]> git.p6c8.net - policy-templates.git/blobdiff - README.md
Merge pull request #854 from dev-id/patch-1
[policy-templates.git] / README.md
index 91ce04b1ddfbaf193bda1c3c3a6efe266e76a23f..256da8d36becd92a78a4f3f6829a5514d6b313d4 100644 (file)
--- a/README.md
+++ b/README.md
@@ -23,14 +23,15 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
 | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
 | **[`Cookies`](#cookies)** | Configure cookie preferences.
+| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
 | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
 | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
 | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
 | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
 | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
 | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
-| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
 | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
+| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
 | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
 | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
 | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
@@ -46,11 +47,10 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
 | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
 | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
-| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
 | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
+| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
 | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
 | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
-| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
 | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
 | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
 | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
@@ -58,17 +58,18 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
 | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
 | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
-| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
 | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
-| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
+| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
 | **[`Handlers`](#handlers)** | Configure default application handlers.
+| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
 | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
 | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
 | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
+| **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
+| **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
 | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
 | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
 | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates..
-| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
 | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
 | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
 | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
@@ -83,6 +84,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
 | **[`Preferences`](#preferences)** | Set and lock preferences.
 | **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
+| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
 | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
 | **[`Proxy`](#proxy)** | Configure proxy settings.
 | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
@@ -90,10 +92,10 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
 | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
 | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
+| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
 | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
 | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
 | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
-| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
 | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
 | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
 | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
@@ -108,86 +110,86 @@ Policies can be specified using the [Group Policy templates on Windows](https://
 
 Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
 
-### AppAutoUpdate
-
-Enable or disable **automatic** application update.
+### AllowedDomainsForApps
 
-If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
+Define domains allowed to access Google Workspace.
 
-If set to false, application updates are downloaded but the user can choose when to install the update.
+This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
 
-If you have disabled updates via DisableAppUpdate, this policy has no effect.
+If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
 
-**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**Compatibility:** Firefox 89, Firefox ESR 78.11\
 **CCK2 Equivalent:** N/A\
-**Preferences Affected:** `app.update.auto`
+**Preferences Affected:** N/A
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
 ```
 Value (string):
 ```
-<enabled/> or <disabled/>
+<enabled/>
+<data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
 ```
 #### macOS
 ```
 <dict>
-  <key>AppAutoUpdate</key>
-  <true/> | <false/>
+  <key>AllowedDomainsForApps</key>
+  <string>managedfirefox.com,example.com</string>
 </dict>
 ```
 #### policies.json
 ```
 {
   "policies": {
-    "AppAutoUpdate": true | false
+    "AllowedDomainsForApps": "managedfirefox.com,example.com"
   }
 }
 ```
-### AllowedDomainsForApps
+### AppAutoUpdate
 
-Define domains allowed to access Google Workspace.
+Enable or disable **automatic** application update.
 
-This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
+If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
 
-If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
+If set to false, application updates are downloaded but the user can choose when to install the update.
 
-**Compatibility:** Firefox 89, Firefox ESR 78.11\
+If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
 **CCK2 Equivalent:** N/A\
-**Preferences Affected:** N/A
+**Preferences Affected:** `app.update.auto`
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
+Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
 ```
 Value (string):
 ```
-<enabled/>
-<data id="AllowedDomainsForApps" value="managedfirefox.com,example.com"/>
+<enabled/> or <disabled/>
 ```
 #### macOS
 ```
 <dict>
-  <key>AllowedDomainsForApps</key>
-  <string>managedfirefox.com,example.com</string>
+  <key>AppAutoUpdate</key>
+  <true/> | <false/>
 </dict>
 ```
 #### policies.json
 ```
 {
   "policies": {
-    "AllowedDomainsForApps": "managedfirefox.com,example.com"
+    "AppAutoUpdate": true | false
   }
 }
 ```
@@ -232,7 +234,7 @@ Value (string):
 
 Configure sites that support integrated authentication.
 
-See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
+See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
 
 `PrivateBrowsing` enables integrated authentication in private browsing.
 
