+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Install
+```
+Value (string):
+```
+<enabled/>
+<data id="Extensions" value="1https://addons.mozilla.org/firefox/downloads/somefile.xpi2//path/to/xpi"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Uninstall
+```
+Value (string):
+```
+<enabled/>
+<data id="Extensions" value="1bad_addon_id@mozilla.org"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/Extensions_Locked
+```
+Value (string):
+```
+<enabled/>
+<data id="Extensions" value="1addon_id@mozilla.org"/>
+```
+#### macOS
+```
+<dict>
+ <key>Extensions</key>
+ <dict>
+ <key>Install</key>
+ <array>
+ <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
+ <string>//path/to/xpi</string>
+ </array>
+ <key>Uninstall</key>
+ <array>
+ <string>bad_addon_id@mozilla.org</string>
+ </array>
+ <key>Locked</key>
+ <array>
+ <string>addon_id@mozilla.org</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Extensions": {
+ "Install": ["https://addons.mozilla.org/firefox/downloads/somefile.xpi", "//path/to/xpi"],
+ "Uninstall": ["bad_addon_id@mozilla.org"],
+ "Locked": ["addon_id@mozilla.org"]
+ }
+ }
+}
+```
+### ExtensionSettings
+Manage all aspects of extensions. This policy is based heavily on the [Chrome policy](https://dev.chromium.org/administrators/policy-list-3/extension-settings-full) of the same name.
+
+This policy maps an extension ID to its configuration. With an extension ID, the configuration will be applied to the specified extension only. A default configuration can be set for the special ID "*", which will apply to all extensions that don't have a custom configuration set in this policy.
+
+To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
+
+The configuration for each extension is another dictionary that can contain the fields documented below.
+
+| Name | Description |
+| --- | --- |
+| `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`.
+| `allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID.
+| `blocked`| Blocks installation of the extension and removes it from the device if already installed.
+| `force_installed`| The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url.
+| `normal_installed`| The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url.
+| `install_url`| Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [```file:///``` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting SHORT_NAME from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/SHORT_NAME/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes.
+| `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the *.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration.
+| `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration.
+| `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration.
+| `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration.
+| `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
+
+**Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) =
+```
+{
+ "*": {
+ "blocked_install_message": "Custom error message.",
+ "install_sources": ["https://yourwebsite.com/*"],
+ "installation_mode": "blocked",
+ "allowed_types": ["extension"]
+ },
+ "uBlock0@raymondhill.net": {
+ "installation_mode": "force_installed",
+ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
+ },
+ "https-everywhere@eff.org": {
+ "installation_mode": "allowed"
+ }
+}
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
+```
+Value (string):
+```
+<enabled/>
+<data id="ExtensionSettings" value='
+{
+ "*": {
+ "blocked_install_message": "Custom error message.",
+ "install_sources": ["https://yourwebsite.com/*"],
+ "installation_mode": "blocked",
+ "allowed_types": ["extension"]
+ },
+ "uBlock0@raymondhill.net": {
+ "installation_mode": "force_installed",
+ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
+ },
+ "https-everywhere@eff.org": {
+ "installation_mode": "allowed"
+ }
+}'/>
+```
+#### macOS
+```
+<dict>
+ <key>ExtensionSettings</key>
+ <dict>
+ <key>*</key>
+ <dict>
+ <key>blocked_install_message</key>
+ <string>Custom error message.</string>
+ <key>install_sources</key>
+ <array>
+ <string>"https://yourwebsite.com/*"</string>
+ </array>
+ <key>installation_mode</key>
+ <string>blocked</string>
+ <key>allowed_types</key>
+ <array>
+ <string>extension</string>
+ </array>
+ </dict>
+ <key>uBlock0@raymondhill.net</key>
+ <dict>
+ <key>installation_mode</key>
+ <string>force_installed</string>
+ <key>install_url</key>
+ <string>https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi</string>
+ </dict>
+ <key>https-everywhere@eff.org</key>
+ <dict>
+ <key>installation_mode</key>
+ <string>allowed</string>
+ </dict>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "ExtensionSettings": {
+ "*": {
+ "blocked_install_message": "Custom error message.",
+ "install_sources": ["https://yourwebsite.com/*"],
+ "installation_mode": "blocked",
+ "allowed_types": ["extension"]
+ },
+ "uBlock0@raymondhill.net": {
+ "installation_mode": "force_installed",
+ "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
+ },
+ "https-everywhere@eff.org": {
+ "installation_mode": "allowed"
+ }
+ }
+ }
+}
+```
+### ExtensionUpdate
+Control extension updates.
