms and the search bar.
1705
1706 **Compatibility:** Firefox 60, Firefox ESR 60\
1707 **CCK2 Equivalent:** `disableFormFill`\
1708 **Preferences Affected:** `browser.formfill.enable`
1709
1710 #### Windows (GPO)
1711 ```
1712 Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
1713 ```
1714 #### Windows (Intune)
1715 OMA-URI:
1716 ```
1717 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
1718 ```
1719 Value (string):
1720 ```
1721 <enabled/> or <disabled/>
1722 ```
1723 #### macOS
1724 ```
1725 <dict>
1726 <key>DisableFormHistory</key>
1727 <true/> | <false/>
1728 </dict>
1729 ```
1730 #### policies.json
1731 ```
1732 {
1733 "policies": {
1734 "DisableFormHistory": true | false
1735 }
1736 }
1737 ```
1738 ### DisableMasterPasswordCreation
1739 Remove the master password functionality.
1740
1741 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
1742
1743 If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
1744
1745 **Compatibility:** Firefox 60, Firefox ESR 60\
1746 **CCK2 Equivalent:** `noMasterPassword`\
1747 **Preferences Affected:** N/A
1748
1749 #### Windows (GPO)
1750 ```
1751 Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
1752 ```
1753 #### Windows (Intune)
1754 OMA-URI:
1755 ```
1756 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
1757 ```
1758 Value (string):
1759 ```
1760 <enabled/> or <disabled/>
1761 ```
1762 #### macOS
1763 ```
1764 <dict>
1765 <key>DisableMasterPasswordCreation</key>
1766 <true/> | <false/>
1767 </dict>
1768 ```
1769 #### policies.json
1770 ```
1771 {
1772 "policies": {
1773 "DisableMasterPasswordCreation": true | false
1774 }
1775 }
1776 ```
1777 ### DisablePasswordReveal
1778 Do not allow passwords to be shown in saved logins
1779
1780 **Compatibility:** Firefox 71, Firefox ESR 68.3\
1781 **CCK2 Equivalent:** N/A
1782 **Preferences Affected:** N/A
1783
1784 #### Windows (GPO)
1785 ```
1786 Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
1787 ```
1788 #### Windows (Intune)
1789 OMA-URI:
1790 ```
1791 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
1792 ```
1793 Value (string):
1794 ```
1795 <enabled/> or <disabled/>
1796 ```
1797 #### macOS
1798 ```
1799 <dict>
1800 <key>DisablePasswordReveal</key>
1801 <true/> | <false/>
1802 </dict>
1803 ```
1804 #### policies.json
1805 ```
1806 {
1807 "policies": {
1808 "DisablePasswordReveal": true | false
1809 }
1810 }
1811 ```
1812 ### DisablePocket
1813 Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
1814
1815 **Compatibility:** Firefox 60, Firefox ESR 60\
1816 **CCK2 Equivalent:** `disablePocket`\
1817 **Preferences Affected:** `extensions.pocket.enabled`
1818
1819 #### Windows (GPO)
1820 ```
1821 Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
1822 ```
1823 #### Windows (Intune)
1824 OMA-URI:
1825 ```
1826 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
1827 ```
1828 Value (string):
1829 ```
1830 <enabled/> or <disabled/>
1831 ```
1832 #### macOS
1833 ```
1834 <dict>
1835 <key>DisablePocket</key>
1836 <true/> | <false/>
1837 </dict>
1838 ```
1839 #### policies.json
1840 ```
1841 {
1842 "policies": {
1843 "DisablePocket": true | false
1844 }
1845 }
1846 ```
1847 ### DisablePrivateBrowsing
1848 Remove access to private browsing.
1849
1850 **Compatibility:** Firefox 60, Firefox ESR 60\
1851 **CCK2 Equivalent:** `disablePrivateBrowsing`\
1852 **Preferences Affected:** N/A
1853
1854 #### Windows (GPO)
1855 ```
1856 Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
1857 ```
1858 #### Windows (Intune)
1859 OMA-URI:
1860 ```
1861 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
1862 ```
1863 Value (string):
1864 ```
1865 <enabled/> or <disabled/>
1866 ```
1867 #### macOS
1868 ```
1869 <dict>
1870 <key>DisablePrivateBrowsing</key>
1871 <true/> | <false/>
1872 </dict>
1873 ```
1874 #### policies.json
1875 ```
1876 {
1877 "policies": {
1878 "DisablePrivateBrowsing": true | false
1879 }
1880 }
1881 ```
1882 ### DisableProfileImport
1883 Disables the "Import data from another browser" option in the bookmarks window.
1884
1885 **Compatibility:** Firefox 60, Firefox ESR 60\
1886 **CCK2 Equivalent:** N/A\
1887 **Preferences Affected:** N/A
1888
1889 #### Windows (GPO)
1890 ```
1891 Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
1892 ```
1893 #### Windows (Intune)
1894 OMA-URI:
1895 ```
1896 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
1897 ```
1898 Value (string):
1899 ```
1900 <enabled/> or <disabled/>
1901 ```
1902 #### macOS
1903 ```
1904 <dict>
1905 <key>DisableProfileImport</key>
1906 <true/> | <false/>
1907 </dict>
1908 ```
1909 #### policies.json
1910 ```
1911 {
1912 "policies": {
1913 "DisableProfileImport": true | false
1914 }
1915 }
1916 ```
1917 ### DisableProfileRefresh
1918 Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
1919
1920 **Compatibility:** Firefox 60, Firefox ESR 60\
1921 **CCK2 Equivalent:** `disableResetFirefox`\
1922 **Preferences Affected:** `browser.disableResetPrompt`
1923
1924 #### Windows (GPO)
1925 ```
1926 Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
1927 ```
1928 #### Windows (Intune)
1929 OMA-URI:
1930 ```
1931 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
1932 ```
1933 Value (string):
1934 ```
1935 <enabled/> or <disabled/>
1936 ```
1937 #### macOS
1938 ```
1939 <dict>
1940 <key>DisableProfileRefresh</key>
1941 <true/> | <false/>
1942 </dict>
1943 ```
1944 #### policies.json
1945 ```
1946 {
1947 "policies": {
1948 "DisableProfileRefresh": true | false
1949 }
1950 }
1951 ```
1952 ### DisableSafeMode
1953 Disable safe mode within the browser.
1954
1955 On Windows, this disables safe mode via the command line as well.
1956
1957 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
1958 **CCK2 Equivalent:** `disableSafeMode`\
1959 **Preferences Affected:** N/A
1960
1961 #### Windows (GPO)
1962 ```
1963 Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
1964 ```
1965 #### Windows (Intune)
1966 OMA-URI:
1967 ```
1968 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
1969 ```
1970 Value (string):
1971 ```
1972 <enabled/> or <disabled/>
1973 ```
1974 #### macOS
1975 ```
1976 <dict>
1977 <key>DisableSafeMode</key>
1978 <true/> | <false/>
1979 </dict>
1980 ```
1981 #### policies.json
1982 ```
1983 {
1984 "policies": {
1985 "DisableSafeMode": true | false
1986 }
1987 }
1988 ```
1989 ### DisableSecurityBypass
1990 Prevent the user from bypassing security in certain cases.
1991
1992 `InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
1993
1994 `SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
1995
1996 **Compatibility:** Firefox 60, Firefox ESR 60\
1997 **CCK2 Equivalent:** N/A\
1998 **Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
1999
2000 #### Windows (GPO)
2001 ```
2002 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
2003 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
2004 ```
2005 #### Windows (Intune)
2006 OMA-URI:
2007 ```
2008 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
2009 ```
2010 Value (string):
2011 ```
2012 <enabled/> or <disabled/>
2013 ```
2014 OMA-URI:
2015 ```
2016 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
2017 ```
2018 Value (string):
2019 ```
2020 <enabled/> or <disabled/>
2021 ```
2022
2023 #### macOS
2024 ```
2025 <dict>
2026 <key>DisableSecurityBypass</key>
2027 <dict>
2028 <key>InvalidCertificate</key>
2029 <true/> | <false/>
2030 <key>SafeBrowsing</key>
2031 <true/> | <false/>
2032 </dict>
2033 </dict>
2034 ```
2035 #### policies.json
2036 ```
2037 {
2038 "policies": {
2039 "DisableSecurityBypass": {
2040 "InvalidCertificate": true | false,
2041 "SafeBrowsing": true | false
2042 }
2043 }
2044 }
2045 ```
2046 ### DisableSetDesktopBackground
2047 Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
2048
2049 **Compatibility:** Firefox 60, Firefox ESR 60\
2050 **CCK2 Equivalent:** `removeSetDesktopBackground`\
2051 **Preferences Affected:** N/A
2052
2053 #### Windows (GPO)
2054 ```
2055 Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
2056 ```
2057 #### Windows (Intune)
2058 OMA-URI:
2059 ```
2060 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
2061 ```
2062 Value (string):
2063 ```
2064 <enabled/> or <disabled/>
2065 ```
2066 #### macOS
2067 ```
2068 <dict>
2069 <key>DisableSetDesktopBackground</key>
2070 <true/> | <false/>
2071 </dict>
2072 ```
2073 #### policies.json
2074 ```
2075 {
2076 "policies": {
2077 "DisableSetDesktopBackground": true | false
2078 }
2079 }
2080 ```
2081 ### DisableSystemAddonUpdate
2082 Prevent system add-ons from being installed or updated.
2083
2084 **Compatibility:** Firefox 60, Firefox ESR 60\
2085 **CCK2 Equivalent:** N/A\
2086 **Preferences Affected:** N/A
2087
2088 #### Windows (GPO)
2089 ```
2090 Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
2091 ```
2092 #### Windows (Intune)
2093 OMA-URI:
2094 ```
2095 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
2096 ```
2097 Value (string):
2098 ```
2099 <enabled/> or <disabled/>
2100 ```
2101 #### macOS
2102 ```
2103 <dict>
2104 <key>DisableSystemAddonUpdate</key>
2105 <true/> | <false/>
2106 </dict>
2107 ```
2108 #### policies.json
2109 ```
2110 {
2111 "policies": {
2112 "DisableSystemAddonUpdate": true | false
2113 }
2114 }
2115 ```
2116 ### DisableTelemetry
2117 Prevent the upload of telemetry data.
2118
2119 As of Firefox 83 and Firefox ESR 78.5, local storage of telemetry data is disabled as well.
2120
2121 Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
2122
2123 **Compatibility:** Firefox 60, Firefox ESR 60\
2124 **CCK2 Equivalent:** `disableTelemetry`\
2125 **Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
2126
2127 #### Windows (GPO)
2128 ```
2129 Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
2130 ```
2131 #### Windows (Intune)
2132 OMA-URI:
2133 ```
2134 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
2135 ```
2136 Value (string):
2137 ```
2138 <enabled/> or <disabled/>
2139 ```
2140 #### macOS
2141 ```
2142 <dict>
2143 <key>DisableTelemetry</key>
2144 <true/> | <false/>
2145 </dict>
2146 ```
2147 #### policies.json
2148 ```
2149 {
2150 "policies": {
2151 "DisableTelemetry": true | false
2152 }
2153 }
2154 ```
2155 ### DisableThirdPartyModuleBlocking
2156 Do not allow blocking third-party modules from the `about:third-party` page.
2157
2158 This policy only works on Windows through GPO (not policies.json).
2159
2160 **Compatibility:** Firefox 110 (Windows only, GPO only)\
2161 **CCK2 Equivalent:** N/A\
2162 **Preferences Affected:** N/A
2163
2164 #### Windows (GPO)
2165 ```
2166 Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
2167 ```
2168 #### Windows (Intune)
2169 OMA-URI:
2170 ```
2171 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
2172 ```
2173 Value (string):
2174 ```
2175 <enabled/> or <disabled/>
2176 ```
2177 ### DisplayBookmarksToolbar
2178 Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
2179
2180 `always` means the bookmarks toolbar is always shown.
2181
2182 `never` means the bookmarks toolbar is not shown.
2183
2184 `newtab` means the bookmarks toolbar is only shown on the new tab page.
2185
2186 **Compatibility:** Firefox 109, Firefox ESR 102.7\
2187 **CCK2 Equivalent:** N/A\
2188 **Preferences Affected:** N/A
2189
2190 #### Windows (GPO)
2191 ```
2192 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
2193 ```
2194 #### Windows (Intune)
2195 OMA-URI:
2196 ```
2197 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
2198 ```
2199 Value (string):
2200 ```
2201 <enabled/>
2202 <data id="DisplayBookmarksToolbar" value="always | never | newtab"/>
2203 ```
2204 #### macOS
2205 ```
2206 <dict>
2207 <key>DisplayBookmarksToolbar</key>
2208 <string>always | never | newtab</string>
2209 </dict>
2210 ```
2211 #### policies.json
2212 ```
2213 {
2214 "policies": {
2215 "DisplayBookmarksToolbar": "always" | "never" | "newtab"
2216 }
2217 }
2218 ```
2219 ### DisplayBookmarksToolbar (Deprecated)
2220 Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden.
2221
2222 **Compatibility:** Firefox 60, Firefox ESR 60\
2223 **CCK2 Equivalent:** `displayBookmarksToolbar`\
2224 **Preferences Affected:** N/A
2225
2226 #### Windows (GPO)
2227 ```
2228 Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
2229 ```
2230 #### Windows (Intune)
2231 OMA-URI:
2232 ```
2233 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar
2234 ```
2235 Value (string):
2236 ```
2237 <enabled/> or <disabled/>
2238 ```
2239 #### macOS
2240 ```
2241 <dict>
2242 <key>DisplayBookmarksToolbar</key>
2243 <true/> | <false/>
2244 </dict>
2245 ```
2246 #### policies.json
2247 ```
2248 {
2249 "policies": {
2250 "DisplayBookmarksToolbar": true | false
2251 }
2252 }
2253 ```
2254 ### DisplayMenuBar
2255 Set the state of the menubar.
2256
2257 `always` means the menubar is shown and cannot be hidden.
2258
2259 `never` means the menubar is hidden and cannot be shown.
2260
2261 `default-on` means the menubar is on by default but can be hidden.
2262
2263 `default-off` means the menubar is off by default but can be shown.
2264
2265 **Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
2266 **CCK2 Equivalent:** `displayMenuBar`\
2267 **Preferences Affected:** N/A
2268
2269 #### Windows (GPO)
2270 ```
2271 Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
2272 ```
2273 #### Windows (Intune)
2274 OMA-URI:
2275 ```
2276 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
2277 ```
2278 Value (string):
2279 ```
2280 <enabled/>
2281 <data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
2282 ```
2283 #### macOS
2284 ```
2285 <dict>
2286 <key>DisplayMenuBar</key>
2287 <string>always | never | default-on | default-off</string>
2288 </dict>
2289 ```
2290 #### policies.json
2291 ```
2292 {
2293 "policies": {
2294 "DisplayMenuBar": "always", "never", "default-on", "default-off"
2295 }
2296 }
2297 ```
2298 ### DisplayMenuBar (Deprecated)
2299 Set the initial state of the menubar. A user can still hide it and it will stay hidden.
2300
2301 **Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
2302 **CCK2 Equivalent:** `displayMenuBar`\
2303 **Preferences Affected:** N/A
2304
2305 #### Windows (GPO)
2306 ```
2307 Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
2308 ```
2309 #### macOS
2310 ```
2311 <dict>
2312 <key>DisplayMenuBar</key>
2313 <true/> | <false/>
2314 </dict>
2315 ```
2316 #### policies.json
2317 ```
2318 {
2319 "policies": {
2320 "DisplayMenuBar": true | false
2321 }
2322 }
2323 ```
2324 ### DNSOverHTTPS
2325 Configure DNS over HTTPS.
2326
2327 `Enabled` determines whether DNS over HTTPS is enabled
2328
2329 `ProviderURL` is a URL to another provider.
2330
2331 `Locked` prevents the user from changing DNS over HTTPS preferences.
2332
2333 `ExcludedDomains` excludes domains from DNS over HTTPS.
