**These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
-**You should use the officially released versions (https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
+**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
-Policies can be specified using the Group Policy templates on Windows (https://github.com/mozilla/policy-templates/tree/master/windows), configuration profiles on macOS (https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution.
+Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution.
| Policy Name | Description
| --- | --- |
-| **[`AppUpdateURL`](#AppUpdateURL)** | Change the URL for application update.
-| **[`Authentication`](#Authentication)** | Configure sites that support integrated authentication.
+| **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
+| **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
+| **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
| **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
| **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
| **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles).
| **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
| **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
| **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
+| **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
+| **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
| **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
| **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
| **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
| **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
| **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
+| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
| **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
| **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
| **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
| **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
| **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
+| **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
| **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
| **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
| **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
| **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
| **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
-| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
| **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
+| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
| **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
| **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
| **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
+| **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
| **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
+### AppAutoUpdate
+
+Enable or disable **automatic** application update.
+
+If set to true, application updates are installed without user approval.
+
+If set to false, application updates are downloaded but the user can choose when to install the update.
+
+If you have disabled updates via DisableAppUpdate, this policy has no effect.
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** app.update.auto
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>AppAutoUpdate</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "AppAutoUpdate": true | false
+ }
+}
+```
### AppUpdateURL
Change the URL for application update.
```
Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
+```
+Value (string):
+```
+<enabled/>
+<data id="AppUpdateURL" value="https://yoursite.com"/>
+```
#### macOS
```
<dict>
See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
-**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3)\
+`PrivateBrowsing` enables integrated authentication in prviate browsing.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`
+**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
+```
+Value (string):
+```
+<enabled/>
+<data id="Authentication" value="1mydomain2https://myotherdomain.com"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
+```
+Value (string):
+```
+<enabled/>
+<data id="Authentication" value="1mydomain2https://myotherdomain.com"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
+```
+Value (string):
+```
+<enabled/>
+<data id="Authentication" value="1mydomain2https://myotherdomain.com"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
+```
+Value (string):
+```
+<enabled/>
+<data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
+<data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
+```
+Value (string):
+```
+<enabled/> or <disabled/>
```
#### macOS
```
</dict>
<key>Locked</key>
<true/> | <false/>
+ <key>PrivateBrowsing</key>
+ <true/> | <false/>
</dict>
</dict>
```
"SPNEGO": true | false,
"NTLM": true | false
},
- "Locked": true | false
+ "Locked": true | false,
+ "PrivateBrowsing": true | false
}
}
}
```
Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
+```
+Value (string):
+```
+<enabled/>
+<data id="BookmarkTitle" value="Example"/>
+<data id="BookmarkURL" value="https://example.com"/>
+<data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
+<data id="BookmarkPlacement" value="toolbar | menu"/>
+<data id="BookmarkFolder" value="FolderName"/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
+```
+Value (string):
+```
+<enabled/>
+<data id="Certificates_Install" value="1cert1.der2C:\Users\username\cert2.pem"/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" |"from-visited"
+Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_Allow" value="1https://example.com"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_Block" value="1https://example.org"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
```
-
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
```
-
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
```
-
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
}
}
```
+### DisabledCiphers
+Disable specific cryptographic ciphers.
+
+**Compatibility:** Firefox 76, Firefox ESR 68.8\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisabledCiphers</key>
+ <dict>
+ <key>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</key>
+ <true/> | <false/>
+ <key>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</key>
+ <true/> | <false/>
+ <key>TLS_RSA_WITH_AES_128_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_RSA_WITH_AES_256_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_RSA_WITH_3DES_EDE_CBC_SHA</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisabledCiphers" {
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false,
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false,
+ "TLS_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false
+ }
+ }
+}
+```
+### DisableDefaultBrowserAgent
+Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableDefaultBrowserAgent": true | false
+ }
+}
+```
### DisableDeveloperTools
Remove access to all developer tools.
```
Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
```
-
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
```
-
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+
#### macOS
```
<dict>
**Preferences Affected:** N/A
#### Windows (GPO)
-```Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
+```
+Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
```
#### macOS
```
```
Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
+```
+Value (string):
+```
+<enabled/>
+<data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
+```
#### macOS
```
<dict>
`Locked` prevents the user from changing DNS over HTTPS preferences.
-**Compatibility:** Firefox 63, Firefox ESR 68\
+`ExcludedDomains` excludes domains from DNS over HTTPS.