+
+**Compatibility:** Firefox 67, Firefox ESR 60.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `extensions.update.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionUpdate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>ExtensionUpdate</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "ExtensionUpdate": true | false
+ }
+}
+```
+### FirefoxHome
+Customize the Firefox Home page.
+
+**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
+```
+Value (string):
+```
+<enabled/>
+<data id="FirefoxHome_Search" value="true | false"/>
+<data id="FirefoxHome_TopSites" value="true | false"/>
+<data id="FirefoxHome_SponsoredTopSites" value="true | false"/>
+<data id="FirefoxHome_Highlights" value="true | false"/>
+<data id="FirefoxHome_Pocket" value="true | false"/>
+<data id="FirefoxHome_SponsoredPocket" value="true | false"/>
+<data id="FirefoxHome_Snippets" value="true | false"/>
+<data id="FirefoxHome_Locked" value="true | false"/>
+```
+#### macOS
+```
+<dict>
+ <key>FirefoxHome</key>
+ <dict>
+ <key>Search</key>
+ <true/> | <false/>
+ <key>TopSites</key>
+ <true/> | <false/>
+ <key>SponsoredTopSites</key>
+ <true/> | <false/>
+ <key>Highlights</key>
+ <true/> | <false/>
+ <key>Pocket</key>
+ <true/> | <false/>
+ <key>SponsoredPocket</key>
+ <true/> | <false/>
+ <key>Snippets</key>
+ <true/> | <false/>
+ <key>Locked</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "FirefoxHome": {
+ "Search": true | false,
+ "TopSites": true | false,
+ "SponsoredTopSites": true | false,
+ "Highlights": true | false,
+ "Pocket": true | false,
+ "SponsoredPocket": true | false,
+ "Snippets": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
+### GoToIntranetSiteForSingleWordEntryInAddressBar
+Whether to always go through the DNS server before sending a single word search string to a search engine.
+
+If the site exists, it will navigate to the website. If the intranet responds with a 404, the page will show a 404. If the intranet does not respond, the browser will attempt a search.
+
+The second result in the URL bar will be a search result to allow users to conduct a web search exactly as it was entered.
+
+If instead you would like to enable the ability to have your domain appear as a valid URL and to disallow the browser from ever searching that term using the first result that matches it, add the pref `browser.fixup.domainwhitelist.YOUR_DOMAIN` (where `YOUR_DOMAIN` is the name of the domain you'd like to add), and set the pref to `true`. The URL bar will then suggest `YOUR_DOMAIN` when the user fully types `YOUR_DOMAIN`. If the user attempts to load that domain and it fails to load, it will show an "Unable to connect" error page.
+
+You can also whitelist a domain suffix that is not part of the [Public Suffix List](https://publicsuffix.org/) by adding the pref `browser.fixup.domainsuffixwhitelist.YOUR_DOMAIN_SUFFIX` with a value of `true`.
+
+Additionally, if you want users to see a "Did you mean to go to 'YOUR_DOMAIN'" prompt below the URL bar if they land on a search results page instead of an intranet domain that provides a response, set the pref `browser.urlbar.dnsResolveSingleWordsAfterSearch` to `1`. Enabling this will cause the browser to commit a DNS check after every single word search. If the browser receives a response from the intranet, a prompt will ask the user if they'd like to instead navigate to `YOUR_DOMAIN`. If the user presses the **yes** button, `browser.fixup.domainwhitelist.YOUR_DOMAIN` will be set to `true`.