2334
2335 **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
2336 **CCK2 Equivalent:** N/A\
2337 **Preferences Affected:** `network.trr.mode`, `network.trr.uri`
2338
2339 #### Windows (GPO)
2340 ```
2341 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
2342 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
2343 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
2344 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
2345 ```
2346 #### Windows (Intune)
2347 OMA-URI:
2348 ```
2349 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
2350 ```
2351 Value (string):
2352 ```
2353 <enabled/> or <disabled/>
2354 ```
2355 OMA-URI:
2356 ```
2357 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
2358 ```
2359 Value (string):
2360 ```
2361 <enabled/>
2362 <data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
2363 ```
2364 OMA-URI:
2365 ```
2366 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
2367 ```
2368 Value (string):
2369 ```
2370 <enabled/> or <disabled/>
2371 ```
2372 OMA-URI:
2373 ```
2374 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
2375 ```
2376 Value (string):
2377 ```
2378 <enabled/>
2379 <data id="List" value="1&#xF000;example.com"/>
2380 ```
2381 #### macOS
2382 ```
2383 <dict>
2384 <key>DNSOverHTTPS</key>
2385 <dict>
2386 <key>Enabled</key>
2387 <true/> | <false/>
2388 <key>ProviderURL</key>
2389 <string>URL_TO_ALTERNATE_PROVIDER</string>
2390 <key>Locked</key>
2391 <true/> | <false/>
2392 <key>ExcludedDomains</key>
2393 <array>
2394 <string>example.com</string>
2395 </array>
2396 </dict>
2397 </dict>
2398 ```
2399 #### policies.json
2400 ```
2401 {
2402 "policies": {
2403 "DNSOverHTTPS": {
2404 "Enabled": true | false,
2405 "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
2406 "Locked": true | false,
2407 "ExcludedDomains": ["example.com"]
2408 }
2409 }
2410 }
2411 ```
2412 ### DontCheckDefaultBrowser
2413 Don't check if Firefox is the default browser at startup.
2414
2415 **Compatibility:** Firefox 60, Firefox ESR 60\
2416 **CCK2 Equivalent:** `dontCheckDefaultBrowser`\
2417 **Preferences Affected:** `browser.shell.checkDefaultBrowser`
2418
2419 #### Windows (GPO)
2420 ```
2421 Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
2422 ```
2423 #### Windows (Intune)
2424 OMA-URI:
2425 ```
2426 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
2427 ```
2428 Value (string):
2429 ```
2430 <enabled/> or <disabled/>
2431 ```
2432 #### macOS
2433 ```
2434 <dict>
2435 <key>DontCheckDefaultBrowser</key>
2436 <true/> | <false/>
2437 </dict>
2438 ```
2439 #### policies.json
2440 ```
2441 {
2442 "policies": {
2443 "DontCheckDefaultBrowser": true | false
2444 }
2445 }
2446 ```
2447 ### DownloadDirectory
2448 Set and lock the download directory.
2449
2450 You can use ${home} for the native home directory.
2451
2452 **Compatibility:** Firefox 68, Firefox ESR 68\
2453 **CCK2 Equivalent:** N/A\
2454 **Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
2455
2456 #### Windows (GPO)
2457 ```
2458 Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
2459 ```
2460 #### Windows (Intune)
2461 OMA-URI:
2462 ```
2463 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
2464 ```
2465 Value (string):
2466 ```
2467 <enabled/>
2468 <data id="Preferences_String" value="${home}\Downloads"/>
2469 ```
2470 #### macOS
2471 ```
2472 <dict>
2473 <key>DownloadDirectory</key>
2474 <string>${home}/Downloads</string>
2475 </dict>
2476 ```
2477 #### policies.json (macOS and Linux)
2478 ```
2479 {
2480 "policies": {
2481 "DownloadDirectory": "${home}/Downloads"
2482 }
2483 ```
2484 #### policies.json (Windows)
2485 ```
2486 {
2487 "policies": {
2488 "DownloadDirectory": "${home}\\Downloads"
2489 }
2490 ```
2491 ### EnableTrackingProtection
2492 Configure tracking protection.
2493
2494 If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
2495
2496 If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
2497
2498 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
2499
2500 If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
2501
2502 If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
2503
2504 If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
2505
2506 `Exceptions` are origins for which tracking protection is not enabled.
2507
2508 **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
2509 **CCK2 Equivalent:** N/A\
2510 **Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
2511
2512 #### Windows (GPO)
2513 ```
2514 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
2515 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
2516 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
2517 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
2518 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
2519 ```
2520 #### Windows (Intune)
2521 OMA-URI:
2522 ```
2523 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/A_TrackingProtection_Value
2524 ```
2525 Value (string):
2526 ```
2527 <enabled/> or <disabled/>
2528 ```
2529 OMA-URI:
2530 ```
2531 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/B_TrackingProtection_Cryptomining
2532 ```
2533 Value (string):
2534 ```
2535 <enabled/> or <disabled/>
2536 ```
2537 OMA-URI:
2538 ```
2539 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/C_TrackingProtection_Fingerprinting
2540 ```
2541 Value (string):
2542 ```
2543 <enabled/> or <disabled/>
2544 ```
2545 OMA-URI:
2546 ```
2547 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/D_TrackingProtection_Exceptions
2548 ```
2549 Value (string):
2550 ```
2551 <enabled/>
2552 <data id="TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
2553 ```
2554 OMA-URI:
2555 ```
2556 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/E_TrackingProtection_Locked
2557 ```
2558 Value (string):
2559 ```
2560 <enabled/> or <disabled/>
2561 ```
2562 #### macOS
2563 ```
2564 <dict>
2565 <key>EnableTrackingProtection</key>
2566 <dict>
2567 <key>Value</key>
2568 <true/> | <false/>
2569 <key>Locked</key>
2570 <true/> | <false/>
2571 <key>Cryptomining</key>
2572 <true/> | <false/>
2573 <key>Fingerprinting</key>
2574 <true/> | <false/>
2575 <key>Exceptions</key>
2576 <array>
2577 <string>https://example.com</string>
2578 </array>
2579 </dict>
2580 </dict>
2581 ```
2582 #### policies.json
2583 ```
2584 {
2585 "policies": {
2586 "EnableTrackingProtection": {
2587 "Value": true | false,
2588 "Locked": true | false,
2589 "Cryptomining": true | false,
2590 "Fingerprinting": true | false,
2591 "Exceptions": ["https://example.com"]
2592 }
2593 }
2594 }
2595 ```
2596 ### EncryptedMediaExtensions
2597 Enable or disable Encrypted Media Extensions and optionally lock it.
2598
2599 If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
2600
2601 If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
2602
2603 **Compatibility:** Firefox 77, Firefox ESR 68.9\
2604 **CCK2 Equivalent:** N/A\
2605 **Preferences Affected:** `media.eme.enabled`
2606
2607 #### Windows (GPO)
2608 ```
2609 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
2610 Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
2611 ```
2612 #### Windows (Intune)
2613 OMA-URI:
2614 ```
2615 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
2616 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
2617 ```
2618 Value (string):
2619 ```
2620 <enabled/>or <disabled/>
2621 ```
2622 #### macOS
2623 ```
2624 <dict>
2625 <key>EncryptedMediaExtensions</key>
2626 <dict>
2627 <key>Enabled</key>
2628 <true/> | <false/>
2629 <key>Locked</key>
2630 <true/> | <false/>
2631 </dict>
2632 </dict>
2633 ```
2634 #### policies.json
2635 ```
2636 {
2637 "policies": {
2638 "EncryptedMediaExtensions": {
2639 "Enabled": true | false,
2640 "Locked": true | false
2641 }
2642 }
2643 }
2644 ```
2645 ### EnterprisePoliciesEnabled
2646 Enable policy support on macOS.
2647
2648 **Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
2649 **CCK2 Equivalent:** N/A\
2650 **Preferences Affected:** N/A
2651
2652 #### macOS
2653 ```
2654 <dict>
2655 <key>EnterprisePoliciesEnabled</key>
2656 <true/>
2657 </dict>
2658 ```
2659 ### ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2660
2661 Disable warnings based on file extension for specific file types on domains.
2662
2663 This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#ExemptDomainFileTypePairsFromFileTypeDownloadWarnings) of the same name.
2664
2665 Important: The documentation for the policy for both Edge and Chrome is incorrect. The ```domains``` value must be a domain, not a URL pattern. Also, we do not support using ```*``` to mean all domains.
2666
2667 **Compatibility:** Firefox 102\
2668 **CCK2 Equivalent:** N/A\
2669 **Preferences Affected:** N/A
2670
2671 #### Windows (GPO)
2672 Software\Policies\Mozilla\Firefox\ExemptDomainFileTypePairsFromFileTypeDownloadWarnings (REG_MULTI_SZ) =
2673 ```
2674 [
2675 {
2676 "file_extension": "jnlp",
2677 "domains": ["example.com"]
2678 }
2679 ]
2680 ```
2681 #### Windows (Intune)
2682 OMA-URI:
2683 ```
2684 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarnings
2685 ```
2686 Value (string):
2687 ```
2688 <enabled/>
2689 <data id="JSON" value='
2690 [
2691 {
2692 "file_extension": "jnlp",
2693 "domains": ["example.com"]
2694 }
2695 ]
2696 '/>
2697 ```
2698 #### macOS
2699 ```
2700 <dict>
2701 <key>ExemptDomainFileTypePairsFromFileTypeDownloadWarnings</key>
2702 <array>
2703 <dict>
2704 <key>file_extension</key>
2705 <string>jnlp</string>
2706 <key>domains</key>
2707 <array>
2708 <string>example.com</string>
2709 </array>
2710 </dict>
2711 </array>
2712 </dict>
2713 ```
2714 #### policies.json
2715 ```
2716 {
2717 "policies": {
2718 "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": [{
2719 "file_extension": "jnlp",
2720 "domains": ["example.com"]
2721 }]
2722 }
2723 }
2724 ```
2725 ### Extensions
2726 Control the installation, uninstallation and locking of extensions.
2727
2728 While this policy is not technically deprecated, it is recommended that you use the **[`ExtensionSettings`](#extensionsettings)** policy. It has the same functionality and adds more. It does not support native paths, though, so you'll have to use file:/// URLs.
2729
2730 `Install` is a list of URLs or native paths for extensions to be installed.
2731
2732 `Uninstall` is a list of extension IDs that should be uninstalled if found.
2733
2734 `Locked` is a list of extension IDs that the user cannot disable or uninstall.
2735
2736 **Compatibility:** Firefox 60, Firefox ESR 60\
2737 **CCK2 Equivalent:** `addons`\
2738 **Preferences Affected:** N/A
2739
2740 #### Windows (GPO)
2741 ```
2742 Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
2743 Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
2744 Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
2745 Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
2746 ```
2747 #### Windows (Intune)
2748 OMA-URI:
2749 ```
2750 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
2751 ```
2752 Value (string):
2753 ```
2754 <enabled/>
2755 <data id="Extensions" value="1&#xF000;https://addons.mozilla.org/firefox/downloads/somefile.xpi&#xF000;2&#xF000;//path/to/xpi"/>
2756 ```
2757 OMA-URI:
2758 ```
2759 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
2760 ```
2761 Value (string):
2762 ```
2763 <enabled/>
2764 <data id="Extensions" value="1&#xF000;bad_addon_id@mozilla.org"/>
2765 ```
2766 OMA-URI:
2767 ```
2768 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
2769 ```
2770 Value (string):
2771 ```
2772 <enabled/>
2773 <data id="Extensions" value="1&#xF000;addon_id@mozilla.org"/>
2774 ```
2775 #### macOS
2776 ```
2777 <dict>
2778 <key>Extensions</key>
2779 <dict>
2780 <key>Install</key>
2781 <array>
2782 <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
2783 <string>//path/to/xpi</string>
2784 </array>
2785 <key>Uninstall</key>
2786 <array>
2787 <string>bad_addon_id@mozilla.org</string>
2788 </array>
2789 <key>Locked</key>
2790 <array>
2791 <string>addon_id@mozilla.org</string>
2792 </array>
2793 </dict>
2794 </dict>
2795 ```
2796 #### policies.json
2797 ```
2798 {
2799 "policies": {
2800 "Extensions": {
2801 "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
2802 "Uninstall": ["bad_addon_id@mozilla.org"],
2803 "Locked": ["addon_id@mozilla.org"]
2804 }
2805 }
2806 }
2807 ```
2808 ### ExtensionSettings
2809 Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
2810
2811 This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
2812
2813 To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
2814
2815 The configuration for each extension is another dictionary that can contain the fields documented below.
2816
2817 | Name | Description |
2818 | --- | --- |
2819 | `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
2820 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
2821 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`blocked`| Blocks installation of the extension and removes it from the device if already installed.
2822 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
2823 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
2824 | `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
2825 | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
2826 | `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
2827 | `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
2828 | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
2829 | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
2830
2831 **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
2832 **CCK2 Equivalent:** N/A\
2833 **Preferences Affected:** N/A
2834
2835 #### Windows (GPO)
2836 Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
2837 ```
2838 {
2839 "*": {
2840 "blocked_install_message": "Custom error message.",
2841 "install_sources": ["https://yourwebsite.com/*"],
2842 "installation_mode": "blocked",
2843 "allowed_types": ["extension"]
2844 },
2845 "uBlock0@raymondhill.net": {
2846 "installation_mode": "force_installed",
2847 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2848 },
2849 "https-everywhere@eff.org": {
2850 "installation_mode": "allowed"
2851 }
2852 }
2853 ```
2854 #### Windows (Intune)
2855 OMA-URI:
2856 ```
2857 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
2858 ```
2859 Value (string):
2860 ```
2861 <enabled/>
2862 <data id="ExtensionSettings" value='
2863 {
2864 "*": {
2865 "blocked_install_message": "Custom error message.",
2866 "install_sources": ["https://yourwebsite.com/*"],
2867 "installation_mode": "blocked",
2868 "allowed_types": ["extension"]
2869 },
2870 "uBlock0@raymondhill.net": {
2871 "installation_mode": "force_installed",
2872 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2873 },
2874 "https-everywhere@eff.org": {
2875 "installation_mode": "allowed"
2876 }
2877 }'/>
2878 ```
2879 #### macOS
2880 ```
2881 <dict>
2882 <key>ExtensionSettings</key>
2883 <dict>
2884 <key>*</key>
2885 <dict>
2886 <key>blocked_install_message</key>
2887 <string>Custom error message.</string>
2888 <key>install_sources</key>
2889 <array>
2890 <string>"https://yourwebsite.com/*"</string>
2891 </array>
2892 <key>installation_mode</key>
2893 <string>blocked</string>
2894 <key>allowed_types</key>
2895 <array>
2896 <string>extension</string>
2897 </array>
2898 </dict>
2899 <key>uBlock0@raymondhill.net</key>
2900 <dict>
2901 <key>installation_mode</key>
2902 <string>force_installed</string>
2903 <key>install_url</key>
2904 <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
2905 </dict>
2906 <key>https-everywhere@eff.org</key>
2907 <dict>
2908 <key>installation_mode</key>
2909 <string>allowed</string>
2910 </dict>
2911 </dict>
2912 </dict>
2913 ```
2914 #### policies.json
2915 ```
2916 {
2917 "policies": {
2918 "ExtensionSettings": {
2919 "*": {
2920 "blocked_install_message": "Custom error message.",
2921 "install_sources": ["https://yourwebsite.com/*"],
2922 "installation_mode": "blocked",
2923 "allowed_types": ["extension"]
2924 },
2925 "uBlock0@raymondhill.net": {
2926 "installation_mode": "force_installed",
2927 "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
2928 },
2929 "https-everywhere@eff.org": {
2930 "installation_mode": "allowed"
