+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>Certificates</key>
+ <dict>
+ <key>ImportEnterpriseRoots</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Certificates": {
+ "ImportEnterpriseRoots": true | false
+ }
+ }
+}
+```
+### Certificates | Install
+
+Install certificates into the Firefox certificate store. If only a filename is specified, Firefox searches for the file in the following locations:
+
+- Windows
+ - %USERPROFILE%\AppData\Local\Mozilla\Certificates
+ - %USERPROFILE%\AppData\Roaming\Mozilla\Certificates
+- macOS
+ - /Library/Application Support/Mozilla/Certificates
+ - ~/Library/Application Support/Mozilla/Certificates
+- Linux
+ - /usr/lib/mozilla/certificates
+ - /usr/lib64/mozilla/certificates
+ - ~/.mozilla/certificates
+
+Starting with Firefox 65, Firefox 60.5 ESR, a fully qualified path can be used, including UNC paths. You should use the native path style for your operating system. We do not support using %USERPROFILE% or other environment variables on Windows.
+
+If you are specifying the path in the policies.json file on Windows, you need to escape your backslashes (`\\`) which means that for UNC paths, you need to escape both (`\\\\`). If you use group policy, you only need one backslash.
+
+Certificates are installed using the trust string `CT,CT,`.
+
+Binary (DER) and ASCII (PEM) certificates are both supported.
+
+**Compatibility:** Firefox 64, Firefox ESR 64\
+**CCK2 Equivalent:** `certs.ca`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
+Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
+```
+Value (string):
+```
+<enabled/>
+<data id="Certificates_Install" value="1cert1.der2C:\Users\username\cert2.pem"/>
+```
+#### macOS
+```
+<dict>
+ <key>Certificates</key>
+ <dict>
+ <key>Install</key>
+ <array>
+ <string>cert1.der</string>
+ <string>/Users/username/cert2.pem</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Certificates": {
+ "Install": ["cert1.der", "/home/username/cert2.pem"]
+ }
+ }
+}
+```
+### Cookies
+Configure cookie preferences.
+
+`Allow` is a list of origins (not domains) where cookies are always allowed. You must include http or https.
+
+`Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
+
+`Default` determines whether cookies are accepted at all.
+
+`AcceptThirdParty` determines how third-party cookies are handled.
+
+`ExpireAtSessionEnd` determines when cookies expire.
+
+`RejectTracker` only rejects cookies for trackers.
+
+`Locked` prevents the user from changing cookie preferences.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker was added in Firefox 63)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
+Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
+Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_Allow" value="1https://example.com"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_Block" value="1https://example.org"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
+```
+Value (string):
+```
+<enabled/>
+<data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>Cookies</key>
+ <dict>
+ <key>Allow</key>
+ <array>
+ <string>http://example.com</string>
+ </array>
+ <key>Block</key>
+ <array>
+ <string>http://example.org</string>
+ </array>
+ <key>Default</key>
+ <true/> | <false/>
+ <key>AcceptThirdParty</key>
+ <string>always | never | from-visited</string>
+ <key>ExpireAtSessionEnd</key>
+ <true/> | <false/>
+ <key>RejectTracker</key>
+ <true/> | <false/>
+ <key>Locked</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Cookies": {
+ "Allow": ["http://example.org/"],
+ "Block": ["http://example.edu/"],
+ "Default": true | false,
+ "AcceptThirdParty": "always" | "never" | "from-visited",
+ "ExpireAtSessionEnd": true | false,
+ "RejectTracker": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
+### DisableSetDesktopBackground
+Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `removeSetDesktopBackground`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableSetDesktopBackground</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableSetDesktopBackground": true | false
+ }
+}
+```
+### DisableMasterPasswordCreation
+Remove the master password functionality.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `noMasterPassword`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableMasterPasswordCreation</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableMasterPasswordCreation": true | false
+ }
+}
+```
+### DisableAppUpdate
+Turn off application updates.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disableFirefoxUpdates`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableAppUpdate</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableAppUpdate": true | false
+ }
+}
+```
+### DisableBuiltinPDFViewer
+Disable the built in PDF viewer. PDF files are downloaded and sent externally.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disablePDFjs`\
+**Preferences Affected:** `pdfjs.disabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableBuiltinPDFViewer</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableBuiltinPDFViewer": true | false
+ }
+}
+```
+### DisabledCiphers
+Disable specific cryptographic ciphers.