+
+**Compatibility:** Firefox 104, Firefox ESR 102.2\
+**CCK2 Equivalent:** `N/A`\
+**Preferences Affected:** `browser.fixup.dns_first_for_single_words`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\GoToIntranetSiteForSingleWordEntryInAddressBar = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/GoToIntranetSiteForSingleWordEntryInAddressBar
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>GoToIntranetSiteForSingleWordEntryInAddressBar</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "GoToIntranetSiteForSingleWordEntryInAddressBar": true | false
+ }
+}
+```
+### Handlers
+Configure default application handlers. This policy is based on the internal format of `handlers.json`.
+
+You can configure handlers based on a mime type (`mimeTypes`), a file's extension (`extensions`), or a protocol (`schemes`).
+
+Within each handler type, you specify the given mimeType/extension/scheme as a key and use the following subkeys to describe how it is handled.
+
+| Name | Description |
+| --- | --- |
+| `action`| Can be either `saveToDisk`, `useHelperApp`, `useSystemDefault`.
+| `ask` | If `true`, the user is asked if what they want to do with the file. If `false`, the action is taken without user intervention.
+| `handlers` | An array of handlers with the first one being the default. If you don't want to have a default handler, use an empty object for the first handler. Choose between path or uriTemplate.
+| `name` | The display name of the handler (might not be used).
+| `path`| The native path to the executable to be used.
+| `uriTemplate`| A url to a web based application handler. The URL must be https and contain a %s to be used for substitution.
+
+**Compatibility:** Firefox 78, Firefox ESR 78\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\Handlers (REG_MULTI_SZ) =
+```
+{
+ "mimeTypes": {
+ "application/msword": {
+ "action": "useSystemDefault",
+ "ask": true | false
+ }
+ },
+ "schemes": {
+ "mailto": {
+ "action": "useHelperApp",
+ "ask": true | false,
+ "handlers": [{
+ "name": "Gmail",
+ "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
+ }]
+ }
+ },
+ "extensions": {
+ "pdf": {
+ "action": "useHelperApp",
+ "ask": true | false,
+ "handlers": [{
+ "name": "Adobe Acrobat",
+ "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
+ }]
+ }
+ }
+}
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Handlers
+```
+Value (string):
+```
+<enabled/>
+<data id="Handlers" value='
+{
+ "mimeTypes": {
+ "application/msword": {
+ "action": "useSystemDefault",
+ "ask": true | false
+ }
+ },
+ "schemes": {
+ "mailto": {
+ "action": "useHelperApp",
+ "ask": true | false,
+ "handlers": [{
+ "name": "Gmail",
+ "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
+ }]
+ }
+ },
+ "extensions": {
+ "pdf": {
+ "action": "useHelperApp",
+ "ask": true | false,
+ "handlers": [{
+ "name": "Adobe Acrobat",
+ "path": "C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"
+ }]
+ }
+ }
+}
+'/>
+```
+#### macOS
+```
+<dict>
+ <key>Handlers</key>
+ <dict>
+ <key>mimeTypes</key>
+ <dict>
+ <key>application/msword</key>
+ <dict>
+ <key>action</key>
+ <string>useSystemDefault</string>
+ <key>ask</key>
+ <true/> | <false/>
+ </dict>
+ </dict>
+ <key>schemes</key>
+ <dict>
+ <key>mailto</key>
+ <dict>
+ <key>action</key>
+ <string>useHelperApp</string>
+ <key>ask</key>
+ <true/> | <false/>
+ <key>handlers</key>
+ <array>
+ <dict>
+ <key>name</key>
+ <string>Gmail</string>
+ <key>uriTemplate</key>
+ <string>https://mail.google.com/mail/?extsrc=mailto&url=%s</string>