2931 }
2932 }
2933 }
2934 }
2935 ```
2936 ### ExtensionUpdate
2937 Control extension updates.
2938
2939 **Compatibility:** Firefox 67, Firefox ESR 60.7\
2940 **CCK2 Equivalent:** N/A\
2941 **Preferences Affected:** `extensions.update.enabled`
2942
2943 #### Windows (GPO)
2944 ```
2945 Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
2946 ```
2947 #### Windows (Intune)
2948 OMA-URI:
2949 ```
2950 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
2951 ```
2952 Value (string):
2953 ```
2954 <enabled/> or <disabled/>
2955 ```
2956 #### macOS
2957 ```
2958 <dict>
2959 <key>ExtensionUpdate</key>
2960 <true/> | <false/>
2961 </dict>
2962 ```
2963 #### policies.json
2964 ```
2965 {
2966 "policies": {
2967 "ExtensionUpdate": true | false
2968 }
2969 }
2970 ```
2971 ### FirefoxHome
2972 Customize the Firefox Home page.
2973
2974 **Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
2975 **CCK2 Equivalent:** N/A\
2976 **Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
2977
2978 #### Windows (GPO)
2979 ```
2980 Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
2981 Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
2982 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
2983 Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
2984 Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
2985 Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
2986 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
2987 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
2988 ```
2989 #### Windows (Intune)
2990 OMA-URI:
2991 ```
2992 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
2993 ```
2994 Value (string):
2995 ```
2996 <enabled/>
2997 <data id="FirefoxHome_Search" value="true | false"/>
2998 <data id="FirefoxHome_TopSites" value="true | false"/>
2999 <data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
3000 <data id="FirefoxHome_Highlights" value="true | false"/>
3001 <data id="FirefoxHome_Pocket" value="true | false"/>
3002 <data id="FirefoxHome_SponsoredPocket" value="true | false"/>
3003 <data id="FirefoxHome_Snippets" value="true | false"/>
3004 <data id="FirefoxHome_Locked" value="true | false"/>
3005 ```
3006 #### macOS
3007 ```
3008 <dict>
3009 <key>FirefoxHome</key>
3010 <dict>
3011 <key>Search</key>
3012 <true/> | <false/>
3013 <key>TopSites</key>
3014 <true/> | <false/>
3015 <key>SponsoredTopSites</key>
3016 <true/> | <false/>
3017 <key>Highlights</key>
3018 <true/> | <false/>
3019 <key>Pocket</key>
3020 <true/> | <false/>
3021 <key>SponsoredPocket</key>
3022 <true/> | <false/>
3023 <key>Snippets</key>
3024 <true/> | <false/>
3025 <key>Locked</key>
3026 <true/> | <false/>
3027 </dict>
3028 </dict>
3029 ```
3030 #### policies.json
3031 ```
3032 {
3033 "policies": {
3034 "FirefoxHome": {
3035 "Search": true | false,
3036 "TopSites": true | false,
3037 "SponsoredTopSites": true | false,
3038 "Highlights": true | false,
3039 "Pocket": true | false,
3040 "SponsoredPocket": true | false,
3041 "Snippets": true | false,
3042 "Locked": true | false
3043 }
3044 }
3045 }
3046 ```
3047 ### FlashPlugin (Deprecated)
3048 Configure the default Flash plugin policy as well as origins for which Flash is allowed.
3049
3050 `Allow` is a list of origins where Flash are allowed.
3051
3052 `Block` is a list of origins where Flash is not allowed.
3053
3054 `Default` determines whether or not Flash is allowed by default.
3055
3056 `Locked` prevents the user from changing Flash preferences.
3057
3058 **Compatibility:** Firefox 60, Firefox ESR 60\
3059 **CCK2 Equivalent:** `permissions.plugin`\
3060 **Preferences Affected:** `plugin.state.flash`
3061
3062 #### Windows (GPO)
3063 ```
3064 Software\Policies\Mozilla\Firefox\FlashPlugin\Allow\1 = "https://example.org"
3065 Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu"
3066 Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
3067 Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
3068 ```
3069 #### Windows (Intune)
3070 OMA-URI:
3071 ```
3072 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow
3073 ```
3074 Value (string):
3075 ```
3076 <enabled/>
3077 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3078 ```
3079 OMA-URI:
3080 ```
3081 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked
3082 ```
3083 Value (string):
3084 ```
3085 <enabled/> or <disabled/>
3086 ```
3087 OMA-URI:
3088 ```
3089 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default
3090 ```
3091 Value (string):
3092 ```
3093 <enabled/> or <disabled/>
3094 ```
3095 #### macOS
3096 ```
3097 <dict>
3098 <key>FlashPlugin</key>
3099 <dict>
3100 <key>Allow</key>
3101 <array>
3102 <string>http://example.org</string>
3103 </array>
3104 <key>Block</key>
3105 <array>
3106 <string>http://example.edu</string>
3107 </array>
3108 <key>Default</key>
3109 <true/> | <false/>
3110 <key>Locked</key>
3111 <true/> | <false/>
3112 </dict>
3113 </dict>
3114 ```
3115 #### policies.json
3116 ```
3117 {
3118 "policies": {
3119 "FlashPlugin": {
3120 "Allow": ["http://example.org/"],
3121 "Block": ["http://example.edu/"],
3122 "Default": true | false,
3123 "Locked": true | false
3124 }
3125 }
3126 }
3127 ```
3128 ### GoToIntranetSiteForSingleWordEntryInAddressBar
3129 Whether to always go through the DNS server before sending a single word search string to a search engine.
3130
3131 If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
3132
3133 The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
3134
3135 If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
3136
3137 You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
3138
3139 Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
3140
3141 **Compatibility:** Firefox 104, Firefox ESR 102.2\
3142 **CCK2 Equivalent:** `N/A`\
3143 **Preferences Affected:** `browser.fixup.dns_first_for_single_words`
3144
3145 #### Windows (GPO)
3146 ```
3147 Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
3148 ```
3149 #### Windows (Intune)
3150 OMA-URI:
3151 ```
3152 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
3153 ```
3154 Value (string):
3155 ```
3156 <enabled/> or <disabled/>
3157 ```
3158 #### macOS
3159 ```
3160 <dict>
3161 <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
3162 <true/> | <false/>
3163 </dict>
3164 ```
3165 #### policies.json
3166 ```
3167 {
3168 "policies": {
3169 "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
3170 }
3171 }
3172 ```
3173 ### Handlers
3174 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
3175
3176 You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
3177
3178 Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
3179
3180 | Name | Description |
3181 | --- | --- |
3182 | `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
3183 | `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
3184 | `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
3185 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`name` | The display name of the handler (might not be used).
3186 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`path`| The native path to the executable to be used.
3187 | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;`uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
3188
3189 **Compatibility:** Firefox 78, Firefox ESR 78\
3190 **CCK2 Equivalent:** N/A\
3191 **Preferences Affected:** N/A
3192
3193 #### Windows (GPO)
3194 Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
3195 ```
3196 {
3197 "mimeTypes": {
3198 "application/msword": {
3199 "action": "useSystemDefault",
3200 "ask": true | false
3201 }
3202 },
3203 "schemes": {
3204 "mailto": {
3205 "action": "useHelperApp",
3206 "ask": true | false,
3207 "handlers": [{
3208 "name": "Gmail",
3209 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3210 }]
3211 }
3212 },
3213 "extensions": {
3214 "pdf": {
3215 "action": "useHelperApp",
3216 "ask": true | false,
3217 "handlers": [{
3218 "name": "Adobe Acrobat",
3219 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3220 }]
3221 }
3222 }
3223 }
3224 ```
3225 #### Windows (Intune)
3226 OMA-URI:
3227 ```
3228 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
3229 ```
3230 Value (string):
3231 ```
3232 <enabled/>
3233 <data id="Handlers" value='
3234 {
3235 "mimeTypes": {
3236 "application/msword": {
3237 "action": "useSystemDefault",
3238 "ask": true | false
3239 }
3240 },
3241 "schemes": {
3242 "mailto": {
3243 "action": "useHelperApp",
3244 "ask": true | false,
3245 "handlers": [{
3246 "name": "Gmail",
3247 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&amp;url=%s"
3248 }]
3249 }
3250 },
3251 "extensions": {
3252 "pdf": {
3253 "action": "useHelperApp",
3254 "ask": true | false,
3255 "handlers": [{
3256 "name": "Adobe Acrobat",
3257 "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
3258 }]
3259 }
3260 }
3261 }
3262 '/>
3263 ```
3264 #### macOS
3265 ```
3266 <dict>
3267 <key>Handlers</key>
3268 <dict>
3269 <key>mimeTypes</key>
3270 <dict>
3271 <key>application/msword</key>
3272 <dict>
3273 <key>action</key>
3274 <string>useSystemDefault</string>
3275 <key>ask</key>
3276 <true/> | <false/>
3277 </dict>
3278 </dict>
3279 <key>schemes</key>
3280 <dict>
3281 <key>mailto</key>
3282 <dict>
3283 <key>action</key>
3284 <string>useHelperApp</string>
3285 <key>ask</key>
3286 <true/> | <false/>
3287 <key>handlers</key>
3288 <array>
3289 <dict>
3290 <key>name</key>
3291 <string>Gmail</string>
3292 <key>uriTemplate</key>
3293 <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
3294 </dict>
3295 </array>
3296 </dict>
3297 </dict>
3298 <key>extensions</key>
3299 <dict>
3300 <key>pdf</key>
3301 <dict>
3302 <key>action</key>
3303 <string>useHelperApp</string>
3304 <key>ask</key>
3305 <true/> | <false/>
3306 <key>handlers</key>
3307 <array>
3308 <dict>
3309 <key>name</key>
3310 <string>Adobe Acrobat</string>
3311 <key>path</key>
3312 <string>/System/Applications/Preview.app</string>
3313 </dict>
3314 </array>
3315 </dict>
3316 </dict>
3317 </dict>
3318 </dict>
3319 ```
3320 #### policies.json
3321 ```
3322 {
3323 "policies": {
3324 "Handlers": {
3325 "mimeTypes": {
3326 "application/msword": {
3327 "action": "useSystemDefault",
3328 "ask": false
3329 }
3330 },
3331 "schemes": {
3332 "mailto": {
3333 "action": "useHelperApp",
3334 "ask": true | false,
3335 "handlers": [{
3336 "name": "Gmail",
3337 "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
3338 }]
3339 }
3340 },
3341 "extensions": {
3342 "pdf": {
3343 "action": "useHelperApp",
3344 "ask": true | false,
3345 "handlers": [{
3346 "name": "Adobe Acrobat",
3347 "path": "/usr/bin/acroread"
3348 }]
3349 }
3350 }
3351 }
3352 }
3353 }
3354 ```
3355 ### HardwareAcceleration
3356 Control hardware acceleration.
3357
3358 **Compatibility:** Firefox 60, Firefox ESR 60\
3359 **CCK2 Equivalent:** N/A\
3360 **Preferences Affected:** `layers.acceleration.disabled`
3361
3362 #### Windows (GPO)
3363 ```
3364 Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
3365 ```
3366 #### Windows (Intune)
3367 OMA-URI:
3368 ```
3369 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
3370 ```
3371 Value (string):
3372 ```
3373 <enabled/> or <disabled/>
3374 ```
3375 #### macOS
3376 ```
3377 <dict>
3378 <key>HardwareAcceleration</key>
3379 <true/> | <false/>
3380 </dict>
3381 ```
3382 #### policies.json
3383 ```
3384 {
3385 "policies": {
3386 "HardwareAcceleration": true | false
3387 }
3388 }
3389 ```
3390 ### Homepage
3391 Configure the default homepage and how Firefox starts.
3392
3393 `URL` is the default homepage.
3394
3395 `Locked` prevents the user from changing homepage preferences.
3396
3397 `Additional` allows for more than one homepage.
3398
3399 `StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
3400
3401 With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
3402
3403 **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
3404 **CCK2 Equivalent:** `homePage`,`lockHomePage`\
3405 **Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
3406
3407 #### Windows (GPO)
3408 ```
3409 Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
3410 Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
3411 Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
3412 Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
3413 Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
3414 ```
3415 #### Windows (Intune)
3416 OMA-URI:
3417 ```
3418 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
3419 ```
3420 Value (string):
3421 ```
3422 <enabled/>
3423
3424 <data id="HomepageURL" value="https://example.com"/>
3425 <data id="HomepageLocked" value="true | false"/>
3426 ```
3427 OMA-URI:
3428 ```
3429 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
3430 ```
3431 Value (string):
3432 ```
3433 <enabled/>
3434
3435 <data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
3436 ```
3437 OMA-URI:
3438 ```
3439 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
3440 ```
3441 Value (string):
3442 ```
3443 <enabled/>
3444
3445 <data id="StartPage" value="none | homepage | previous-session"/>
3446 ```
3447 #### macOS
3448 ```
3449 <dict>
3450 <key>Homepage</key>
3451 <dict>
3452 <key>URL</key>
3453 <string>http://example.com</string>
3454 <key>Locked</key>
3455 <true/> | <false/>
3456 <key>Additional</key>
3457 <array>
3458 <string>http://example.org</string>
3459 <string>http://example.edu</string>
3460 </array>
3461 <key>StartPage</key>
3462 <string>none | homepage | previous-session | homepage-locked</string>
3463 </dict>
3464 </dict>
3465 ```
3466 #### policies.json
3467 ```
3468 {
3469 "policies": {
3470 "Homepage": {
3471 "URL": "http://example.com/",
3472 "Locked": true | false,
3473 "Additional": ["http://example.org/",
3474 "http://example.edu/"],
3475 "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
3476 }
3477 }
3478 }
3479 ```
3480 ### InstallAddonsPermission
3481 Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
3482
3483 `Allow` is a list of origins where extension installs are allowed.
3484
3485 `Default` determines whether or not extension installs are allowed by default.
3486
3487 **Compatibility:** Firefox 60, Firefox ESR 60\
3488 **CCK2 Equivalent:** `permissions.install`\
3489 **Preferences Affected:** `xpinstall.enabled`
3490
3491 #### Windows (GPO)
3492 ```
3493 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
3494 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
3495 Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
3496 ```
3497 #### Windows (Intune)
3498 OMA-URI:
3499 ```
3500 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
3501 ```
3502 Value (string):
3503 ```
3504 <enabled/>
3505 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3506 ```
3507 OMA-URI:
3508 ```
3509 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
3510 ```
3511 Value (string):
3512 ```
3513 <enabled/>
3514 ```
3515 #### macOS
3516 ```
3517 <dict>
3518 <key>InstallAddonsPermission</key>
3519 <dict>
3520 <key>Allow</key>
3521 <array>
3522 <string>http://example.org</string>
3523 <string>http://example.edu</string>
3524 </array>
3525 <key>Default</key>
3526 <true/> | <false/>
3527 </dict>
3528 </dict>
3529 ```
3530 #### policies.json
3531 ```
3532 {
3533 "policies": {
3534 "InstallAddonsPermission": {
3535 "Allow": ["http://example.org/",
3536 "http://example.edu/"],
3537 "Default": true | false
3538 }
3539 }
3540 }
3541 ```
3542 ### LegacyProfiles
3543 Disable the feature enforcing a separate profile for each installation.
3544
3545 If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
3546
3547 If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
3548
3549 This policy only work on Windows via GPO (not policies.json).
3550
3551 **Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
3552 **CCK2 Equivalent:** N/A\
3553 **Preferences Affected:** N/A
3554
3555 #### Windows (GPO)
3556 ```
3557 Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
3558 ```
3559 #### Windows (Intune)