@@ -656,6 +658,8 @@ Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add
 
 Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
 
+If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
+
 **Compatibility:** Firefox 60, Firefox ESR 60\
 **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
 **Preferences Affected:** N/A
@@ -667,6 +671,12 @@ Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
 Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
 Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
 Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
+
+Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
+```
+[]
+```
+
 ```
 #### Windows (Intune)
 OMA-URI:
@@ -682,6 +692,15 @@ Value (string):
 <data id="BookmarkPlacement" value="toolbar | menu"/>
 <data id="BookmarkFolder" value="FolderName"/>
 ```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
+```
+Value (string):
+```
+<enabled/>
+<data id="JSON" value='[]'/>
+```
 #### macOS
 ```
 <dict>
@@ -874,19 +893,32 @@ Configure cookie preferences.
 
 `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
 
-`Default` determines whether cookies are accepted at all.
+`Behavior` sets the default behavior for cookies based on the values below.
+
+`BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
+
+| Value | Description
+| --- | ---
+| accept | Accept all cookies
+| reject-foreign | Reject third party cookies
+| reject | Reject all cookies
+| limit-foreign | Reject third party cookies for sites you haven't visited
+| reject-tracker | Reject cookies for known trackers (default)
+| reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
 
-`AcceptThirdParty` determines how third-party cookies are handled.
+`Default` (Deprecated) determines whether cookies are accepted at all.
+
+`AcceptThirdParty` (Deprecated) determines how third-party cookies are handled.
 
 `ExpireAtSessionEnd` determines when cookies expire.
 
-`RejectTracker` only rejects cookies for trackers.
+`RejectTracker` (Deprecated) only rejects cookies for trackers.
 
 `Locked` prevents the user from changing cookie preferences.
 
-**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
 **CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.lifetimePolicy`
+**Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
 
 #### Windows (GPO)
 ```
@@ -897,6 +929,8 @@ Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
 Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
+Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
 ```
 #### Windows (Intune)
@@ -968,6 +1002,24 @@ Value (string):
 ```
 <enabled/> or <disabled/>
 ```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_Behavior" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_BehaviorPrivateBrowsing" value="accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign"/>
+```
 #### macOS
 ```
 <dict>
@@ -995,6 +1047,10 @@ Value (string):
     <true/> | <false/>
     <key>Locked</key>
     <true/> | <false/>
+    <key>Behavior</key>
+    <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
+    <key>BehaviorPrivateBrowsing</key>
+    <string>accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign</string>
   </dict>
 </dict>
 ```
@@ -1010,7 +1066,9 @@ Value (string):
       "AcceptThirdParty": "always" | "never" | "from-visited",
       "ExpireAtSessionEnd": true | false,
       "RejectTracker": true | false,
-      "Locked": true | false
+      "Locked": true | false,
+      "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
+      "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
     }
   }
 }
@@ -1055,7 +1113,7 @@ Remove the master password functionality.
 
 If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
 
-If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
+If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
 
 **Compatibility:** Firefox 60, Firefox ESR 60\
 **CCK2 Equivalent:** `noMasterPassword`\
@@ -1089,6 +1147,50 @@ Value (string):
   }
 }
 ```
+### DefaultDownloadDirectory
+Set the default download directory.
+
+You can use ${home} for the native home directory.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
+```
+Value (string):
+```
+<enabled/>
+<data id="Preferences_String" value="${home}\Downloads"/>
+```
+#### macOS
+```
+<dict>
+  <key>DefaultDownloadDirectory</key>
+  <string>${home}/Downloads</string>
+</dict>
+```
+#### policies.json (macOS and Linux)
+```
+{
+  "policies": {
+    "DefaultDownloadDirectory": "${home}/Downloads"
+}
+```
+#### policies.json (Windows)
+```
+{
+  "policies": {
+    "DefaultDownloadDirectory": "${home}\\Downloads"
+}
+```
 ### DisableAppUpdate
 Turn off application updates within Firefox.
 