+ </dict>
+ </array>
+ </dict>
+ </dict>
+ <key>extensions</key>
+ <dict>
+ <key>pdf</key>
+ <dict>
+ <key>action</key>
+ <string>useHelperApp</string>
+ <key>ask</key>
+ <true/> | <false/>
+ <key>handlers</key>
+ <array>
+ <dict>
+ <key>name</key>
+ <string>Adobe Acrobat</string>
+ <key>path</key>
+ <string>/System/Applications/Preview.app</string>
+ </dict>
+ </array>
+ </dict>
+ </dict>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Handlers": {
+ "mimeTypes": {
+ "application/msword": {
+ "action": "useSystemDefault",
+ "ask": false
+ }
+ },
+ "schemes": {
+ "mailto": {
+ "action": "useHelperApp",
+ "ask": true | false,
+ "handlers": [{
+ "name": "Gmail",
+ "uriTemplate": "https://mail.google.com/mail/?extsrc=mailto&url=%s"
+ }]
+ }
+ },
+ "extensions": {
+ "pdf": {
+ "action": "useHelperApp",
+ "ask": true | false,
+ "handlers": [{
+ "name": "Adobe Acrobat",
+ "path": "/usr/bin/acroread"
+ }]
+ }
+ }
+ }
+ }
+}
+```
+### HardwareAcceleration
+Control hardware acceleration.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `layers.acceleration.disabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>HardwareAcceleration</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "HardwareAcceleration": true | false
+ }
+}
+```
+### Homepage
+Configure the default homepage and how Firefox starts.
+
+`URL` is the default homepage.
+
+`Locked` prevents the user from changing homepage preferences.
+
+`Additional` allows for more than one homepage.
+
+`StartPage` is how Firefox starts. The choices are no homepage, the default homepage or the previous session.
+
+With Firefox 78, an additional option as added for `Startpage`, `homepage-locked`. If this is value is set for the Startpage, the user will always get the homepage at startup and cannot choose to restore their session.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
+**CCK2 Equivalent:** `homePage`,`lockHomePage`\
+**Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\Homepage\URL = "https://example.com"
+Software\Policies\Mozilla\Firefox\Homepage\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
+Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" | "homepage-locked"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
+```
+Value (string):
+```
+<enabled/>
+
+<data id="HomepageURL" value="https://example.com"/>
+<data id="HomepageLocked" value="true | false"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
+```
+Value (string):
+```
+<enabled/>
+
+<data id="HomepageAdditional" value="1http://example.org2http://example.edu"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
+```
+Value (string):
+```
+<enabled/>
+
+<data id="StartPage" value="none | homepage | previous-session"/>
+```
+#### macOS
+```
+<dict>
+ <key>Homepage</key>
+ <dict>
+ <key>URL</key>
+ <string>http://example.com</string>
+ <key>Locked</key>
+ <true/> | <false/>
+ <key>Additional</key>
+ <array>
+ <string>http://example.org</string>
+ <string>http://example.edu</string>
+ </array>
+ <key>StartPage</key>
+ <string>none | homepage | previous-session | homepage-locked</string>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Homepage": {
+ "URL": "http://example.com/",
+ "Locked": true | false,
+ "Additional": ["http://example.org/",
+ "http://example.edu/"],
+ "StartPage": "none" | "homepage" | "previous-session" | "homepage-locked"
+ }
+ }
+}
+```
+### InstallAddonsPermission
+Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs.
+
+`Allow` is a list of origins where extension installs are allowed.