3560 OMA-URI:
3561 ```
3562 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
3563 ```
3564 Value (string):
3565 ```
3566 <enabled/> or <disabled/>
3567 ```
3568 ### LegacySameSiteCookieBehaviorEnabled
3569 Enable default legacy SameSite cookie behavior setting.
3570
3571 If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3572
3573 **Compatibility:** Firefox 96\
3574 **CCK2 Equivalent:** N/A\
3575 **Preferences Affected:** `network.cookie.sameSite.laxByDefault`
3576
3577 #### Windows (GPO)
3578 ```
3579 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
3580 ```
3581 #### Windows (Intune)
3582 OMA-URI:
3583 ```
3584 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
3585 ```
3586 Value (string):
3587 ```
3588 <enabled/> or <disabled/>
3589 ```
3590 #### macOS
3591 ```
3592 <dict>
3593 <key>LegacySameSiteCookieBehaviorEnabled</key>
3594 <true/> | <false/>
3595 </dict>
3596 ```
3597 #### policies.json
3598 ```
3599 {
3600 "policies": {
3601 "LegacySameSiteCookieBehaviorEnabled": true | false
3602 }
3603 ```
3604 ### LegacySameSiteCookieBehaviorEnabledForDomainList
3605 Revert to legacy SameSite behavior for cookies on specified sites.
3606
3607 If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
3608
3609 **Compatibility:** Firefox 96\
3610 **CCK2 Equivalent:** N/A\
3611 **Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
3612
3613 #### Windows (GPO)
3614 ```
3615 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
3616 Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
3617 ```
3618 #### Windows (Intune)
3619 OMA-URI:
3620 ```
3621 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
3622 ```
3623 Value (string):
3624 ```
3625 <enabled/>
3626 <data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
3627 ```
3628 #### macOS
3629 ```
3630 <dict>
3631 <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
3632 <array>
3633 <string>example.org</string>
3634 <string>example.edu</string>
3635 </array>
3636 </dict>
3637 ```
3638 #### policies.json
3639 ```
3640 {
3641 "policies": {
3642 "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
3643 "example.edu"]
3644 }
3645 }
3646 ```
3647 ### LocalFileLinks
3648 Enable linking to local files by origin.
3649
3650 **Compatibility:** Firefox 68, Firefox ESR 68\
3651 **CCK2 Equivalent:** N/A\
3652 **Preferences Affected:** `capability.policy.localfilelinks.*`
3653
3654 #### Windows (GPO)
3655 ```
3656 Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
3657 Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
3658 ```
3659 #### Windows (Intune)
3660 OMA-URI:
3661 ```
3662 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
3663 ```
3664 Value (string):
3665 ```
3666 <enabled/>
3667 <data id="LocalFileLinks" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
3668 ```
3669 #### macOS
3670 ```
3671 <dict>
3672 <key>LocalFileLinks</key>
3673 <array>
3674 <string>http://example.org</string>
3675 <string>http://example.edu</string>
3676 </array>
3677 </dict>
3678 ```
3679 #### policies.json
3680 ```
3681 {
3682 "policies": {
3683 "LocalFileLinks": ["http://example.org/",
3684 "http://example.edu/"]
3685 }
3686 }
3687 ```
3688 ### ManagedBookmarks
3689 Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
3690
3691 The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
3692
3693 The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
3694 ```
3695 {
3696 "items": {
3697 "id": "BookmarkType",
3698 "properties": {
3699 "children": {
3700 "items": {
3701 "$ref": "BookmarkType"
3702 },
3703 "type": "array"
3704 },
3705 "name": {
3706 "type": "string"
3707 },
3708 "toplevel_name": {
3709 "type": "string"
3710 },
3711 "url": {
3712 "type": "string"
3713 }
3714 },
3715 "type": "object"
3716 },
3717 "type": "array"
3718 }
3719 ```
3720 **Compatibility:** Firefox 83, Firefox ESR 78.5\
3721 **CCK2 Equivalent:** N/A\
3722 **Preferences Affected:** N/A
3723
3724 #### Windows (GPO)
3725 Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
3726 ```
3727 [
3728 {
3729 "toplevel_name": "My managed bookmarks folder"
3730 },
3731 {
3732 "url": "example.com",
3733 "name": "Example"
3734 },
3735 {
3736 "name": "Mozilla links",
3737 "children": [
3738 {
3739 "url": "https://mozilla.org",
3740 "name": "Mozilla.org"
3741 },
3742 {
3743 "url": "https://support.mozilla.org/",
3744 "name": "SUMO"
3745 }
3746 ]
3747 }
3748 ]
3749 ```
3750 #### Windows (Intune)
3751 OMA-URI:
3752 ```
3753 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
3754 ```
3755 Value (string):
3756 ```
3757 <enabled/>
3758 <data id="JSON" value='
3759 [
3760 {
3761 "toplevel_name": "My managed bookmarks folder"
3762 },
3763 {
3764 "url": "example.com",
3765 "name": "Example"
3766 },
3767 {
3768 "name": "Mozilla links",
3769 "children": [
3770 {
3771 "url": "https://mozilla.org",
3772 "name": "Mozilla.org"
3773 },
3774 {
3775 "url": "https://support.mozilla.org/",
3776 "name": "SUMO"
3777 }
3778 ]
3779 }
3780 ]'/>
3781 ```
3782 #### macOS
3783 ```
3784 <dict>
3785 <key>ManagedBookmarks</key>
3786 <array>
3787 <dict>
3788 <key>toplevel_name</key>
3789 <string>My managed bookmarks folder</string>
3790 <dict>
3791 <key>url</key>
3792 <string>example.com</string>
3793 <key>name</key>
3794 <string>Example</string>
3795 </dict>
3796 <dict>
3797 <key>name</key>
3798 <string>Mozilla links</string>
3799 <key>children</key>
3800 <array>
3801 <dict>
3802 <key>url</key>
3803 <string>https://mozilla.org</string>
3804 <key>name</key>
3805 <string>Mozilla</string>
3806 </dict>
3807 <dict>
3808 <key>url</key>
3809 <string>https://support.mozilla.org/</string>
3810 <key>name</key>
3811 <string>SUMO</string>
3812 </dict>
3813 </array>
3814 </dict>
3815 </array>
3816 </dict>
3817 ```
3818 #### policies.json
3819 ```
3820 {
3821 "policies": {
3822 "ManagedBookmarks": [
3823 {
3824 "toplevel_name": "My managed bookmarks folder"
3825 },
3826 {
3827 "url": "example.com",
3828 "name": "Example"
3829 },
3830 {
3831 "name": "Mozilla links",
3832 "children": [
3833 {
3834 "url": "https://mozilla.org",
3835 "name": "Mozilla.org"
3836 },
3837 {
3838 "url": "https://support.mozilla.org/",
3839 "name": "SUMO"
3840 }
3841 ]
3842 }
3843 ]
3844 }
3845 }
3846 ```
3847 ### ManualAppUpdateOnly
3848
3849 Switch to manual updates only.
3850
3851 If this policy is enabled:
3852 1. The user will never be prompted to install updates
3853 2. Firefox will not check for updates in the background, though it will check automatically when an update UI is displayed (such as the one in the About dialog). This check will be used to show "Update to version X" in the UI, but will not automatically download the update or prompt the user to update in any other way.
3854 3. The update UI will work as expected, unlike when using DisableAppUpdate.
3855
3856 This policy is primarily intended for advanced end users, not for enterprises.
3857
3858 **Compatibility:** Firefox 87\
3859 **CCK2 Equivalent:** N/A\
3860 **Preferences Affected:** N/A
3861
3862 #### policies.json
3863 ```
3864 {
3865 "policies": {
3866 "ManualAppUpdateOnly": true | false
3867 }
3868 }
3869 ```
3870 ### NetworkPrediction
3871 Enable or disable network prediction (DNS prefetching).
3872
3873 **Compatibility:** Firefox 67, Firefox ESR 60.7\
3874 **CCK2 Equivalent:** N/A\
3875 **Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
3876
3877 #### Windows (GPO)
3878 ```
3879 Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
3880 ```
3881 #### Windows (Intune)
3882 OMA-URI:
3883 ```
3884 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
3885 ```
3886 Value (string):
3887 ```
3888 <enabled/> or <disabled/>
3889 ```
3890 #### macOS
3891 ```
3892 <dict>
3893 <key>NetworkPrediction</key>
3894 <true/> | <false/>
3895 </dict>
3896 ```
3897 #### policies.json
3898 ```
3899 {
3900 "policies": {
3901 "NetworkPrediction": true | false
3902 }
3903 ```
3904 ### NewTabPage
3905 Enable or disable the New Tab page.
3906
3907 **Compatibility:** Firefox 68, Firefox ESR 68\
3908 **CCK2 Equivalent:** N/A\
3909 **Preferences Affected:** `browser.newtabpage.enabled`
3910
3911 #### Windows (GPO)
3912 ```
3913 Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
3914 ```
3915 #### Windows (Intune)
3916 OMA-URI:
3917 ```
3918 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
3919 ```
3920 Value (string):
3921 ```
3922 <enabled/> or <disabled/>
3923 ```
3924 #### macOS
3925 ```
3926 <dict>
3927 <key>NewTabPage</key>
3928 <true/> | <false/>
3929 </dict>
3930 ```
3931 #### policies.json
3932 ```
3933 {
3934 "policies": {
3935 "NewTabPage": true | false
3936 }
3937 ```
3938 ### NoDefaultBookmarks
3939 Disable the creation of default bookmarks.
3940
3941 This policy is only effective if the user profile has not been created yet.
3942
3943 **Compatibility:** Firefox 60, Firefox ESR 60\
3944 **CCK2 Equivalent:** `removeDefaultBookmarks`\
3945 **Preferences Affected:** N/A
3946
3947 #### Windows (GPO)
3948 ```
3949 Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
3950 ```
3951 #### Windows (Intune)
3952 OMA-URI:
3953 ```
3954 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
3955 ```
3956 Value (string):
3957 ```
3958 <enabled/> or <disabled/>
3959 ```
3960 #### macOS
3961 ```
3962 <dict>
3963 <key>NoDefaultBookmarks</key>
3964 <true/> | <false/>
3965 </dict>
3966 ```
3967 #### policies.json
3968 ```
3969 {
3970 "policies": {
3971 "NoDefaultBookmarks": true | false
3972 }
3973 }
3974 ```
3975 ### OfferToSaveLogins
3976 Control whether or not Firefox offers to save passwords.
3977
3978 **Compatibility:** Firefox 60, Firefox ESR 60\
3979 **CCK2 Equivalent:** `dontRememberPasswords`\
3980 **Preferences Affected:** `signon.rememberSignons`
3981
3982 #### Windows (GPO)
3983 ```
3984 Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
3985 ```
3986 #### Windows (Intune)
3987 OMA-URI:
3988 ```
3989 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
3990 ```
3991 Value (string):
3992 ```
3993 <enabled/> or <disabled/>
3994 ```
3995 #### macOS
3996 ```
3997 <dict>
3998 <key>OfferToSaveLogins</key>
3999 <true/> | <false/>
4000 </dict>
4001 ```
4002 #### policies.json
4003 ```
4004 {
4005 "policies": {
4006 "OfferToSaveLogins": true | false
4007 }
4008 }
4009 ```
4010 ### OfferToSaveLoginsDefault
4011 Sets the default value of signon.rememberSignons without locking it.
4012
4013 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4014 **CCK2 Equivalent:** `dontRememberPasswords`\
4015 **Preferences Affected:** `signon.rememberSignons`
4016
4017 #### Windows (GPO)
4018 ```
4019 Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
4020 ```
4021 #### Windows (Intune)
4022 OMA-URI:
4023 ```
4024 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
4025 ```
4026 Value (string):
4027 ```
4028 <enabled/> or <disabled/>
4029 ```
4030 #### macOS
4031 ```
4032 <dict>
4033 <key>OfferToSaveLoginsDefault</key>
4034 <true/> | <false/>
4035 </dict>
4036 ```
4037 #### policies.json
4038 ```
4039 {
4040 "policies": {
4041 "OfferToSaveLoginsDefault": true | false
4042 }
4043 }
4044 ```
4045 ### OverrideFirstRunPage
4046 Override the first run page. If the value is an empty string (""), the first run page is not displayed.
4047
4048 Starting with Firefox 83, Firefox ESR 78.5, you can also specify multiple URLS separated by a vertical bar (|).
4049
4050 **Compatibility:** Firefox 60, Firefox ESR 60\
4051 **CCK2 Equivalent:** `welcomePage`,`noWelcomePage`\
4052 **Preferences Affected:** `startup.homepage_welcome_url`
4053
4054 #### Windows (GPO)
4055 ```
4056 Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
4057 ```
4058 #### Windows (Intune)
4059 OMA-URI:
4060 ```
4061 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
4062 ```
4063 Value (string):
4064 ```
4065 <enabled/>
4066 <data id="OverridePage" value="https://example.com"/>
4067 ```
4068 #### macOS
4069 ```
4070 <dict>
4071 <key>OverrideFirstRunPage</key>
4072 <string>http://example.org</string>
4073 </dict>
4074 ```
4075 #### policies.json
4076 ```
4077 {
4078 "policies": {
4079 "OverrideFirstRunPage": "http://example.org"
4080 }
4081 }
4082 ```
4083 ### OverridePostUpdatePage
4084 Override the upgrade page. If the value is an empty string (""), no extra pages are displayed when Firefox is upgraded.
4085
4086 **Compatibility:** Firefox 60, Firefox ESR 60\
4087 **CCK2 Equivalent:** `upgradePage`,`noUpgradePage`\
4088 **Preferences Affected:** `startup.homepage_override_url`
4089
4090 #### Windows (GPO)
4091 ```
4092 Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
4093 ```
4094 #### Windows (Intune)
4095 OMA-URI:
4096 ```
4097 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
4098 ```
4099 Value (string):
4100 ```
4101 <enabled/>
4102 <data id="OverridePage" value="https://example.com"/>
4103 ```
4104 #### macOS
4105 ```
4106 <dict>
4107 <key>OverridePostUpdatePage</key>
4108 <string>http://example.org</string>
4109 </dict>
4110 ```
4111 #### policies.json
4112 ```
4113 {
4114 "policies": {
4115 "OverridePostUpdatePage": "http://example.org"
4116 }
4117 }
4118 ```
4119 ### PasswordManagerEnabled
4120 Remove access to the password manager via preferences and blocks about:logins on Firefox 70.
4121
4122 **Compatibility:** Firefox 70, Firefox ESR 60.2\
4123 **CCK2 Equivalent:** N/A\
4124 **Preferences Affected:** `pref.privacy.disable_button.view_passwords`
4125
4126 #### Windows (GPO)
4127 ```
4128 Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
4129 ```
4130 #### Windows (Intune)
4131 OMA-URI:
4132 ```
4133 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
4134 ```
4135 Value (string):
4136 ```
4137 <enabled/> or <disabled/>
4138 ```
4139 #### macOS
4140 ```
4141 <dict>
4142 <key>PasswordManagerEnabled</key>
4143 <true/> | <false/>
4144 </dict>
4145 ```
4146 #### policies.json
4147 ```
4148 {
4149 "policies": {
4150 "PasswordManagerEnabled": true | false
4151 }
4152 }
4153 ```
4154 ### PasswordManagerExceptions
4155 Prevent Firefox from saving passwords for specific sites.
4156
4157 The sites are specified as a list of origins.
4158
4159 **Compatibility:** Firefox 101\
4160 **CCK2 Equivalent:** N/A\
4161 **Preferences Affected:** N/A
4162
4163 #### Windows (GPO)
4164 ```
4165 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\1 = "https://example.org"
4166 Software\Policies\Mozilla\Firefox\PasswordManagerExceptions\2 = "https://example.edu"
4167 ```
4168 #### Windows (Intune)
4169 OMA-URI:
4170 ```
4171 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerExceptions
4172 ```
4173 Value (string):
4174 ```
4175 <enabled/>
4176 <data id="List" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4177 ```
4178 #### macOS
4179 ```
4180 <dict>
4181 <key>PasswordManagerExceptions</key>
4182 <array>
4183 <string>https://example.org</string>
4184 <string>https://example.edu</string>
4185 </array>
4186 </dict>
4187 ```
4188 #### policies.json
4189 ```
4190 {
4191 "policies": {
4192 "PasswordManagerExceptions": ["https://example.org",
4193 "https://example.edu"]
4194 }
4195 }
4196 ```
4197
4198 ### PDFjs
4199 Disable or configure PDF.js, the built-in PDF viewer.
4200
4201 If `Enabled` is set to false, the built-in PDF viewer is disabled.
4202
4203 If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
4204
4205 Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
4206
4207 **Compatibility:** Firefox 77, Firefox ESR 68.9\
4208 **CCK2 Equivalent:** N/A\
4209 **Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
4210
4211 #### Windows (GPO)
4212 ```
4213 Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
4214 Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
4215 ```
4216 #### Windows (Intune)
4217 OMA-URI:
4218 ```
4219 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
4220 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
4221 ```
4222 Value (string):
4223 ```
4224 <enabled/>or <disabled/>
4225 ```
4226 #### macOS
4227 ```
4228 <dict>
4229 <key>PDFjs</key>
4230 <dict>
4231 <key>Enabled</key>
4232 <true/> | <false/>
4233 <key>EnablePermissions</key>
4234 <true/> | <false/>
4235 </dict>
4236 </dict>
4237 ```
4238 #### policies.json
4239 ```
4240 {
4241 "policies": {
4242 "PDFjs": {
4243 "Enabled": true | false,
4244 "EnablePermissions": true | false
4245 }
4246 }
4247 }
4248 ```
4249 ### Permissions
4250 Set permissions associated with camera, microphone, location, notifications, autoplay, and virtual reality. Because these are origins, not domains, entries with unique ports must be specified separately. This explicitly means that it is not possible to add wildcards. See examples below.