@@ -1357,21 +1459,21 @@ Value (string):
   }
 }
 ```
-### DisableFirefoxScreenshots
-Remove access to Firefox Screenshots.
+### DisableFirefoxAccounts
+Disable Firefox Accounts integration (Sync).
 
 **Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `extensions.screenshots.disabled`
+**CCK2 Equivalent:** `disableSync`\
+**Preferences Affected:** `identity.fxaccounts.enabled`
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
 ```
 Value (string):
 ```
@@ -1380,7 +1482,7 @@ Value (string):
 #### macOS
 ```
 <dict>
-  <key>DisableFirefoxScreenshots</key>
+  <key>DisableFirefoxAccounts</key>
   <true/> | <false/>
 </dict>
 ```
@@ -1388,25 +1490,25 @@ Value (string):
 ```
 {
   "policies": {
-    "DisableFirefoxScreenshots": true | false
+    "DisableFirefoxAccounts": true | false
   }
 }
 ```
-### DisableFirefoxAccounts
-Disable Firefox Accounts integration (Sync).
+### DisableFirefoxScreenshots
+Remove access to Firefox Screenshots.
 
 **Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `disableSync`\
-**Preferences Affected:** `identity.fxaccounts.enabled`
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `extensions.screenshots.disabled`
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
 ```
 Value (string):
 ```
@@ -1415,7 +1517,7 @@ Value (string):
 #### macOS
 ```
 <dict>
-  <key>DisableFirefoxAccounts</key>
+  <key>DisableFirefoxScreenshots</key>
   <true/> | <false/>
 </dict>
 ```
@@ -1423,7 +1525,7 @@ Value (string):
 ```
 {
   "policies": {
-    "DisableFirefoxAccounts": true | false
+    "DisableFirefoxScreenshots": true | false
   }
 }
 ```
@@ -1910,32 +2012,6 @@ Value (string):
   }
 }
 ```
-### DisplayMenuBar (Deprecated)
-Set the initial state of the menubar. A user can still hide it and it will stay hidden.
-
-**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
-**CCK2 Equivalent:** `displayMenuBar`\
-**Preferences Affected:** N/A
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
-```
-#### macOS
-```
-<dict>
-  <key>DisplayMenuBar</key>
-  <true/> | <false/>
-</dict>
-```
-#### policies.json
-```
-{
-  "policies": {
-    "DisplayMenuBar": true | false
-  }
-}
-```
 ### DisplayMenuBar
 Set the state of the menubar.
 
@@ -1980,6 +2056,32 @@ Value (string):
   }
 }
 ```
+### DisplayMenuBar (Deprecated)
+Set the initial state of the menubar. A user can still hide it and it will stay hidden.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+  <key>DisplayMenuBar</key>
+  <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "DisplayMenuBar": true | false
+  }
+}
+```
 ### DNSOverHTTPS
 Configure DNS over HTTPS.
 
@@ -2103,23 +2205,23 @@ Value (string):
   }
 }
 ```
-### DefaultDownloadDirectory
-Set the default download directory.
+### DownloadDirectory
+Set and lock the download directory.
 
 You can use ${home} for the native home directory.
 
 **Compatibility:** Firefox 68, Firefox ESR 68\
 **CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
+**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
+Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
 ```
 Value (string):
 ```
@@ -2129,7 +2231,7 @@ Value (string):
 #### macOS
 ```
 <dict>
-  <key>DefaultDownloadDirectory</key>
+  <key>DownloadDirectory</key>
   <string>${home}/Downloads</string>
 </dict>
 ```
@@ -2137,66 +2239,22 @@ Value (string):
 ```
 {
   "policies": {
-    "DefaultDownloadDirectory": "${home}/Downloads"
+    "DownloadDirectory": "${home}/Downloads"
 }
 ```
 #### policies.json (Windows)
 ```
 {
   "policies": {
-    "DefaultDownloadDirectory": "${home}\\Downloads"
+    "DownloadDirectory": "${home}\\Downloads"
 }
 ```
-### DownloadDirectory
-Set and lock the download directory.
+### EnableTrackingProtection
+Configure tracking protection.
 