+
+**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `network.trr.mode`,`network.trr.uri`
Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
+```
+Value (string):
+```
+<enabled/>
+<data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
+```
+Value (string):
+```
+<enabled/>
+<data id="List" value="1example.com"/>
```
#### macOS
```
<string>URL_TO_ALTERNATE_PROVIDER</string>
<key>Locked</key>
<true/> | <false/>
+ <key>ExcludedDomains</key>
+ <array>
+ <string>example.com</string>
+ </array>
</dict>
</dict>
```
"DNSOverHTTPS": {
"Enabled": true | false,
"ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
- "Locked": true | false
+ "Locked": true | false,
+ "ExcludedDomains": ["example.com"]
}
}
}
```
Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
+```
+Value (string):
+```
+<enabled/>
+<data id="Preferences_String" value="${home}\Downloads"/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
+```
+Value (string):
+```
+<enabled/>
+<data id="Preferences_String" value="${home}\Downloads"/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TrackingProtection
+```
+Value (string):
+```
+<enabled/>
+<data id="TrackingProtectionLocked" value="true | false"/>
+<data id="Cryptomining" value="true | false"/>
+<data id="Fingerprinting" value="true | false"/>
+<data id=TrackingProtection_Exceptions" value="1https://example.com"/>
+```
#### macOS
```
<dict>
{
"policies": {
"EnableTrackingProtection": {
- "Value": [true, false],
- "Locked": [true, false],
- "Cryptomining": [true, false],
- "Fingerprinting": [true, false],
+ "Value": true | false,
+ "Locked": true | false,
+ "Cryptomining": true | false,
+ "Fingerprinting": true | false,
"Exceptions": ["https://example.com"]
}
}
```
+### EncryptedMediaExtensions
+Enable or disable Encrypted Media Extensions and optionally lock it.
+
+If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
+
+If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
+
+**Compatibility:** Firefox 77, Firefox ESR 68.9\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `media.eme.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
+```
+Value (string):
+```
+<enabled/>or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>EncryptedMediaExtensions</key>
+ <dict>
+ <key>Enabled</key>
+ <true/> | <false/>
+ <key><Locked</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "EncryptedMediaExtensions": {
+ "Enabled": true | false,
+ "Locked": true false
+ }
+}
+```
### EnterprisePoliciesEnabled
Enable policy support on macOS.
}
}
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
+```
+Value (string):
+```
+<enabled/>
+<data id="ExtensionSettings" value='
+ "*": {
+ "blocked_install_message": "Custom error message.",
+ "install_sources": ["https://addons.mozilla.org/"],
+ "installation_mode": "blocked",
+ "allowed_types": ["extension"]
+ },
+ "uBlock0@raymondhill.net": {
+ "installation_mode": "force_installed",
+ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
+ }'/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExtensionUpdate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1https://example.org2https://example.edu"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
+```
+Value (string):
+```
+<enabled/>
+<data id="FirefoxHome_Search" value="true | false"/>
+<data id="FirefoxHome_TopSites" value="true | false"/>
+<data id="FirefoxHome_Highlights" value="true | false"/>
+<data id="FirefoxHome_Pocket" value="true | false"/>
+<data id="FirefoxHome_Snippets" value="true | false"/>
+<data id="FirefoxHome_Locked" value="true | false"/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
+```
+Value (string):
+```
+<enabled/>
+
+<data id="HomepageURL" value="https://example.com"/>
+<data id="HomepageLocked" value="true | false"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
+```
+Value (string):
+```
+<enabled/>
+
+<data id="HomepageAdditional" value="1http://example.org2http://example.edu"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
+```
+Value (string):
+```
+<enabled/>
+
+<data id="StartPage" value="none | homepage | previous-session"/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1https://example.org2https://example.edu"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
+```
+Value (string):
+```
+<enabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
### LocalFileLinks
Enable linking to local files by origin.
Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
+```
+Value (string):
+```
+<enabled/>
+<data id="LocalFileLinks" value="1https://example.org2https://example.edu"/>
+```
#### macOS
```
<dict>
{
"policies": {
"LocalFileLinks": ["http://example.org/",
- "http://example.edu/"]
- }
-}
-```
-### NoDefaultBookmarks
-Disable the creation of default bookmarks.
-
-This policy is only effective if the user profile has not been created yet.
-
-**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `removeDefaultBookmarks`\
-**Preferences Affected:** N/A
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
-```
-#### macOS
-```
-<dict>
- <key>NoDefaultBookmarks</key>
- <true/> | <false/>
-</dict>
-```
-#### policies.json
-```
-{
- "policies": {
- "NoDefaultBookmarks": true | false
+ "http://example.edu/"]
}
}
```
```
Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
"NewTabPage": true | false
}
```
+### NoDefaultBookmarks
+Disable the creation of default bookmarks.
+
+This policy is only effective if the user profile has not been created yet.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `removeDefaultBookmarks`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>NoDefaultBookmarks</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "NoDefaultBookmarks": true | false
+ }
+}
+```
### OfferToSaveLogins
Control whether or not Firefox offers to save passwords.