4251
4252 `Allow` is a list of origins where the feature is allowed.
4253
4254 `Block` is a list of origins where the feature is not allowed.
4255
4256 `BlockNewRequests` determines whether or not new requests can be made for the feature.
4257
4258 `Locked` prevents the user from changing preferences for the feature.
4259
4260 `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
4261
4262 **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
4263 **CCK2 Equivalent:** N/A\
4264 **Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
4265
4266 #### Windows (GPO)
4267 ```
4268 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\1 = "https://example.org"
4269 Software\Policies\Mozilla\Firefox\Permissions\Camera\Allow\2 = "https://example.org:1234"
4270 Software\Policies\Mozilla\Firefox\Permissions\Camera\Block\1 = "https://example.edu"
4271 Software\Policies\Mozilla\Firefox\Permissions\Camera\BlockNewRequests = 0x1 | 0x0
4272 Software\Policies\Mozilla\Firefox\Permissions\Camera\Locked = 0x1 | 0x0
4273 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Allow\1 = "https://example.org"
4274 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Block\1 = "https://example.edu"
4275 Software\Policies\Mozilla\Firefox\Permissions\Microphone\BlockNewRequests = 0x1 | 0x0
4276 Software\Policies\Mozilla\Firefox\Permissions\Microphone\Locked = 0x1 | 0x0
4277 Software\Policies\Mozilla\Firefox\Permissions\Location\Allow\1 = "https://example.org"
4278 Software\Policies\Mozilla\Firefox\Permissions\Location\Block\1 = "https://example.edu"
4279 Software\Policies\Mozilla\Firefox\Permissions\Location\BlockNewRequests = 0x1 | 0x0
4280 Software\Policies\Mozilla\Firefox\Permissions\Location\Locked = 0x1 | 0x0
4281 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Allow\1 = "https://example.org"
4282 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
4283 Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
4284 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
4285 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
4286 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
4287 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
4288 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
4289 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Allow\1 = "https://example.org"
4290 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Block\1 = "https://example.edu"
4291 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\BlockNewRequests = 0x1 | 0x0
4292 Software\Policies\Mozilla\Firefox\Permissions\VirtualReality\Locked = 0x1 | 0x0
4293 ```
4294 #### Windows (Intune)
4295 OMA-URI:
4296 ```
4297 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
4298 ```
4299 Value (string):
4300 ```
4301 <enabled/> or <disabled/>
4302 ```
4303 OMA-URI:
4304 ```
4305 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
4306 ```
4307 Value (string):
4308 ```
4309 <enabled/> or <disabled/>
4310 ```
4311 OMA-URI:
4312 ```
4313 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
4314 ```
4315 Value (string):
4316 ```
4317 <enabled/>
4318 <data id="Permissions" value="1&#xF000;https://example.org"/>
4319 ```
4320 OMA-URI:
4321 ```
4322 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
4323 ```
4324 Value (string):
4325 ```
4326 <enabled/> or <disabled/>
4327 ```
4328 OMA-URI:
4329 ```
4330 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
4331 ```
4332 Value (string):
4333 ```
4334 <enabled/> or <disabled/>
4335 ```
4336 OMA-URI:
4337 ```
4338 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
4339 ```
4340 Value (string):
4341 ```
4342 <enabled/>
4343 <data id="Permissions" value="1&#xF000;https://example.org"/>
4344 ```
4345 OMA-URI:
4346 ```
4347 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
4348 ```
4349 Value (string):
4350 ```
4351 <enabled/>
4352 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4353 ```
4354 OMA-URI:
4355 ```
4356 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
4357 ```
4358 Value (string):
4359 ```
4360 <enabled/>
4361 <data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
4362 ```
4363 OMA-URI:
4364 ```
4365 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
4366 ```
4367 Value (string):
4368 ```
4369 <enabled/> or <disabled/>
4370 ```
4371 OMA-URI:
4372 ```
4373 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Allow
4374 ```
4375 Value (string):
4376 ```
4377 <enabled/>
4378 <data id="Permissions" value="1&#xF000;https://example.org"/>
4379 ```
4380 OMA-URI:
4381 ```
4382 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Block
4383 ```
4384 Value (string):
4385 ```
4386 <enabled/>
4387 <data id="Permissions" value="1&#xF000;https://example.edu"/>
4388 ```
4389 OMA-URI:
4390 ```
4391 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_BlockNewRequests
4392 ```
4393 Value (string):
4394 ```
4395 <enabled/> or <disabled/>
4396 ```
4397 OMA-URI:
4398 ```
4399 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/VirtualReality_Locked
4400 ```
4401 Value (string):
4402 ```
4403 <enabled/> or <disabled/>
4404 ```
4405 #### macOS
4406 ```
4407 <dict>
4408 <key>Permissions</key>
4409 <dict>
4410 <key>Camera</key>
4411 <dict>
4412 <key>Allow</key>
4413 <array>
4414 <string>https://example.org</string>
4415 <string>https://example.org:1234</string>
4416 </array>
4417 <key>Block</key>
4418 <array>
4419 <string>https://example.edu</string>
4420 </array>
4421 <key>BlockNewRequests</key>
4422 <true/> | <false/>
4423 <key>Locked</key>
4424 <true/> | <false/>
4425 </dict>
4426 <key>Microphone</key>
4427 <dict>
4428 <key>Allow</key>
4429 <array>
4430 <string>https://example.org</string>
4431 </array>
4432 <key>Block</key>
4433 <array>
4434 <string>https://example.edu</string>
4435 </array>
4436 <key>BlockNewRequests</key>
4437 <true/> | <false/>
4438 <key>Locked</key>
4439 <true/> | <false/>
4440 </dict>
4441 <key>Location</key>
4442 <dict>
4443 <key>Allow</key>
4444 <array>
4445 <string>https://example.org</string>
4446 </array>
4447 <key>Block</key>
4448 <array>
4449 <string>https://example.edu</string>
4450 </array>
4451 <key>BlockNewRequests</key>
4452 <true/> | <false/>
4453 <key>Locked</key>
4454 <true/> | <false/>
4455 </dict>
4456 <key>Notifications</key>
4457 <dict>
4458 <key>Allow</key>
4459 <array>
4460 <string>https://example.org</string>
4461 </array>
4462 <key>Block</key>
4463 <array>
4464 <string>https://example.edu</string>
4465 </array>
4466 <key>BlockNewRequests</key>
4467 <true/>
4468 <key>Locked</key>
4469 <true/>
4470 </dict>
4471 <key>Autoplay</key>
4472 <dict>
4473 <key>Allow</key>
4474 <array>
4475 <string>https://example.org</string>
4476 </array>
4477 <key>Block</key>
4478 <array>
4479 <string>https://example.edu</string>
4480 </array>
4481 <key>Default</key>
4482 <string>allow-audio-video | block-audio | block-audio-video</string>
4483 <key>Locked</key>
4484 <true/> | <false/>
4485 </dict>
4486 </dict>
4487 </dict>
4488 ```
4489 #### policies.json
4490 ```
4491 {
4492 "policies": {
4493 "Permissions": {
4494 "Camera": {
4495 "Allow": ["https://example.org","https://example.org:1234"],
4496 "Block": ["https://example.edu"],
4497 "BlockNewRequests": true | false,
4498 "Locked": true | false
4499 },
4500 "Microphone": {
4501 "Allow": ["https://example.org"],
4502 "Block": ["https://example.edu"],
4503 "BlockNewRequests": true | false,
4504 "Locked": true | false
4505 },
4506 "Location": {
4507 "Allow": ["https://example.org"],
4508 "Block": ["https://example.edu"],
4509 "BlockNewRequests": true | false,
4510 "Locked": true | false
4511 },
4512 "Notifications": {
4513 "Allow": ["https://example.org"],
4514 "Block": ["https://example.edu"],
4515 "BlockNewRequests": true | false,
4516 "Locked": true | false
4517 },
4518 "Autoplay": {
4519 "Allow": ["https://example.org"],
4520 "Block": ["https://example.edu"],
4521 "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
4522 "Locked": true | false
4523 }
4524 }
4525 }
4526 }
4527 ```
4528 ### PictureInPicture
4529
4530 Enable or disable Picture-in-Picture as well as prevent the user from enabling or disabling it (Locked).
4531
4532 **Compatibility:** Firefox 78, Firefox ESR 78\
4533 **CCK2 Equivalent:** N/A\
4534 **Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
4535
4536 #### Windows (GPO)
4537 ```
4538 Software\Policies\Mozilla\Firefox\PictureInPicture\Enabled = 0x1 | 0x0
4539 Software\Policies\Mozilla\Firefox\PictureInPicture\Locked = 0x1 | 0x0
4540
4541 ```
4542 #### Windows (Intune)
4543 OMA-URI:
4544 ```
4545 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Enabled
4546 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PictureInPicture/PictureInPicture_Locked
4547 ```
4548 Value (string):
4549 ```
4550 <enabled/> or <disabled/>
4551 ```
4552 #### macOS
4553 ```
4554 <dict>
4555 <key>PictureInPicture</key>
4556 <dict>
4557 <key>Enabled</key>
4558 <true/> | <false/>
4559 <key>Locked</key>
4560 <true/> | <false/>
4561 </dict>
4562 </dict>
4563 ```
4564 #### policies.json
4565 ```
4566 {
4567 "policies": {
4568 "PictureInPicture": {
4569 "Enabled": true | false,
4570 "Locked": true | false
4571 }
4572 }
4573 }
4574 ```
4575 ### PopupBlocking
4576 Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
4577
4578 `Allow` is a list of origins where popup-windows are allowed.
4579
4580 `Default` determines whether or not pop-up windows are allowed by default.
4581
4582 `Locked` prevents the user from changing pop-up preferences.
4583
4584 **Compatibility:** Firefox 60, Firefox ESR 60\
4585 **CCK2 Equivalent:** `permissions.popup`\
4586 **Preferences Affected:** `dom.disable_open_during_load`
4587
4588 #### Windows (GPO)
4589 ```
4590 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\1 = "https://example.org"
4591 Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
4592 Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
4593 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
4594 ```
4595 #### Windows (Intune)
4596 OMA-URI:
4597 ```
4598 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
4599 ```
4600 Value (string):
4601 ```
4602 <enabled/>
4603 <data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
4604 ```
4605 OMA-URI:
4606 ```
4607 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
4608 ```
4609 Value (string):
4610 ```
4611 <enabled/> or <disabled/>
4612 ```
4613 OMA-URI:
4614 ```
4615 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
4616 ```
4617 Value (string):
4618 ```
4619 <enabled/> or <disabled/>
4620 ```
4621 #### macOS
4622 ```
4623 <dict>
4624 <key>PopupBlocking</key>
4625 <dict>
4626 <key>Allow</key>
4627 <array>
4628 <string>http://example.org</string>
4629 <string>http://example.edu</string>
4630 </array>
4631 <key>Default</key>
4632 <true/> | <false/>
4633 <key>Locked</key>
4634 <true/> | <false/>
4635 </dict>
4636 </dict>
4637 ```
4638 #### policies.json
4639 ```
4640 {
4641 "policies": {
4642 "PopupBlocking": {
4643 "Allow": ["http://example.org/",
4644 "http://example.edu/"],
4645 "Default": true | false,
4646 "Locked": true | false
4647 }
4648 }
4649 }
4650 ```
4651 ### Preferences
4652 Set and lock preferences.
4653
4654 **NOTE** On Windows, in order to use this policy, you must clear all settings in the old **Preferences (Deprecated)** section.
4655
4656 Previously you could only set and lock a subset of preferences. Starting with Firefox 81 and Firefox ESR 78.3 you can set many more preferences. You can also set default preferences, user preferences and you can clear preferences.
4657
4658 Preferences that start with the following prefixes are supported:
4659 ```
4660 accessibility.
4661 app.update.* (Firefox 86, Firefox 78.8)
4662 browser.
4663 datareporting.policy.
4664 dom.
4665 extensions.
4666 general.autoScroll (Firefox 83, Firefox ESR 78.5)
4667 general.smoothScroll (Firefox 83, Firefox ESR 78.5)
4668 geo.
4669 gfx.
4670 intl.
4671 keyword.enabled (Firefox 95, Firefox ESR 91.4)
4672 layers.
4673 layout.
4674 media.
4675 network.
4676 pdfjs. (Firefox 84, Firefox ESR 78.6)
4677 places.
4678 print.
4679 signon. (Firefox 83, Firefox ESR 78.5)
4680 spellchecker. (Firefox 84, Firefox ESR 78.6)
4681 toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
4682 ui.
4683 widget.
4684 xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
4685 ```
4686 as well as the following security preferences:
4687 | Preference | Type | Default
4688 | --- | --- | ---
4689 | security.default_personal_cert | string | Ask Every Time
4690 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4691 | security.insecure_connection_text.enabled | bool | false
4692 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites.
4693 | security.insecure_connection_text.pbmode.enabled | bool | false
4694 | &nbsp;&nbsp;&nbsp;&nbsp;If set to true, adds the words "Not Secure" for insecure sites in private browsing.
4695 | security.mixed_content.block_active_content | boolean | true
4696 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4697 | security.osclientcerts.autoload | boolean | false
4698 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4699 | security.OCSP.enabled | integer | 1
4700 | &nbsp;&nbsp;&nbsp;&nbsp;If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
4701 | security.OCSP.require | boolean | false
4702 | &nbsp;&nbsp;&nbsp;&nbsp; If true, if an OCSP request times out, the connection fails.
4703 | security.ssl.enable_ocsp_stapling | boolean | true
4704 | &nbsp;&nbsp;&nbsp;&nbsp; If false, OCSP stapling is not enabled.
4705 | security.ssl.errorReporting.enabled | boolean | true
4706 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4707 | security.tls.enable_0rtt_data | boolean | true
4708 | &nbsp;&nbsp;&nbsp;&nbsp;If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
4709 | security.tls.hello_downgrade_check | boolean | true
4710 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4711 | security.tls.version.enable-deprecated | boolean | false
4712 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
4713 | security.warn_submit_secure_to_insecure | boolean | true
4714 | &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
4715 &nbsp;
4716
4717 Using the preference as the key, set the `Value` to the corresponding preference value.
4718
4719 `Status` can be "default", "locked", "user" or "clear"
4720
4721 * `"default"`: Read/Write: Settings appear as default even if factory default differs.
4722 * `"locked"`: Read-Only: Settings appear as default even if factory default differs.
4723 * `"user"`: Read/Write: Settings appear as changed if it differs from factory default.
4724 * `"clear"`: Read/Write: `Value` has no effect. Resets to factory defaults on each startup.