-You can use ${home} for the native home directory.
+If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
 
-**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
-```
-Value (string):
-```
-<enabled/>
-<data id="Preferences_String" value="${home}\Downloads"/>
-```
-#### macOS
-```
-<dict>
-  <key>DownloadDirectory</key>
-  <string>${home}/Downloads</string>
-</dict>
-```
-#### policies.json (macOS and Linux)
-```
-{
-  "policies": {
-    "DownloadDirectory": "${home}/Downloads"
-}
-```
-#### policies.json (Windows)
-```
-{
-  "policies": {
-    "DownloadDirectory": "${home}\\Downloads"
-}
-```
-### EnableTrackingProtection
-Configure tracking protection.
-
-If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
-
-If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
+If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
 
 If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
 
@@ -2603,7 +2661,83 @@ Value (string):
   }
 }
 ```
-### FlashPlugin
+### FirefoxHome
+Customize the Firefox Home page.
+
+**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
+```
+Value (string):
+```
+<enabled/>
+<data id="FirefoxHome_Search"  value="true | false"/>
+<data id="FirefoxHome_TopSites"  value="true | false"/>
+<data id="FirefoxHome_SponsoredTopSites"  value="true | false"/>
+<data id="FirefoxHome_Highlights"  value="true | false"/>
+<data id="FirefoxHome_Pocket"  value="true | false"/>
+<data id="FirefoxHome_SponsoredPocket"  value="true | false"/>
+<data id="FirefoxHome_Snippets"  value="true | false"/>
+<data id="FirefoxHome_Locked"  value="true | false"/>
+```
+#### macOS
+```
+<dict>
+  <key>FirefoxHome</key>
+  <dict>
+    <key>Search</key>
+    <true/> | <false/>
+    <key>TopSites</key>
+    <true/> | <false/>
+    <key>SponsoredTopSites</key>
+    <true/> | <false/>
+    <key>Highlights</key>
+    <true/> | <false/>
+    <key>Pocket</key>
+    <true/> | <false/>
+    <key>SponsoredPocket</key>
+    <true/> | <false/>
+    <key>Snippets</key>
+    <true/> | <false/>
+    <key>Locked</key>
+    <true/> | <false/>
+  </dict>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "FirefoxHome": {
+      "Search": true | false,
+      "TopSites": true | false,
+      "SponsoredTopSites": true | false,
+      "Highlights": true | false,
+      "Pocket": true | false,
+      "SponsoredPocket": true | false,
+      "Snippets": true | false,
+      "Locked": true | false
+    }
+  }
+}
+```
+### FlashPlugin (Deprecated)
 Configure the default Flash plugin policy as well as origins for which Flash is allowed.
 
 `Allow` is a list of origins where Flash are allowed.
@@ -2684,9 +2818,6 @@ Value (string):
   }
 }
 ```
-
-
-
 ### Handlers
 Configure default application handlers. This policy is based on the internal format of `handlers.json`.
 