```
Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
+```
+Value (string):
+```
+<enabled/>
+<data id="OverridePage" value="https://example.com"/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
+```
+Value (string):
+```
+<enabled/>
+<data id="OverridePage" value="https://example.com"/>
+```
#### macOS
```
<dict>
**Compatibility:** Firefox 70, Firefox ESR 60.2\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `prefs.privacy.disable_button.view_passwords`
+**Preferences Affected:** `pref.privacy.disable_button.view_passwords`
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
}
```
### Permissions
-Set permissions associated with camera, microphone, location, and notifications. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
+Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
`Allow` is a list of origins where the feature is allowed.
`Locked` prevents the user from changing preferences for the feature.
-**Compatibility:** Firefox 62, Firefox ESR 60.2\
+`Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
+
+**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`
+**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\Permissions\Notifications\Block\1 = "https://example.edu"
Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
+Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1https://example.org"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1https://example.org"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1https://example.edu"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
+```
+Value (string):
+```
+<enabled/>
+<data id="Autoplay_Default" value="allow-audio-video | block-audio | block-audio-video"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
```
#### macOS
```
<string>https://example.edu</string>
</array>
<key>BlockNewRequests</key>
- <true/>
+ <true/> | <false/>
<key>Locked</key>
- <true/>
+ <true/> | <false/>
</dict>
<key>Microphone</key>
<dict>
<string>https://example.edu</string>
</array>
<key>BlockNewRequests</key>
- <true/>
+ <true/> | <false/>
<key>Locked</key>
- <true/>
+ <true/> | <false/>
</dict>
<key>Location</key>
<dict>
<string>https://example.edu</string>
</array>
<key>BlockNewRequests</key>
- <true/>
+ <true/> | <false/>
<key>Locked</key>
- <true/>
+ <true/> | <false/>
</dict>
<key>Notifications</key>
<dict>
<key>Locked</key>
<true/>
</dict>
+ <key>Autoplay</key>
+ <dict>
+ <key>Allow</key>
+ <array>
+ <string>https://example.org</string>
+ </array>
+ <key>Block</key>
+ <array>
+ <string>https://example.edu</string>
+ </array>
+ <key>Default</key>
+ <string>allow-audio-video | block-audio | block-audio-video</string>
+ <key>Locked</key>
+ <true/> | <false/>
+ </dict>
</dict>
</dict>
```
"Block": ["https://example.edu"],
"BlockNewRequests": true | false,
"Locked": true | false
+ },
+ "Autoplay": {
+ "Allow": ["https://example.org"],
+ "Block": ["https://example.edu"],
+ "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
+ "Locked": true | false
}
}
}
Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1https://example.org2https://example.edu"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
| --- | --- | --- | ---
| accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
| If set to 1, platform accessibility is disabled.
-| app.update.auto | boolean | Firefox 68, Firefox ESR 68 | true
+| app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
| If false, Firefox doesn't automatically install update.
| browser.bookmarks.autoExportHTML | boolean | Firefox 70, Firefox ESR 68.2 | false
| If true, bookmarks are exported on shutdown.
| If false, the geolocation API is disabled. | Language dependent
| intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
| If set, preferred language for web pages.
-| media.eme.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
+| media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, Encrypted Media Extensions are not enabled.
| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the OpenH264 plugin is not downloaded.
| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
| security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, mixed active content (HTTP and HTTPS) is not blocked.
-| security.osclientcerts.autoload | boolean | Firefox 72, Firefox ESR 68.4 (Windows only) | false
+| security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false
| If true, client certificates are loaded from the operating system certificate store.
| security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, SSL errors cannot be sent to Mozilla.
Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value"
```
+#### Windows (Intune)
+OMA-URI: (periods are replaced by underscores)
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
Ask where to save each file before downloading.