4725
4726 `"user"` preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
4727
4728 `"user"` preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
4729
4730 See the examples below for more detail.
4731
4732 IMPORTANT: Make sure you're only setting a particular preference using this mechanism and not some other way.
4733
4734 Status
4735 **Compatibility:** Firefox 81, Firefox ESR 78.3\
4736 **CCK2 Equivalent:** `preferences`\
4737 **Preferences Affected:** Many
4738
4739 #### Windows (GPO)
4740 Software\Policies\Mozilla\Firefox\Preferences (REG_MULTI_SZ) =
4741 ```
4742 {
4743 "accessibility.force_disabled": {
4744 "Value": 1,
4745 "Status": "default"
4746 },
4747 "browser.cache.disk.parent_directory": {
4748 "Value": "SOME_NATIVE_PATH",
4749 "Status": "user"
4750 },
4751 "browser.tabs.warnOnClose": {
4752 "Value": false,
4753 "Status": "locked"
4754 }
4755 }
4756 ```
4757 #### Windows (Intune)
4758 OMA-URI:
4759 ```
4760 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
4761 ```
4762 Value (string):
4763 ```
4764 <enabled/>
4765 <data id="JSON" value='
4766 {
4767 "accessibility.force_disabled": {
4768 "Value": 1,
4769 "Status": "default"
4770 },
4771 "browser.cache.disk.parent_directory": {
4772 "Value": "SOME_NATIVE_PATH",
4773 "Status": "user"
4774 },
4775 "browser.tabs.warnOnClose": {
4776 "Value": false,
4777 "Status": "locked"
4778 }
4779 }'/>
4780 ```
4781 #### macOS
4782 ```
4783 <dict>
4784 <key>Preferences</key>
4785 <dict>
4786 <key>accessibility.force_disabled</key>
4787 <dict>
4788 <key>Value</key>
4789 <integer>1</integer>
4790 <key>Status</key>
4791 <string>default</string>
4792 </dict>
4793 <key>browser.cache.disk.parent_directory</key>
4794 <dict>
4795 <key>Value</key>
4796 <string>SOME_NATIVE_PATH</string>
4797 <key>Status</key>
4798 <string>user</string>
4799 </dict>
4800 <key>browser.tabs.warnOnClose</key>
4801 <dict>
4802 <key>Value</key>
4803 <false/>
4804 <key>Status</key>
4805 <string>locked</string>
4806 </dict>
4807 </dict>
4808 </dict>
4809 ```
4810 #### policies.json
4811 ```
4812 {
4813 "policies": {
4814 "Preferences": {
4815 "accessibility.force_disabled": {
4816 "Value": 1,
4817 "Status": "default"
4818 },
4819 "browser.cache.disk.parent_directory": {
4820 "Value": "SOME_NATIVE_PATH",
4821 "Status": "user"
4822 },
4823 "browser.tabs.warnOnClose": {
4824 "Value": false,
4825 "Status": "locked"
4826 }
4827 }
4828 }
4829 }
4830 ```
4831 ### Preferences (Deprecated)
4832 Set and lock certain preferences.
4833
4834 **Compatibility:** See below\
4835 **CCK2 Equivalent:** `preferences`\
4836 **Preferences Affected:** See below
4837
4838 | Preference | Type | Compatibility | Default
4839 | --- | --- | --- | ---
4840 | accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
4841 | &nbsp;&nbsp;&nbsp;&nbsp;If set to 1, platform accessibility is disabled.
4842 | app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
4843 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Firefox doesn't automatically install update.
4844 | browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false
4845 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are exported on shutdown.
4846 | browser.bookmarks.file | string | Firefox 70, Firefox ESR 68.2 | N/A
4847 | &nbsp;&nbsp;&nbsp;&nbsp;If set, the name of the file where bookmarks are exported and imported.
4848 | browser.bookmarks.restore_default_bookmarks | boolean | Firefox 70, Firefox ESR 68.2 | N/A
4849 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are restored to their defaults.
4850 | browser.cache.disk.enable | boolean | Firefox 68, Firefox ESR 68 | true
4851 | &nbsp;&nbsp;&nbsp;&nbsp;If false, don't store cache on the hard drive.
4852 | ~browser.cache.disk.parent_directory~ | string | Firefox 68, Firefox ESR 68 | Profile temporary directory
4853 | &nbsp;&nbsp;&nbsp;&nbsp;~If set, changes the location of the disk cache.~ This policy doesn't work. It's being worked on.
4854 | browser.fixup.dns_first_for_single_words | boolean | Firefox 68, Firefox ESR 68 | false
4855 | &nbsp;&nbsp;&nbsp;&nbsp;If true, single words are sent to DNS, not directly to search.
4856 | browser.newtabpage.activity-stream.default.sites | string | Firefox 72, ESR 68.4 | Locale dependent
4857 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of URLs to use as the default top sites on the new tab page. Due to Firefox limitations, search sites can't be added. In addition, sites with the same name but different TLDs (example.org/example.com) will not display properly.
4858 | browser.places.importBookmarksHTML | boolean | Firefox 70, Firefox ESR 68.2
4859 | &nbsp;&nbsp;&nbsp;&nbsp;If true, bookmarks are always imported on startup.
4860 | browser.safebrowsing.phishing.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4861 | &nbsp;&nbsp;&nbsp;&nbsp;If false, phishing protection is not enabled (Not recommended)
4862 | browser.safebrowsing.malware.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4863 | &nbsp;&nbsp;&nbsp;&nbsp;If false, malware protection is not enabled (Not recommended)
4864 | browser.search.update | boolean | Firefox 68, Firefox ESR 68 | true
4865 | &nbsp;&nbsp;&nbsp;&nbsp;If false, updates for search engines are not checked.
4866 | browser.slowStartup.notificationDisabled | boolean | Firefox 70, Firefox ESR 68.2 | false
4867 | &nbsp;&nbsp;&nbsp;&nbsp;If true, a notification isn't shown if startup is slow.
4868 | browser.tabs.warnOnClose | boolean | Firefox 68, Firefox ESR 68 | true
4869 | &nbsp;&nbsp;&nbsp;&nbsp;If false, there is no warning when the browser is closed.
4870 | browser.taskbar.previews.enable | boolean | Firefox 70, Firefox ESR 68.2 (Windows only) | false
4871 | &nbsp;&nbsp;&nbsp;&nbsp;If true, tab previews are shown in the Windows taskbar.
4872 | browser.urlbar.suggest.bookmark | boolean | Firefox 68, Firefox ESR 68 | true
4873 | &nbsp;&nbsp;&nbsp;&nbsp;If false, bookmarks aren't suggested when typing in the URL bar.
4874 | browser.urlbar.suggest.history | boolean | Firefox 68, Firefox ESR 68 | true
4875 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history isn't suggested when typing in the URL bar.
4876 | browser.urlbar.suggest.openpage | boolean | Firefox 68, Firefox ESR 68 | true
4877 | &nbsp;&nbsp;&nbsp;&nbsp;If false, open tabs aren't suggested when typing in the URL bar.
4878 | datareporting.policy.dataSubmissionPolicyBypassNotification | boolean | Firefox 68, Firefox ESR 68 | false
4879 | &nbsp;&nbsp;&nbsp;&nbsp;If true, don't show the privacy policy tab on first run.
4880 | dom.allow_scripts_to_close_windows | boolean | Firefox 70, Firefox ESR 68.2 | false
4881 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web page can close windows.
4882 | dom.disable_window_flip | boolean | Firefox 68, Firefox ESR 68 | true
4883 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can focus and activate windows.
4884 | dom.disable_window_move_resize | boolean | Firefox 68, Firefox ESR 68 | false
4885 | &nbsp;&nbsp;&nbsp;&nbsp;If true, web pages can't move or resize windows.
4886 | dom.event.contextmenu.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4887 | &nbsp;&nbsp;&nbsp;&nbsp;If false, web pages can't override context menus.
4888 | dom.keyboardevent.keypress.hack.dispatch_non_printable_keys.addl | string | Firefox 68, Firefox ESR 68 | N/A
4889 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4890 | dom.keyboardevent.keypress.hack.use_legacy_keycode_and_charcode.addl | string | Firefox 68, Firefox ESR 68 | N/A
4891 | &nbsp;&nbsp;&nbsp;&nbsp;See https://support.mozilla.org/en-US/kb/dom-events-changes-introduced-firefox-66
4892 | dom.xmldocument.load.enabled | boolean | Firefox ESR 68.5 | true.
4893 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.load is not available.
4894 | dom.xmldocument.async.enabled | boolean | Firefox ESR 68.5 | true
4895 | &nbsp;&nbsp;&nbsp;&nbsp;If false, XMLDocument.async is not available.
4896 | extensions.blocklist.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4897 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the extensions blocklist is not used (Not recommended)
4898 | extensions.getAddons.showPane | boolean | Firefox 68, Firefox ESR 68 | N/A
4899 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Recommendations tab is not displayed in the Add-ons Manager.
4900 | extensions.htmlaboutaddons.recommendations.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4901 | &nbsp;&nbsp;&nbsp;&nbsp;If false, recommendations are not shown on the Extensions tab in the Add-ons Manager.
4902 | geo.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
4903 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the geolocation API is disabled. | Language dependent
4904 | intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
4905 | &nbsp;&nbsp;&nbsp;&nbsp;If set, preferred language for web pages.
4906 | media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true
4907 | &nbsp;&nbsp;&nbsp;&nbsp;If false, Encrypted Media Extensions are not enabled.
4908 | media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4909 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the OpenH264 plugin is not downloaded.
4910 | media.gmp-widevinecdm.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4911 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Widevine plugin is not downloaded.
4912 | media.peerconnection.enabled | boolean | Firefox 72, Firefox ESR 68.4 | true
4913 | &nbsp;&nbsp;&nbsp;&nbsp;If false, WebRTC is disabled
4914 | media.peerconnection.ice.obfuscate_host_addresses.whitelist (Deprecated) | string | Firefox 72, Firefox ESR 68.4 | N/A
4915 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4916 disabled
4917 | media.peerconnection.ice.obfuscate_host_addresses.blocklist | string | Firefox 79, Firefox ESR 78.1 | N/A
4918 | &nbsp;&nbsp;&nbsp;&nbsp;If set, a list of domains for which mDNS hostname obfuscation is
4919 disabled
4920 | network.dns.disableIPv6 | boolean | Firefox 68, Firefox ESR 68 | false
4921 | &nbsp;&nbsp;&nbsp;&nbsp;If true, IPv6 DNS lokoups are disabled.
4922 | network.IDN_show_punycode | boolean | Firefox 68, Firefox ESR 68 | false
4923 | &nbsp;&nbsp;&nbsp;&nbsp;If true, display the punycode version of internationalized domain names.
4924 | places.history.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4925 | &nbsp;&nbsp;&nbsp;&nbsp;If false, history is not enabled.
4926 | print.save_print_settings | boolean | Firefox 70, Firefox ESR 68.2 | true
4927 | &nbsp;&nbsp;&nbsp;&nbsp;If false, print settings are not saved between jobs.
4928 | security.default_personal_cert | string | Firefox 68, Firefox ESR 68 | Ask Every Time
4929 | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
4930 | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
4931 | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
4932 | security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false
4933 | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
4934 | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
4935 | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
4936 | security.tls.hello_downgrade_check | boolean | Firefox 72, Firefox ESR 68.4 | true
4937 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the TLS 1.3 downgrade check is disabled.
4938 | ui.key.menuAccessKeyFocuses | boolean | Firefox 68, Firefox ESR 68 | true
4939 | &nbsp;&nbsp;&nbsp;&nbsp;If false, the Alt key doesn't show the menubar on Windows.
4940 | widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A
4941 | &nbsp;&nbsp;&nbsp;&nbsp;If set, overrides the GTK theme for widgets.
4942 #### Windows (GPO)
4943 ```
4944 Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
4945 Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value"
4946 ```
4947 #### Windows (Intune)
4948 OMA-URI: (periods are replaced by underscores)
4949 ```
4950 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name
4951 ```
4952 Value (string):
4953 ```
4954 <enabled/> or <disabled/>
4955 ```
4956 OMA-URI: (periods are replaced by underscores)
4957 ```
4958 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/string_preference_name
4959 ```
4960 Value (string):
4961 ```
4962 <enabled/>
4963 <data id="Preferences_String" value="string_value"/>
4964 ```
4965 #### macOS
4966 ```
4967 <dict>
4968 <key>Preferences</key>
4969 <dict>
4970 <key>boolean_preference_name</key>
4971 <true/> | <false/>
4972 <key>string_preference_name</key>
4973 <string>string_value</string>
4974 </dict>
4975 </dict>
4976 ```
4977 #### policies.json
4978 ```
4979 {
4980 "policies": {
4981 "Preferences": {
4982 "boolean_preference_name": true | false,
4983 "string_preference_name": "string_value"
4984 }
4985 }
4986 }
4987 ```
4988 ### PrimaryPassword
4989 Require or prevent using a primary (formerly master) password.
4990
4991 If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
4992
4993 If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
4994
4995 **Compatibility:** Firefox 79, Firefox ESR 78.1\
4996 **CCK2 Equivalent:** `noMasterPassword`\
4997 **Preferences Affected:** N/A
4998
4999 #### Windows (GPO)
5000 ```
5001 Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
5002 ```
5003 #### Windows (Intune)
5004 OMA-URI:
5005 ```
5006 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
5007 ```
5008 Value (string):
5009 ```
5010 <enabled/> or <disabled/>
5011 ```
5012 #### macOS
5013 ```
5014 <dict>
5015 <key>PrimaryPassword</key>
5016 <true/> | <false/>
5017 </dict>
5018 ```
5019 #### policies.json
5020 ```
5021 {
5022 "policies": {
5023 "PrimaryPassword": true | false
5024 }
5025 }
5026 ```
5027 ### PromptForDownloadLocation
5028 Ask where to save each file before downloading.
5029
5030 **Compatibility:** Firefox 68, Firefox ESR 68\
5031 **CCK2 Equivalent:** N/A\
5032 **Preferences Affected:** `browser.download.useDownloadDir`
5033
5034 #### Windows (GPO)
5035 ```
5036 Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
5037 ```
5038 #### Windows (Intune)
5039 OMA-URI:
5040 ```
5041 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
5042 ```
5043 Value (string):
5044 ```
5045 <enabled/> or <disabled/>
5046 ```
5047 #### macOS
5048 ```
5049 <dict>
5050 <key>PromptForDownloadLocation</key>
5051 <true/> | <false/>
5052 </dict>
5053 ```
5054 #### policies.json
5055 ```
5056 {
5057 "policies": {
5058 "PromptForDownloadLocation": true | false
5059 }
5060 }
5061 ```
5062 ### Proxy
5063 Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
5064 To specify ports, append them to the hostnames with a colon (:).
5065
5066 Unless you lock this policy, changes the user already has in place will take effect.
5067
5068 `Mode` is the proxy method being used.
5069
5070 `Locked` is whether or not proxy settings can be changed.
5071
5072 `HTTPProxy` is the HTTP proxy server.
5073
5074 `UseHTTPProxyForAllProtocols` is whether or not the HTTP proxy should be used for all other proxies.
5075
5076 `SSLProxy` is the SSL proxy server.
5077
5078 `FTPProxy` is the FTP proxy server.
5079
5080 `SOCKSProxy` is the SOCKS proxy server
5081
5082 `SOCKSVersion` is the SOCKS version (4 or 5)
5083
5084 `Passthrough` is list of hostnames or IP addresses that will not be proxied. Use `<local>` to bypass proxying for all hostnames which do not contain periods.
5085
5086 `AutoConfigURL` is a URL for proxy configuration (only used if Mode is autoConfig).
5087
5088 `AutoLogin` means do not prompt for authentication if password is saved.
5089
5090 `UseProxyForDNS` to use proxy DNS when using SOCKS v5.