+
+`Default` determines whether or not extension installs are allowed by default.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `permissions.install`\
+**Preferences Affected:** `xpinstall.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
+Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Permissions" value="1https://example.org2https://example.edu"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
+```
+Value (string):
+```
+<enabled/>
+```
+#### macOS
+```
+<dict>
+ <key>InstallAddonsPermission</key>
+ <dict>
+ <key>Allow</key>
+ <array>
+ <string>http://example.org</string>
+ <string>http://example.edu</string>
+ </array>
+ <key>Default</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "InstallAddonsPermission": {
+ "Allow": ["http://example.org/",
+ "http://example.edu/"],
+ "Default": true | false
+ }
+ }
+}
+```
+### LegacyProfiles
+Disable the feature enforcing a separate profile for each installation.
+
+If this policy set to true, Firefox will not try to create different profiles for installations of Firefox in different directories. This is the equivalent of the MOZ_LEGACY_PROFILES environment variable.
+
+If this policy set to false, Firefox will create a new profile for each unique installation of Firefox.
+
+This policy only work on Windows via GPO (not policies.json).
+
+**Compatibility:** Firefox 70, Firefox ESR 68.2 (Windows only, GPO only)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+### LegacySameSiteCookieBehaviorEnabled
+Enable default legacy SameSite cookie behavior setting.
+
+If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
+
+**Compatibility:** Firefox 96\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.cookie.sameSite.laxByDefault`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>LegacySameSiteCookieBehaviorEnabled</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "LegacySameSiteCookieBehaviorEnabled": true | false
+}
+```
+### LegacySameSiteCookieBehaviorEnabledForDomainList
+Revert to legacy SameSite behavior for cookies on specified sites.
+
+If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
+
+**Compatibility:** Firefox 96\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
+```
+Value (string):
+```
+<enabled/>
+<data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1example.org2example.edu"/>
+```
+#### macOS
+```
+<dict>
+ <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
+ <array>
+ <string>example.org</string>
+ <string>example.edu</string>
+ </array>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
+ "example.edu"]
+ }
+}
+```
+### LocalFileLinks
+Enable linking to local files by origin.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `capability.policy.localfilelinks.*`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
+```
+Value (string):
+```
+<enabled/>
+<data id="LocalFileLinks" value="1https://example.org2https://example.edu"/>
+```
+#### macOS
+```
+<dict>
+ <key>LocalFileLinks</key>
+ <array>
+ <string>http://example.org</string>
+ <string>http://example.edu</string>
+ </array>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "LocalFileLinks": ["http://example.org/",
+ "http://example.edu/"]
+ }
+}
+```
+### ManagedBookmarks
+Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
+
+The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
+
+The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
+```
+{
+ "items": {
+ "id": "BookmarkType",
+ "properties": {
+ "children": {
+ "items": {
+ "$ref": "BookmarkType"
+ },
+ "type": "array"
+ },
+ "name": {
+ "type": "string"
+ },
+ "toplevel_name": {
+ "type": "string"
+ },
+ "url": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
+ "type": "array"
+}
+```
+**Compatibility:** Firefox 83, Firefox ESR 78.5\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\ManagedBookmarks (REG_MULTI_SZ) =
+```
+[
+ {
+ "toplevel_name": "My managed bookmarks folder"
+ },
+ {
+ "url": "example.com",
+ "name": "Example"
+ },
+ {
+ "name": "Mozilla links",
+ "children": [
+ {
+ "url": "https://mozilla.org",
+ "name": "Mozilla.org"
+ },
+ {
+ "url": "https://support.mozilla.org/",
+ "name": "SUMO"
+ }
+ ]
+ }
+]
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarks
+```
+Value (string):
+```
+<enabled/>
+<data id="JSON" value='
+[
+ {
+ "toplevel_name": "My managed bookmarks folder"
+ },
+ {
+ "url": "example.com",
+ "name": "Example"
+ },
+ {
+ "name": "Mozilla links",
+ "children": [
+ {
+ "url": "https://mozilla.org",
+ "name": "Mozilla.org"
+ },
+ {
+ "url": "https://support.mozilla.org/",
+ "name": "SUMO"
+ }
+ ]
+ }
+]'/>
+```