@@ -2869,72 +3000,6 @@ Value (string):
   }
 }
 ```
-### FirefoxHome
-Customize the Firefox Home page.
-
-**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
-```
-Value (string):
-```
-<enabled/>
-<data id="FirefoxHome_Search"  value="true | false"/>
-<data id="FirefoxHome_TopSites"  value="true | false"/>
-<data id="FirefoxHome_Highlights"  value="true | false"/>
-<data id="FirefoxHome_Pocket"  value="true | false"/>
-<data id="FirefoxHome_Snippets"  value="true | false"/>
-<data id="FirefoxHome_Locked"  value="true | false"/>
-```
-#### macOS
-```
-<dict>
-  <key>FirefoxHome</key>
-  <dict>
-    <key>Search</key>
-    <true/> | <false/>
-    <key>TopSites</key>
-    <true/> | <false/>
-    <key>Highlights</key>
-    <true/> | <false/>
-    <key>Pocket</key>
-    <true/> | <false/>
-    <key>Snippets</key>
-    <true/> | <false/>
-    <key>Locked</key>
-    <true/> | <false/>
-  </dict>
-</dict>
-```
-#### policies.json
-```
-{
-  "policies": {
-    "FirefoxHome": {
-      "Search": true | false,
-      "TopSites": true | false,
-      "Highlights": true | false,
-      "Pocket": true | false,
-      "Snippets": true | false,
-      "Locked": true | false
-    }
-  }
-}
-```
 ### HardwareAcceleration
 Control hardware acceleration.
 
@@ -3148,6 +3213,85 @@ Value (string):
 ```
 <enabled/> or <disabled/>
 ```
+### LegacySameSiteCookieBehaviorEnabled
+Enable default legacy SameSite cookie behavior setting.
+
+If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
+
+**Compatibility:** Firefox 96\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.cookie.sameSite.laxByDefault`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+  <key>LegacySameSiteCookieBehaviorEnabled</key>
+  <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "LegacySameSiteCookieBehaviorEnabled": true | false
+}
+```
+### LegacySameSiteCookieBehaviorEnabledForDomainList
+Revert to legacy SameSite behavior for cookies on specified sites.
+
+If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
+
+**Compatibility:** Firefox 96\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
+```
+Value (string):
+```
+<enabled/>
+<data id="LegacySameSiteCookieBehaviorEnabledForDomainList" value="1&#xF000;example.org&#xF000;2&#xF000;example.edu"/>
+```
+#### macOS
+```
+<dict>
+  <key>LegacySameSiteCookieBehaviorEnabledForDomainList</key>
+  <array>
+    <string>example.org</string>
+    <string>example.edu</string>
+  </array>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
+                                                         "example.edu"]
+  }
+}
+```
 ### LocalFileLinks
 Enable linking to local files by origin.
 
@@ -3371,45 +3515,6 @@ This policy is primarily intended for advanced end users, not for enterprises.
   }
 }
 ```
-### PrimaryPassword
-Require or prevent using a primary (formerly master) password.
-
-If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
-
-If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
-
-**Compatibility:** Firefox 79, Firefox ESR 78.1\
-**CCK2 Equivalent:** `noMasterPassword`\
-**Preferences Affected:** N/A
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
-```
-Value (string):
-```
-<enabled/> or <disabled/>
-```
-#### macOS
-```
-<dict>
-  <key>PrimaryPassword</key>
-  <true/> | <false/>
-</dict>
-```
-#### policies.json
-```
-{
-  "policies": {
-    "PrimaryPassword": true | false
-  }
-}
-```
 ### NetworkPrediction
 Enable or disable network prediction (DNS prefetching).
 
@@ -4167,6 +4272,7 @@ general.smoothScroll (Firefox 83, Firefox ESR 78.5)
 geo.
 gfx.
 intl.
+keyword.enabled (Firefox 95, Firefox ESR 91.4)
 layers.
 layout.
 media.
@@ -4176,6 +4282,7 @@ places.
 print.
 signon. (Firefox 83, Firefox ESR 78.5)
 spellchecker. (Firefox 84, Firefox ESR 78.6)
+toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
 ui.
 widget.
 ```
@@ -4203,7 +4310,7 @@ as well as the following security preferences:
 | security.tls.version.enable-deprecated | boolean | false
 | &nbsp;&nbsp;&nbsp;&nbsp;If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
 | security.warn_submit_secure_to_insecure | boolean | true
-| &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting s form from https to http.
+| &nbsp;&nbsp;&nbsp;&nbsp;If false, no warning is shown when submitting a form from https to http.
 &nbsp;
 
 Using the preference as the key, set the `Value` to the corresponding preference value.
@@ -4214,7 +4321,7 @@ Default preferences can be modified by the user.
 
 If a value is locked, it is also set as the default.
 
-User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy.
+User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
 
 User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
 
@@ -4476,6 +4583,45 @@ Value (string):
   }
 }
 ```
+### PrimaryPassword
+Require or prevent using a primary (formerly master) password.
+
+If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
+
+If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
+
+**Compatibility:** Firefox 79, Firefox ESR 78.1\
+**CCK2 Equivalent:** `noMasterPassword`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+  <key>PrimaryPassword</key>
+  <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+  "policies": {
+    "PrimaryPassword": true | false
+  }
+}
+```
 ### PromptForDownloadLocation
 Ask where to save each file before downloading.
 
@@ -4907,35 +5053,86 @@ Value (string):
 
 ### SearchEngines (This policy is only available on the ESR.)
 
-### SearchEngines | Default
+### SearchEngines | Add
 
-Set the default search engine. This policy is only available on the ESR.
+Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required.
 