5091
5092 **Compatibility:** Firefox 60, Firefox ESR 60\
5093 **CCK2 Equivalent:** `networkProxy*`\
5094 **Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
5095
5096 #### Windows (GPO)
5097 ```
5098 Software\Policies\Mozilla\Firefox\Proxy\Mode = "none" | "system" | "manual" | "autoDetect" | "autoConfig"
5099 Software\Policies\Mozilla\Firefox\Proxy\Locked = 0x1 | 0x0
5100 Software\Policies\Mozilla\Firefox\=Proxy\HTTPProxy = https://httpproxy.example.com
5101 Software\Policies\Mozilla\Firefox\Proxy\UseHTTPProxyForAllProtocols = 0x1 | 0x0
5102 Software\Policies\Mozilla\Firefox\Proxy\SSLProxy = https://sslproxy.example.com
5103 Software\Policies\Mozilla\Firefox\Proxy\FTPProxy = https://ftpproxy.example.com
5104 Software\Policies\Mozilla\Firefox\Proxy\SOCKSProxy = https://socksproxy.example.com
5105 Software\Policies\Mozilla\Firefox\Proxy\SOCKSVersion = 0x4 | 0x5
5106 Software\Policies\Mozilla\Firefox\Proxy\Passthrough = <local>
5107 Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG
5108 Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
5109 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
5110 ```
5111 #### Windows (Intune)
5112 **Note**
5113 These setttings were moved to a category to make them easier to configure via Intune.
5114
5115 OMA-URI:
5116 ```
5117 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
5118 ```
5119 Value (string):
5120 ```
5121 <enabled/> or <disabled/>
5122 ```
5123 OMA-URI:
5124 ```
5125 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
5126 ```
5127 Value (string):
5128 ```
5129 <enabled/>
5130 <data id="Proxy_ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5131 ```
5132 OMA-URI:
5133 ```
5134 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
5135 ```
5136 Value (string):
5137 ```
5138 <enabled/>
5139 <data id="Proxy_HTTPProxy" value="httpproxy.example.com"/>
5140 ```
5141 OMA-URI:
5142 ```
5143 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
5144 ```
5145 Value (string):
5146 ```
5147 <enabled/> or <disabled/>
5148 ```
5149 OMA-URI:
5150 ```
5151 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
5152 ```
5153 Value (string):
5154 ```
5155 <enabled/>
5156 <data id="Proxy_SSLProxy" value="sslproxy.example.com"/>
5157 ```
5158 OMA-URI:
5159 ```
5160 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
5161 ```
5162 Value (string):
5163 ```
5164 <enabled/>
5165 <data id="Proxy_SOCKSProxy" value="socksproxy.example.com"/>
5166 <data id="Proxy_SOCKSVersion" value="4 | 5"/>
5167 ```
5168 OMA-URI:
5169 ```
5170 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
5171 ```
5172 Value (string):
5173 ```
5174 <enabled/>
5175 <data id="Proxy_AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5176 ```
5177 OMA-URI:
5178 ```
5179 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
5180 ```
5181 Value (string):
5182 ```
5183 <enabled/>
5184 <data id="Proxy_Passthrough" value="&lt;local&gt;"/>
5185 ```
5186 OMA-URI:
5187 ```
5188 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
5189 ```
5190 Value (string):
5191 ```
5192 <enabled/> or <disabled/>
5193 ```
5194 OMA-URI:
5195 ```
5196 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
5197 ```
5198 Value (string):
5199 ```
5200 <enabled/> or <disabled/>
5201 ```
5202 OMA-URI (Old way):
5203 ```
5204 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
5205 ```
5206 Value (string):
5207 ```
5208 <enabled/>
5209 <data id="ProxyLocked" value="true | false"/>
5210 <data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
5211 <data id="HTTPProxy" value="httpproxy.example.com"/>
5212 <data id="UseHTTPProxyForAllProtocols" value="true | false"/>
5213 <data id="SSLProxy" value="sslproxy.example.com"/>
5214 <data id="FTPProxy" value="ftpproxy.example.com"/>
5215 <data id="SOCKSProxy" value="socksproxy.example.com"/>
5216 <data id="SOCKSVersion" value="4 | 5"/>
5217 <data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
5218 <data id="Passthrough" value="<local>"/>
5219 <data id="AutoLogin" value="true | false"/>
5220 <data id="UseProxyForDNS" value="true | false"/>
5221 ```
5222 #### macOS
5223 ```
5224 <dict>
5225 <key>Proxy</key>
5226 <dict>
5227 <key>Mode</key>
5228 <string>none | system | manual | autoDetect | autoConfig</string>
5229 <key>Locked</key>
5230 <true> | </false>
5231 <key>HTTPProxy</key>
5232 <string>https://httpproxy.example.com</string>
5233 <key>UseHTTPProxyForAllProtocols</key>
5234 <true> | </false>
5235 <key>SSLProxy</key>
5236 <string>https://sslproxy.example.com</string>
5237 <key>FTPProxy</key>
5238 <string>https://ftpproxy.example.com</string>
5239 <key>SOCKSProxy</key>
5240 <string>https://socksproxy.example.com</string>
5241 <key>SOCKSVersion</key>
5242 <string>4 | 5</string>
5243 <key>Passthrough</key>
5244 <string>&lt;local>&gt;</string>
5245 <key>AutoConfigURL</key>
5246 <string>URL_TO_AUTOCONFIG</string>
5247 <key>AutoLogin</key>
5248 <true> | </false>
5249 <key>UseProxyForDNS</key>
5250 <true> | </false>
5251 </dict>
5252 </dict>
5253 ```
5254 #### policies.json
5255 ```
5256 {
5257 "policies": {
5258 "Proxy": {
5259 "Mode": "none" | "system" | "manual" | "autoDetect" | "autoConfig",
5260 "Locked": true | false,
5261 "HTTPProxy": "hostname",
5262 "UseHTTPProxyForAllProtocols": true | false,
5263 "SSLProxy": "hostname",
5264 "FTPProxy": "hostname",
5265 "SOCKSProxy": "hostname",
5266 "SOCKSVersion": 4 | 5,
5267 "Passthrough": "<local>",
5268 "AutoConfigURL": "URL_TO_AUTOCONFIG",
5269 "AutoLogin": true | false,
5270 "UseProxyForDNS": true | false
5271 }
5272 }
5273 }
5274 ```
5275 ### RequestedLocales
5276 Set the the list of requested locales for the application in order of preference. It will cause the corresponding language pack to become active.
5277
5278 Note: For Firefox 68, this can now be a string so that you can specify an empty value.
5279
5280 **Compatibility:** Firefox 64, Firefox ESR 60.4, Updated in Firefox 68, Firefox ESR 68\
5281 **CCK2 Equivalent:** N/A\
5282 **Preferences Affected:** N/A
5283 #### Windows (GPO)
5284 ```
5285 Software\Policies\Mozilla\Firefox\RequestedLocales\1 = "de"
5286 Software\Policies\Mozilla\Firefox\RequestedLocales\2 = "en-US"
5287
5288 or
5289
5290 Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
5291 ```
5292 #### Windows (Intune)
5293 OMA-URI:
5294 ```
5295 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
5296 ```
5297 Value (string):
5298 ```
5299 <enabled/>
5300 <data id="Preferences_String" value="de,en-US"/>
5301 ```
5302 #### macOS
5303 ```
5304 <dict>
5305 <key>RequestedLocales</key>
5306 <array>
5307 <string>de</string>
5308 <string>en-US</string>
5309 </array>
5310 </dict>
5311
5312 or
5313
5314 <dict>
5315 <key>RequestedLocales</key>
5316 <string>de,en-US</string>
5317 </dict>
5318
5319 ```
5320 #### policies.json
5321 ```
5322 {
5323 "policies": {
5324 "RequestedLocales": ["de", "en-US"]
5325 }
5326 }
5327
5328 or
5329
5330 {
5331 "policies": {
5332 "RequestedLocales": "de,en-US"
5333 }
5334 }
5335 ```
5336 <a name="SanitizeOnShutdown"></a>
5337
5338 ### SanitizeOnShutdown (Selective)
5339 Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
5340
5341 Previously, these values were always locked. Starting with Firefox 74 and Firefox ESR 68.6, you can use the `Locked` option to either keep the values unlocked (set it to false), or lock only the values you set (set it to true). If you want the old behavior of locking everything, do not set `Locked` at all.
5342
5343 **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
5344 **CCK2 Equivalent:** N/A\
5345 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5346 #### Windows (GPO)
5347 ```
5348 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
5349 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
5350 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
5351 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
5352 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
5353 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
5354 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
5355 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
5356 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
5357 ```
5358 #### Windows (Intune)
5359 OMA-URI:
5360 ```
5361 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/A_SanitizeOnShutdown_Cache
5362 ```
5363 Value (string):
5364 ```
5365 <enabled/> or <disabled/>
5366 ```
5367 OMA-URI:
5368 ```
5369 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/B_SanitizeOnShutdown_Cookies
5370 ```
5371 Value (string):
5372 ```
5373 <enabled/> or <disabled/>
5374 ```
5375 OMA-URI:
5376 ```
5377 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
5378 ```
5379 Value (string):
5380 ```
5381 <enabled/> or <disabled/>
5382 ```
5383 OMA-URI:
5384 ```
5385 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
5386 ```
5387 Value (string):
5388 ```
5389 <enabled/> or <disabled/>
5390 ```
5391 OMA-URI:
5392 ```
5393 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
5394 ```
5395 Value (string):
5396 ```
5397 <enabled/> or <disabled/>
5398 ```
5399 OMA-URI:
5400 ```
5401 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/F_SanitizeOnShutdown_Sessions
5402 ```
5403 Value (string):
5404 ```
5405 <enabled/> or <disabled/>
5406 ```
5407 OMA-URI:
5408 ```
5409 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/G_SanitizeOnShutdown_SiteSettings
5410 ```
5411 Value (string):
5412 ```
5413 <enabled/> or <disabled/>
5414 ```
5415 OMA-URI:
5416 ```
5417 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
5418 ```
5419 Value (string):
5420 ```
5421 <enabled/> or <disabled/>
5422 ```
5423 OMA-URI:
5424 ```
5425 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
5426 ```
5427 Value (string):
5428 ```
5429 <enabled/> or <disabled/>
5430 ```
5431 #### macOS
5432 ```
5433 <dict>
5434 <key>SanitizeOnShutdown</key>
5435 <dict>
5436 <key>Cache</key>
5437 <true/> | <false/>
5438 <key>Cookies</key>
5439 <true/> | <false/>
5440 <key>Downloads</key>
5441 <true/> | <false/>
5442 <key>FormData</key>
5443 <true/> | <false/>
5444 <key>History</key>
5445 <true/> | <false/>
5446 <key>Sessions</key>
5447 <true/> | <false/>
5448 <key>SiteSettings</key>
5449 <true/> | <false/>
5450 <key>OfflineApps</key>
5451 <true/> | <false/>
5452 <key>Locked</key>
5453 <true/> | <false/>
5454 </dict>
5455 </dict>
5456 ```
5457 #### policies.json
5458 ```
5459 {
5460 "policies": {
5461 "SanitizeOnShutdown": {
5462 "Cache": true | false,
5463 "Cookies": true | false,
5464 "Downloads": true | false,
5465 "FormData": true | false,
5466 "History": true | false,
5467 "Sessions": true | false,
5468 "SiteSettings": true | false,
5469 "OfflineApps": true | false,
5470 "Locked": true | false
5471 }
5472 }
5473 }
5474 ```
5475 ### SanitizeOnShutdown (All)
5476 Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
5477
5478 **Compatibility:** Firefox 60, Firefox ESR 60\
5479 **CCK2 Equivalent:** N/A\
5480 **Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
5481 #### Windows (GPO)
5482 ```
5483 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
5484 ```
5485 #### Windows (Intune)
5486 OMA-URI:
5487 ```
5488 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
5489 ```
5490 Value (string):
5491 ```
5492 <enabled/> or <disabled/>
5493 ```
5494 #### macOS
5495 ```
5496 <dict>
5497 <key>SanitizeOnShutdown</key>
5498 <true/> | <false/>
5499 </dict>
5500 ```
5501 #### policies.json
5502 ```
5503 {
5504 "policies": {
5505 "SanitizeOnShutdown": true | false
5506 }
5507 }
5508 ```
5509 ### SearchBar
5510 Set whether or not search bar is displayed.
5511
5512 **Compatibility:** Firefox 60, Firefox ESR 60\
5513 **CCK2 Equivalent:** `showSearchBar`\
5514 **Preferences Affected:** N/A
5515
5516 #### Windows (GPO)
5517 ```
5518 Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
5519 ```
5520
5521 #### Windows (Intune)
5522 OMA-URI:
5523 ```
5524 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
5525 ```
5526 Value (string):
5527 ```
5528 <enabled/>
5529 <data id="SearchBar" value="unified | separate"/>
5530 ```
5531 #### macOS
5532 ```
5533 <dict>
5534 <key>SearchBar</key>
5535 <string>unified | separate</string>
5536 </dict>
5537 ```
5538 #### policies.json
5539 ```
5540 {
5541 "policies": {
5542 "SearchBar": "unified" | "separate"
5543 }
5544 }
5545 ```
5546 <a name="SearchEngines"></a>
5547
5548 ### SearchEngines (This policy is only available on the ESR.)
5549
5550 ### SearchEngines | Add
5551
5552 Add new search engines. Although there are only five engines available in the ADMX template, there is no limit. To add more in the ADMX template, you can duplicate the XML.
5553
5554 This policy is only available on the ESR. `Name` and `URLTemplate` are required.
5555
5556 `Name` is the name of the search engine.
5557
5558 `URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
5559
5560 `Method` is either GET or POST
5561
5562 `IconURL` is a URL for the icon to use.
5563
5564 `Alias` is a keyword to use for the engine.
5565
5566 `Description` is a description of the search engine.
5567
5568 `PostData` is the POST data as name value pairs separated by &.
5569
5570 `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
5571
5572 `Encoding` is the query charset for the engine. It defaults to UTF-8.
