**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
-Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
+Official policy documentation has been moved to https://mozilla.github.io/policy-templates/.
+
+I'm maintaining things in the README.md until we can update links in Firefox.
+
+Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
`BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
| Value | Description
-| --- | ---
+| --- | --- |
| accept | Accept all cookies
| reject-foreign | Reject third party cookies
| reject | Reject all cookies
| `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
| `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
| `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
-| `default_area` | (Firefox 113) This settings specifies where the extension icon should be placed. Possible values are "navbar" and "menupanel"
**Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
**CCK2 Equivalent:** N/A\
xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
```
as well as the following security preferences:
+
| Preference | Type | Default
-| --- | --- | ---
+| --- | --- | --- |
| security.default_personal_cert | string | Ask Every Time
| If set to Select Automatically, Firefox automatically chooses the default personal certificate.
| security.insecure_connection_text.enabled | bool | false
| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
| security.OCSP.require | boolean | false
| If true, if an OCSP request times out, the connection fails.
+| security.osclientcerts.assume_rsa_pss_support | boolean | true
+| If false, we don't assume an RSA key can do RSA-PSS (Firefox 114, Firefox ESR 102.12).
| security.ssl.enable_ocsp_stapling | boolean | true
| If false, OCSP stapling is not enabled.
| security.ssl.errorReporting.enabled | boolean | true
| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
| security.warn_submit_secure_to_insecure | boolean | true
| If false, no warning is shown when submitting a form from https to http.
-
Using the preference as the key, set the `Value` to the corresponding preference value.
**Preferences Affected:** See below
| Preference | Type | Compatibility | Default
-| --- | --- | --- | ---
+| --- | --- | --- | --- |
| accessibility.force_disabled | integer | Firefox 70, Firefox ESR 68.2 | 0
| If set to 1, platform accessibility is disabled.
| app.update.auto (Deprecated - Switch to AppAutoUpdate policy) | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the Alt key doesn't show the menubar on Windows.
| widget.content.gtk-theme-override | string | Firefox 72, Firefox ESR 68.4 (Linux only) | N/A
| If set, overrides the GTK theme for widgets.
+
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
```
### SecurityDevices
+Add or delete PKCS #11 modules.
+
+**Compatibility:** Firefox 114, Firefox ESR 112.12\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\SecurityDevices\Add\NAME_OF_DEVICE_TO_ADD = PATH_TO_LIBRARY_FOR_DEVICE
+Software\Policies\Mozilla\Firefox\SecurityDevices\Remove\1 = NAME_OF_DEVICE_TO_REMOVE
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Add
+```
+Value (string):
+```
+<enabled/>
+<data id="SecurityDevices" value="NAME_OF_DEVICE_TO_ADDPATH_TO_LIBRARY_FOR_DEVICE"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices/SecurityDevices_Delete
+```
+Value (string):
+```
+<enabled/>
+<data id="SecurityDevices" value="1NAME_OF_DEVICE_TO_REMOVE"/>
+```
+#### macOS
+```
+<dict>
+ <key>SecurityDevices</key>
+ <dict>
+ <key>Add<key>
+ <dict>
+ <key>NAME_OF_DEVICE_TO_ADD</key>
+ <string>PATH_TO_LIBRARY_FOR_DEVICE</string>
+ </dict>
+ <key>Delete</add>
+ <array>
+ <string>NAME_OF_DEVICE_TO_DELETE</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "SecurityDevices": {
+ "Add": {
+ "NAME_OF_DEVICE_TO_ADD": "PATH_TO_LIBRARY_FOR_DEVICE"
+ },
+ "Delete": ["NAME_OF_DEVICE_TO_DELETE"]
+ }
+ }
+}
+```
+### SecurityDevices (Deprecated)
+
Install PKCS #11 modules.
**Compatibility:** Firefox 64, Firefox ESR 60.4\
</dict>
</dict>
```
-
#### policies.json
```
{
`MoreFromMozilla` If false, don't show the "More from Mozilla" section in Preferences. (Firefox 98)
+`Locked` prevents the user from changing user messaging preferences.
+
**Compatibility:** Firefox 75, Firefox ESR 68.7\
**CCK2 Equivalent:** N/A\
**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`, `browser.preferences.moreFromMozilla`
Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\UserMessaging\MoreFromMozilla = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\UserMessaging\Locked = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_MoreFromMozilla
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_Locked
```
Value (string):
```
<true/> | <false/>
<key>MoreFromMozilla</key>
<true/> | <false/>
+ <key>Locked</key>
+ <true/> | <false/>
</dict>
</dict>
```
"FeatureRecommendations": true | false,
"UrlbarInterventions": true | false,
"SkipOnboarding": true | false,
- "MoreFromMozilla": true | false
+ "MoreFromMozilla": true | false,
+ "Locked": true | false
}
}
}
}
}
```
+