-**Compatibility:** Firefox ESR 60\
-**CCK2 Equivalent:** `defaultSearchEngine`\
+`Name` is the name of the search engine.
+
+`URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
+
+`Method` is either GET or POST
+
+`IconURL` is a URL for the icon to use.
+
+`Alias` is a keyword to use for the engine.
+
+`Description` is a description of the search engine.
+
+`PostData` is the POST data as name value pairs separated by &.
+
+`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
+
+`Encoding` is the query charset for the engine. It defaults to UTF-8.
+
+**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
+**CCK2 Equivalent:** `searchplugins`\
 **Preferences Affected:** N/A
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
 ```
 Value (string):
 ```
 <enabled/>
-<data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
+<data id="SearchEngine_Name" value="Example1"/>
+<data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
+<data id="SearchEngine_Method" value="GET | POST"/>
+<data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
+<data id="SearchEngine_Alias" value="example"/>
+<data id="SearchEngine_Description" value="Example Description"/>
+<data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
+<data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
 ```
 #### macOS
 ```
 <dict>
   <key>SearchEngines</key>
   <dict>
-    <key>Default</key>
-    <string>NAME_OF_SEARCH_ENGINE</string>
+    <key>Add</key>
+    <array>
+      <dict>
+        <key>Name</key>
+        <string>Example1</string>
+        <key>URLTemplate</key>
+        <string>https://www.example.org/q={searchTerms}</string>
+        <key>Method</key>
+        <string>GET | POST </string>
+        <key>IconURL</key>
+        <string>https://www.example.org/favicon.ico</string>
+        <key>Alias</key>
+        <string>example</string>
+        <key>Description</key>
+        <string>Example Description</string>
+        <key>SuggestURLTemplate</key>
+        <string>https://www.example.org/suggestions/q={searchTerms}</string>
+        <key>PostData</key>
+        <string>name=value&q={searchTerms}</string>
+      </dict>
+    <array>
   </dict>
 </dict>
 ```
@@ -4944,39 +5141,51 @@ Value (string):
 {
   "policies": {
     "SearchEngines": {
-      "Default": "NAME_OF_SEARCH_ENGINE"
+      "Add": [
+        {
+          "Name": "Example1",
+          "URLTemplate": "https://www.example.org/q={searchTerms}",
+          "Method": "GET" | "POST",
+          "IconURL": "https://www.example.org/favicon.ico",
+          "Alias": "example",
+          "Description": "Description",
+          "PostData": "name=value&q={searchTerms}",
+          "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
+        }
+      ]
     }
   }
 }
 ```
-### SearchEngines | PreventInstalls
+### SearchEngines | Default
 
-Prevent installing search engines from webpages.
+Set the default search engine. This policy is only available on the ESR.
 
 **Compatibility:** Firefox ESR 60\
-**CCK2 Equivalent:** `disableSearchEngineInstall`\
+**CCK2 Equivalent:** `defaultSearchEngine`\
 **Preferences Affected:** N/A
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
 ```
 Value (string):
 ```
-<enabled/> or <disabled/>
+<enabled/>
+<data id="SearchEngines_Default" value="NAME_OF_SEARCH_ENGINE"/>
 ```
 #### macOS
 ```
 <dict>
   <key>SearchEngines</key>
   <dict>
-    <key>PreventInstalls</key>
-    <true/> | <false/>
+    <key>Default</key>
+    <string>NAME_OF_SEARCH_ENGINE</string>
   </dict>
 </dict>
 ```
@@ -4985,42 +5194,39 @@ Value (string):
 {
   "policies": {
     "SearchEngines": {
-      "PreventInstalls": true | false
+      "Default": "NAME_OF_SEARCH_ENGINE"
     }
   }
 }
 ```
-### SearchEngines | Remove
+### SearchEngines | PreventInstalls
 
-Hide built-in search engines. This policy is only available on the ESR.
+Prevent installing search engines from webpages.
 