5573
5574 **Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
5575 **CCK2 Equivalent:** `searchplugins`\
5576 **Preferences Affected:** N/A
5577
5578 #### Windows (GPO)
5579 ```
5580 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
5581 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
5582 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
5583 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
5584 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
5585 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
5586 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
5587 Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
5588 ```
5589 #### Windows (Intune)
5590 OMA-URI:
5591 ```
5592 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
5593 ```
5594 Value (string):
5595 ```
5596 <enabled/>
5597 <data id="SearchEngine_Name" value="Example1"/>
5598 <data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
5599 <data id="SearchEngine_Method" value="GET | POST"/>
5600 <data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
5601 <data id="SearchEngine_Alias" value="example"/>
5602 <data id="SearchEngine_Description" value="Example Description"/>
5603 <data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
5604 <data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
5605 ```
5606 #### macOS
5607 ```
5608 <dict>
5609 <key>SearchEngines</key>
5610 <dict>
5611 <key>Add</key>
5612 <array>
5613 <dict>
5614 <key>Name</key>
5615 <string>Example1</string>
5616 <key>URLTemplate</key>
5617 <string>https://www.example.org/q={searchTerms}</string>
5618 <key>Method</key>
5619 <string>GET | POST </string>
5620 <key>IconURL</key>
5621 <string>https://www.example.org/favicon.ico</string>
5622 <key>Alias</key>
5623 <string>example</string>
5624 <key>Description</key>
5625 <string>Example Description</string>
5626 <key>SuggestURLTemplate</key>
5627 <string>https://www.example.org/suggestions/q={searchTerms}</string>
5628 <key>PostData</key>
5629 <string>name=value&q={searchTerms}</string>
5630 </dict>
5631 <array>
5632 </dict>
5633 </dict>
5634 ```
5635 #### policies.json
5636 ```
5637 {
5638 "policies": {
5639 "SearchEngines": {
5640 "Add": [
5641 {
5642 "Name": "Example1",
5643 "URLTemplate": "https://www.example.org/q={searchTerms}",
5644 "Method": "GET" | "POST",
5645 "IconURL": "https://www.example.org/favicon.ico",
5646 "Alias": "example",
5647 "Description": "Description",
5648 "PostData": "name=value&q={searchTerms}",
5649 "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
5650 }
5651 ]
5652 }
5653 }
5654 }
5655 ```
5656 ### SearchEngines | Default
5657
5658 Set the default search engine. This policy is only available on the ESR.
5659
5660 **Compatibility:** Firefox ESR 60\
5661 **CCK2 Equivalent:** `defaultSearchEngine`\
5662 **Preferences Affected:** N/A
5663
5664 #### Windows (GPO)
5665 ```
5666 Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
5667 ```
5668 #### Windows (Intune)
5669 OMA-URI:
5670 ```
5671 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
5672 ```
5673 Value (string):
5674 ```
5675 <enabled/>
5676 <data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
5677 ```
5678 #### macOS
5679 ```
5680 <dict>
5681 <key>SearchEngines</key>
5682 <dict>
5683 <key>Default</key>
5684 <string>NAME_OF_SEARCH_ENGINE</string>
5685 </dict>
5686 </dict>
5687 ```
5688 #### policies.json
5689 ```
5690 {
5691 "policies": {
5692 "SearchEngines": {
5693 "Default": "NAME_OF_SEARCH_ENGINE"
5694 }
5695 }
5696 }
5697 ```
5698 ### SearchEngines | PreventInstalls
5699
5700 Prevent installing search engines from webpages.
5701
5702 **Compatibility:** Firefox ESR 60\
5703 **CCK2 Equivalent:** `disableSearchEngineInstall`\
5704 **Preferences Affected:** N/A
5705
5706 #### Windows (GPO)
5707 ```
5708 Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
5709 ```
5710 #### Windows (Intune)
5711 OMA-URI:
5712 ```
5713 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
5714 ```
5715 Value (string):
5716 ```
5717 <enabled/> or <disabled/>
5718 ```
5719 #### macOS
5720 ```
5721 <dict>
5722 <key>SearchEngines</key>
5723 <dict>
5724 <key>PreventInstalls</key>
5725 <true/> | <false/>
5726 </dict>
5727 </dict>
5728 ```
5729 #### policies.json
5730 ```
5731 {
5732 "policies": {
5733 "SearchEngines": {
5734 "PreventInstalls": true | false
5735 }
5736 }
5737 }
5738 ```
5739 ### SearchEngines | Remove
5740
5741 Hide built-in search engines. This policy is only available on the ESR.
5742
5743 **Compatibility:** Firefox ESR 60.2\
5744 **CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
5745 **Preferences Affected:** N/A
5746
5747 #### Windows (GPO)
5748 ```
5749 Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
5750 ```
5751 #### Windows (Intune)
5752 OMA-URI:
5753 ```
5754 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
5755 ```
5756 Value (string):
5757 ```
5758 <enabled/>
5759 <data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
5760 ```
5761 #### macOS
5762 ```
5763 <dict>
5764 <key>SearchEngines</key>
5765 <dict>
5766 <key>Remove</key>
5767 <array>
5768 <string>NAME_OF_SEARCH_ENGINE</string>
5769 </array>
5770 </dict>
5771 </dict>
5772 ```
5773 #### policies.json
5774 ```
5775 {
5776 "policies": {
5777 "SearchEngines": {
5778 "Remove": ["NAME_OF_SEARCH_ENGINE"]
5779 }
5780 }
5781 }
5782 ```
5783 ### SearchSuggestEnabled
5784
5785 Enable search suggestions.
5786
5787 **Compatibility:** Firefox 68, Firefox ESR 68\
5788 **CCK2 Equivalent:** N/A\
5789 **Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
5790
5791 #### Windows (GPO)
5792 ```
5793 Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
5794 ```
5795 #### Windows (Intune)
5796 OMA-URI:
5797 ```
5798 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchSuggestEnabled
5799 ```
5800 Value (string):
5801 ```
5802 <enabled/> or <disabled/>
5803 ```
5804 #### macOS
5805 ```
5806 <dict>
5807 <key>SearchSuggestEnabled</key>
5808 <true/> | <false/>
5809 </dict>
5810 ```
5811 #### policies.json
5812 ```
5813 {
5814 "policies": {
5815 "SearchSuggestEnabled": true | false
5816 }
5817 }
5818 ```
5819 ### SecurityDevices
5820
5821 Install PKCS #11 modules.
5822
5823 **Compatibility:** Firefox 64, Firefox ESR 60.4\
5824 **CCK2 Equivalent:** `certs.devices`\
5825 **Preferences Affected:** N/A
5826
5827 #### Windows (GPO)
5828 ```
5829 Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
5830 ```
5831 #### Windows (Intune)
5832 OMA-URI:
5833 ```
5834 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
5835 ```
5836 Value (string):
5837 ```
5838 <enabled/>
5839 <data id="SecurityDevices" value="NAME_OF_DEVICE&#xF000;PATH_TO_LIBRARY_FOR_DEVICE"/>
5840 ```
5841 #### macOS
5842 ```
5843 <dict>
5844 <key>SecurityDevices</key>
5845 <dict>
5846 <key>NAME_OF_DEVICE</key>
5847 <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
5848 </dict>
5849 </dict>
5850 ```
5851
5852 #### policies.json
5853 ```
5854 {
5855 "policies": {
5856 "SecurityDevices": {
5857 "NAME_OF_DEVICE": "PATH_TO_LIBRARY_FOR_DEVICE"
5858 }
5859 }
5860 }
5861 ```
5862 ### ShowHomeButton
5863 Show the home button on the toolbar.
5864
5865 Future versions of Firefox will not show the home button by default.
5866
5867 **Compatibility:** Firefox 88, Firefox ESR 78.10\
5868 **CCK2 Equivalent:** N/A\
5869 **Preferences Affected:** N/A
5870
5871 #### Windows (GPO)
5872 ```
5873 Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
5874 ```
5875 #### Windows (Intune)
5876 OMA-URI:
5877 ```
5878 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
5879 ```
5880 Value (string):
5881 ```
5882 <enabled/> or <disabled/>
5883 ```
5884 #### macOS
5885 ```
5886 <dict>
5887 <key>ShowHomeButton</key>
5888 <true/> | <false/>
5889 </dict>
5890 ```
5891 #### policies.json
5892 ```
5893 {
5894 "policies": {
5895 "ShowHomeButton": true | false
5896 }
5897 }
5898 ```
5899 ### SSLVersionMax
5900
5901 Set and lock the maximum version of TLS.
5902
5903 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5904 **CCK2 Equivalent:** N/A\
5905 **Preferences Affected:** `security.tls.version.max`
5906
5907 #### Windows (GPO)
5908 ```
5909 Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5910 ```
5911 #### Windows (Intune)
5912 OMA-URI:
5913 ```
5914 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
5915 ```
5916 Value (string):
5917 ```
5918 <enabled/>
5919 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5920 ```
5921 #### macOS
5922 ```
5923 <dict>
5924 <key>SSLVersionMax</key>
5925 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5926 </dict>
5927 ```
5928
5929 #### policies.json
5930 ```
5931 {
5932 "policies": {
5933 "SSLVersionMax": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5934 }
5935 }
5936 ```
5937 ### SSLVersionMin
5938
5939 Set and lock the minimum version of TLS.
5940
5941 **Compatibility:** Firefox 66, Firefox ESR 60.6\
5942 **CCK2 Equivalent:** N/A\
5943 **Preferences Affected:** `security.tls.version.min`
5944
5945 #### Windows (GPO)
5946 ```
5947 Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5948 ```
5949 #### Windows (Intune)
5950 OMA-URI:
5951 ```
5952 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
5953 ```
5954 Value (string):
5955 ```
5956 <enabled/>
5957 <data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
5958 ```
5959 #### macOS
5960 ```
5961 <dict>
5962 <key>SSLVersionMin</key>
5963 <string>tls1 | tls1.1 | tls1.2 | tls1.3</string>
5964 </dict>
5965 ```
5966
5967 #### policies.json
5968 ```
5969 {
5970 "policies": {
5971 "SSLVersionMin": "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
5972 }
5973 }
5974 ```
5975 ### SupportMenu
5976 Add a menuitem to the help menu for specifying support information.
5977
5978 **Compatibility:** Firefox 68.0.1, Firefox ESR 68.0.1\
5979 **CCK2 Equivalent:** helpMenu\
5980 **Preferences Affected:** N/A
5981
5982 #### Windows (GPO)
5983 ```
5984 Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
5985 Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
5986 Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
5987 ```
5988 #### Windows (Intune)
5989 OMA-URI:
5990 ```
5991 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
5992 ```
5993 Value (string):
5994 ```
5995 <enabled/>
5996 <data id="SupportMenuTitle" value="Support Menu"/>
5997 <data id="SupportMenuURL" value="http://example.com/support"/>
5998 <data id="SupportMenuAccessKey" value="S"/>
5999 ```
6000 #### macOS
6001 ```
6002 <dict>
6003 <key>SupportMenu</key>
6004 <dict>
6005 <key>Title</key>
6006 <string>SupportMenu</string>
6007 <key>URL</key>
6008 <string>http://example.com/support</string>
6009 <key>AccessKey</key>
6010 <string>S</string>
6011 </dict>
6012 </dict>
6013 ```
6014 #### policies.json
6015 ```
6016 {
6017 "policies": {
6018 "SupportMenu": {
6019 "Title": "Support Menu",
6020 "URL": "http://example.com/support",
6021 "AccessKey": "S"
6022 }
6023 }
6024 }
6025 ```
6026 ### StartDownloadsInTempDirectory
6027 Force downloads to start off in a local, temporary location rather than the default download directory.
6028
6029 **Compatibility:** Firefox 102\
6030 **CCK2 Equivalent:** N/A\
6031 **Preferences Affected:** `browser.download.start_downloads_in_tmp_dir`
6032
6033 #### Windows (GPO)
6034 ```
6035 Software\Policies\Mozilla\Firefox\StartDownloadsInTempDirectory = 0x1 | 0x0
6036 ```
6037 #### Windows (Intune)
6038 OMA-URI:
6039 ```
6040 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/StartDownloadsInTempDirectory
6041 ```
6042 Value (string):
6043 ```
6044 <enabled/> or <disabled/>
6045 ```
6046 #### macOS
6047 ```
6048 <dict>
6049 <key>StartDownloadsInTempDirectory</key>
6050 <true/> | <false/>
6051 </dict>
6052 ```
6053 #### policies.json
6054 ```
6055 {
6056 "policies": {
6057 "StartDownloadsInTempDirectory": true | false
6058 }
6059 ```
6060 ### UserMessaging
6061
6062 Prevent Firefox from messaging the user in certain situations.
6063
6064 `WhatsNew` Remove the "What's New" icon and menuitem.
6065
6066 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
6067
6068 `FeatureRecommendations` If false, don't recommend browser features.
6069
6070 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
6071
6072 `SkipOnboarding` If true, don't show onboarding messages on the new tab page.
6073
6074 `MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
6075
6076 **Compatibility:** Firefox 75, Firefox ESR 68.7\
6077 **CCK2 Equivalent:** N/A\
6078 **Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
6079
6080 #### Windows (GPO)
6081 ```
6082 Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
6083 Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
6084 Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
6085 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
6086 Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
6087 Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
6088 ```
6089 #### Windows (Intune)
6090 OMA-URI:
6091 ```
6092 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
6093 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
6094 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
6095 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
6096 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
6097 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
6098 ```
6099 Value (string):
6100 ```
6101 <enabled/> or <disabled/>
6102 ```
6103 #### macOS
6104 ```
6105 <dict>
6106 <key>UserMessaging</key>
6107 <dict>
6108 <key>WhatsNew</key>
6109 <true/> | <false/>
6110 <key>ExtensionRecommendations</key>
6111 <true/> | <false/>
6112 <key>FeatureRecommendations</key>
6113 <true/> | <false/>
6114 <key>UrlbarInterventions</key>
6115 <true/> | <false/>
6116 <key>SkipOnboarding</key>
6117 <true/> | <false/>
6118 <key>MoreFromMozilla</key>
6119 <true/> | <false/>
6120 </dict>
6121 </dict>
6122 ```
6123 #### policies.json
6124 ```
6125 {
6126 "policies": {
6127 "UserMessaging": {
6128 "WhatsNew": true | false,
6129 "ExtensionRecommendations": true | false,
6130 "FeatureRecommendations": true | false,
6131 "UrlbarInterventions": true | false,
6132 "SkipOnboarding": true | false,
6133 "MoreFromMozilla": true | false
6134 }
6135 }
6136 }
6137 ```
6138 ### UseSystemPrintDialog
6139 Use the system print dialog instead of the print preview window.
6140
6141 **Compatibility:** Firefox 102\
6142 **CCK2 Equivalent:** N/A\
6143 **Preferences Affected:** `print.prefer_system_dialog`
6144
6145 #### Windows (GPO)
6146 ```
6147 Software\Policies\Mozilla\Firefox\UseSystemPrintDialog = 0x1 | 0x0
6148 ```
6149 #### Windows (Intune)
6150 OMA-URI:
6151 ```
6152 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UseSystemPrintDialog
6153 ```
6154 Value (string):
6155 ```
6156 <enabled/> or <disabled/>
6157 ```
6158 #### macOS
6159 ```
6160 <dict>
6161 <key>UseSystemPrintDialog</key>
6162 <true/> | <false/>
6163 </dict>
6164 ```
6165 #### policies.json
6166 ```
6167 {
6168 "policies": {
6169 "UseSystemPrintDialog": true | false
6170 }
6171 }
6172 ```
6173 ### WebsiteFilter
6174 Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
6175 The arrays are limited to 1000 entries each.
6176
6177 If you want to block all URLs, you can use `<all_urls>` or `*://*/*`. You can't have just a `*` on the right side.
6178
6179 For specific protocols, use `https://*/*` or `http://*/*`.
6180
6181 As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
6182
6183 **Compatibility:** Firefox 60, Firefox ESR 60\
6184 **CCK2 Equivalent:** N/A\
6185 **Preferences Affected:** N/A
6186
6187 #### Windows (GPO)
6188 ```
6189 Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
6190 Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
6191 ```
6192 #### Windows (Intune)
6193 OMA-URI:
6194 ```
6195 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
6196 ```
6197 Value (string):
6198 ```
6199 <enabled/> <data id="WebsiteFilter" value="1&#xF000;&#60;all_urls&#62;"/>
6200 ```
6201 OMA-URI:
6202 ```
6203 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
6204 ```
6205 Value (string):
6206 ```
6207 <enabled/>
6208 <data id="WebsiteFilter" value="1&#xF000;http://example.org/*"/>
6209 ```
6210 #### macOS
6211 ```
6212 <dict>
6213 <key>WebsiteFilter</key>
6214 <dict>
6215 <key>Block</key>
6216 <array>
6217 <string><all_urls></string>
6218 </array>
6219 <key>Exceptions</key>
6220 <array>
6221 <string>http://example.org/*</string>
6222 </array>
6223 </dict>
6224
6225 </dict>
6226 ```
6227 #### policies.json
6228 ```
6229 {
6230 "policies": {
6231 "WebsiteFilter": {
6232 "Block": ["<all_urls>"],
6233 "Exceptions": ["http://example.org/*"]
6234 }
6235 }
6236 }
6237 ```
6238 ### WindowsSSO
6239 Allow Windows single sign-on for Microsoft, work, and school accounts.
6240
6241 If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
6242
6243 **Compatibility:** Firefox 91\
6244 **CCK2 Equivalent:** N/A\
6245 **Preferences Affected:** `network.http.windows-sso.enabled`
6246
6247 #### Windows (GPO)
6248 ```
6249 Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
6250 ```
6251 #### Windows (Intune)
6252 OMA-URI:
6253 ```
6254 ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
6255 ```
6256 Value (string):
6257 ```
6258 <enabled/> or <disabled/>
6259 ```
6260 #### policies.json
6261 ```
6262 {
6263 "policies": {
6264 "WindowsSSO": true | false
6265 }
6266 }
6267 ```

patrick-canterino.de