**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A
+**CCK2 Equivalent:** N/A\
**Preferences Affected:** `browser.download.useDownloadDir`
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
+```
+Value (string):
+```
+<enabled/>
+<data id="ProxyLocked" value="true | false"/>
+<data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
+<data id="HTTPProxy" value="https://httpproxy.example.com"/>
+<data id="UseHTTPProxyForAllProtocols" value="true | false"/>
+<data id="SSLProxy" value="https://sslproxy.example.com"/>
+<data id="FTPProxy" value="https://ftpproxy.example.com"/>
+<data id="SOCKSProxy" value="https://socksproxy.example.com"/>
+<data id="SOCKSVersion" value="4 | 5"/>
+<data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
+<data id="Passthrough" value="<local>"/>
+<data id="AutoLogin" value="true | false"/>
+<data id="UseProxyForDNS" value="true | false"/>
+```
#### macOS
```
<dict>
"policies": {
"Proxy": {
"Mode": "none", "system", "manual", "autoDetect", "autoConfig",
- "Locked": [true, false],
+ "Locked": true | false,
"HTTPProxy": "hostname",
- "UseHTTPProxyForAllProtocols": [true, false],
+ "UseHTTPProxyForAllProtocols": true | false,
"SSLProxy": "hostname",
"FTPProxy": "hostname",
"SOCKSProxy": "hostname",
"SOCKSVersion": 4 | 5
"Passthrough": "<local>",
"AutoConfigURL": "URL_TO_AUTOCONFIG",
- "AutoLogin": [true, false],
- "UseProxyForDNS": [true, false]
+ "AutoLogin": true | false,
+ "UseProxyForDNS": true | false
}
}
}
Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
+```
+Value (string):
+```
+<enabled/>
+<data id="Preferences_String" value="de,en-US"/>
+```
#### macOS
```
<dict>
}
}
```
+<a name="SanitizeOnShutdown"></a>
+
### SanitizeOnShutdown (Selective)
Clear data on shutdown. Choose from Cache, Cookies, Download History, Form & Search History, Browsing History, Active Logins, Site Preferences and Offline Website Data.
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
```
+
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="unified | separate"/>
#### macOS
```
<dict>
<string>unified | separate</string>
</dict>
```
-
#### policies.json
```
{
}
}
```
-
-
-
-
+<a name="SearchEngines"></a>
### SearchEngines (This policy is only available on the ESR.)
```
Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
+```
+Value (string):
+```
+<enabled/>
+<data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
+```
+Value (string):
+```
+<enabled/>
+<data id="SearchEngines_Remove" value="1NAME_OF_SEARCH_ENGINE"/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
```
-
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
+```
+Value (string):
+```
+<enabled/>
+<data id="SearchEngine_Name" value="Example1"/>
+<data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
+<data id="SearchEngine_Method" value="GET | POST"/>
+<data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
+<data id="SearchEngine_Alias" value="example"/>
+<data id="SearchEngine_Description" value="Example Description"/>
+<data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
+<data id="SearchEngine_PostData" value="name=value&q={searchTerms}"/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchSuggestEnabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
+```
+Value (string):
+```
+<enabled/>
+<data id="SecurityDevices" value="NAME_OF_DEVICEPATH_TO_LIBRARY_FOR_DEVICE"/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
+```
+Value (string):
+```
+<enabled/>
+<data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
+```
#### macOS
```
<dict>
```
Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
+```
+Value (string):
+```
+<enabled/>
+<data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
+```
#### macOS
```
<dict>
Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
+```
+Value (string):
+```
+<enabled/>
+<data id="SupportMenuTitle" value="Support Menu"/>
+<data id="SupportMenuURL" value="http://example.com/support"/>
+<data id="SupportMenuAccessKey" value="S">
+```
#### macOS
```
<dict>
}
}
```
+### UserMessaging
+
+Prevent installing search engines from webpages.
+
+`WhatsNew` Remove the "What's New" icon and menuitem. (Firefox 75 only)
+
+`ExtensionRecommendations` Don't recommend extensions.
+
+`FeatureRecommendations` Don't recommend browser features.
+
+`UrlbarInterventions` Don't offer Firefox specific suggestions in the URL bar. (Firefox 75 only)
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\UserMessaging\WhatsNew = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_WhatsNew
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_ExtensionRecommendations
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_FeatureRecommendations
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_UrlbarInterventions
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>UserMessaging</key>
+ <dict>
+ <key>WhatsNew</key>
+ <true/> | <false/>
+ <key>ExtensionRecommendations</key>
+ <true/> | <false/>
+ <key>FeatureRecommendations</key>
+ <true/> | <false/>
+ <key>UrlbarInterventions</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "UserMessaging": {
+ "WhatsNew": true | false,
+ "ExtensionRecommendations": true | false,
+ "FeatureRecommendations": true | false,
+ "UrlbarInterventions": true | false
+ }
+ }
+}
+```
### WebsiteFilter
Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. Only http/https addresses are supported at the moment. The arrays are limited to 1000 entries each.
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\WebsiteFilters\Block\1 = "<all_urls>"
-Software\Policies\Mozilla\Firefox\WebsiteFilters\Exceptions\1 = "http://example.org/*"
+Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "<all_urls>"
+Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block
+```
+Value (string):
+```
+<enabled/>
+<data id="WebsiteFilter" value="1<all_urls>"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions
+```
+Value (string):
+```
+<enabled/>
+<data id="WebsiteFilter" value="1http://example.org/*"/>
```
#### macOS
```
git.p6c8.net / policy-templates.git / blobdiff