-**Compatibility:** Firefox ESR 60.2\
-**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
+**Compatibility:** Firefox ESR 60\
+**CCK2 Equivalent:** `disableSearchEngineInstall`\
 **Preferences Affected:** N/A
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
+Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
 ```
 Value (string):
 ```
-<enabled/>
-<data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
+<enabled/> or <disabled/>
 ```
 #### macOS
 ```
 <dict>
   <key>SearchEngines</key>
   <dict>
-    <key>Remove</key>
-    <array>
-      <string>NAME_OF_SEARCH_ENGINE</string>
-    </array>
+    <key>PreventInstalls</key>
+    <true/> | <false/>
   </dict>
 </dict>
 ```
@@ -5029,91 +5235,42 @@ Value (string):
 {
   "policies": {
     "SearchEngines": {
-      "Remove": ["NAME_OF_SEARCH_ENGINE"]
+      "PreventInstalls": true | false
     }
   }
 }
 ```
-### SearchEngines | Add
-
-Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required.
-
-`Name` is the name of the search engine.
-
-`URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
-
-`Method` is either GET or POST
-
-`IconURL` is a URL for the icon to use.
-
-`Alias` is a keyword to use for the engine.
-
-`Description` is a description of the search engine.
-
-`PostData` is the POST data as name value pairs separated by &.
-
-`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
+### SearchEngines | Remove
 
-`Encoding` is the query charset for the engine. It defaults to UTF-8.
+Hide built-in search engines. This policy is only available on the ESR.
 
-**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
-**CCK2 Equivalent:** `searchplugins`\
+**Compatibility:** Firefox ESR 60.2\
+**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
 **Preferences Affected:** N/A
 
 #### Windows (GPO)
 ```
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
 ```
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
 ```
 Value (string):
 ```
 <enabled/>
-<data id="SearchEngine_Name" value="Example1"/>
-<data id="SearchEngine_URLTemplate" value="https://www.example.org/q={searchTerms"/>
-<data id="SearchEngine_Method" value="GET | POST"/>
-<data id="SearchEngine_IconURL" value="https://www.example.org/favicon.ico"/>
-<data id="SearchEngine_Alias" value="example"/>
-<data id="SearchEngine_Description" value="Example Description"/>
-<data id="SearchEngine_SuggestURLTemplate" value="https://www.example.org/suggestions/q={searchTerms}"/>
-<data id="SearchEngine_PostData" value="name=value&amp;q={searchTerms}"/>
+<data id="SearchEngines_Remove" value="1&#xF000;NAME_OF_SEARCH_ENGINE"/>
 ```
 #### macOS
 ```
 <dict>
   <key>SearchEngines</key>
   <dict>
-    <key>Add</key>
-    <array>
-      <dict>
-        <key>Name</key>
-        <string>Example1</string>
-        <key>URLTemplate</key>
-        <string>https://www.example.org/q={searchTerms}</string>
-        <key>Method</key>
-        <string>GET | POST </string>
-        <key>IconURL</key>
-        <string>https://www.example.org/favicon.ico</string>
-        <key>Alias</key>
-        <string>example</string>
-        <key>Description</key>
-        <string>Example Description</string>
-        <key>SuggestURLTemplate</key>
-        <string>https://www.example.org/suggestions/q={searchTerms}</string>
-        <key>PostData</key>
-        <string>name=value&q={searchTerms}</string>
-      </dict>
+    <key>Remove</key>
     <array>
+      <string>NAME_OF_SEARCH_ENGINE</string>
+    </array>
   </dict>
 </dict>
 ```
@@ -5122,18 +5279,7 @@ Value (string):
 {
   "policies": {
     "SearchEngines": {
-      "Add": [
-        {
-          "Name": "Example1",
-          "URLTemplate": "https://www.example.org/q={searchTerms}",
-          "Method": "GET" | "POST",
-          "IconURL": "https://www.example.org/favicon.ico",
-          "Alias": "example",
-          "Description": "Description",
-          "PostData": "name=value&q={searchTerms}",
-          "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
-        }
-      ]
+      "Remove": ["NAME_OF_SEARCH_ENGINE"]
     }
   }
 }
@@ -5233,7 +5379,7 @@ Software\Policies\Mozilla\Firefox\ShowHomeButton = 0x1 | 0x0
 #### Windows (Intune)
 OMA-URI:
 ```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ShowHomeButton
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/Homepage_ShowHomeButton
 ```
 Value (string):
 ```
@@ -5389,7 +5535,7 @@ Prevent Firefox from messaging the user in certain situations.
 
 `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
 
-`FeatureRecommendations` IF false, don't recommend browser features.
+`FeatureRecommendations` If false, don't recommend browser features.
 
 `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
 

patrick-canterino.de