+
+**Compatibility:** Firefox 76, Firefox ESR 68.8\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisabledCiphers</key>
+ <dict>
+ <key>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</key>
+ <true/> | <false/>
+ <key>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</key>
+ <true/> | <false/>
+ <key>TLS_RSA_WITH_AES_128_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_RSA_WITH_AES_256_CBC_SHA</key>
+ <true/> | <false/>
+ <key>TLS_RSA_WITH_3DES_EDE_CBC_SHA</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisabledCiphers" {
+ "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false,
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false,
+ "TLS_RSA_WITH_AES_128_CBC_SHA": true | false,
+ "TLS_RSA_WITH_AES_256_CBC_SHA": true | false,
+ "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false
+ }
+ }
+}
+```
+### DisableDefaultBrowserAgent
+Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7 (Windows only)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableDefaultBrowserAgent": true | false
+ }
+}
+```
+### DisableDeveloperTools
+Remove access to all developer tools.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `removeDeveloperTools`\
+**Preferences Affected:** `devtools.policy.disabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableDeveloperTools</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableDeveloperTools": true | false
+ }
+}
+```
+### DisableFeedbackCommands
+Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site).
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableFeedbackCommands</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableFeedbackCommands": true | false
+ }
+}
+```
+### DisableFirefoxScreenshots
+Remove access to Firefox Screenshots.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `extensions.screenshots.disabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableFirefoxScreenshots</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableFirefoxScreenshots": true | false
+ }
+}
+```
+### DisableFirefoxAccounts
+Disable Firefox Accounts integration (Sync).
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disableSync`\
+**Preferences Affected:** `identity.fxaccounts.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableFirefoxAccounts</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableFirefoxAccounts": true | false
+ }
+}
+```
+### DisableFirefoxStudies
+Disable Firefox studies (Shield).
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableFirefoxStudies</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableFirefoxStudies": true | false
+ }
+}
+```
+### DisableForgetButton
+Disable the "Forget" button.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disableForget`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableForgetButton</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableForgetButton": true | false
+ }
+}
+```
+### DisableFormHistory
+Turn off saving information on web forms and the search bar.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disableFormFill`\
+**Preferences Affected:** ` browser.formfill.enable`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableFormHistory</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableFormHistory": true | false
+ }
+}
+```
+### DisablePasswordReveal
+Do not allow passwords to be shown in saved logins
+
+**Compatibility:** Firefox 71, Firefox ESR 68.3\
+**CCK2 Equivalent:** N/A
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisablePasswordReveal</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisablePasswordReveal": true | false
+ }
+}
+```
+### DisablePocket
+Remove Pocket in the Firefox UI. It does not remove it from the new tab page.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disablePocket`\
+**Preferences Affected:** `extensions.pocket.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisablePocket</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisablePocket": true | false
+ }
+}
+```
+### DisablePrivateBrowsing
+Remove access to private browsing.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disablePrivateBrowsing`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisablePrivateBrowsing</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisablePrivateBrowsing": true | false
+ }
+}
+```
+### DisableProfileImport
+Disables the "Import data from another browser" option in the bookmarks window.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableProfileImport</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableProfileImport": true | false
+ }
+}
+```
+### DisableProfileRefresh
+Disable the Refresh Firefox button on about:support and support.mozilla.org, as well as the prompt that displays offering to refresh Firefox when you haven't used it in a while.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disableResetFirefox`\
+**Preferences Affected:** `browser.disableResetPrompt`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableProfileRefresh</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableProfileRefresh": true | false
+ }
+}
+```
+### DisableSafeMode
+Disable safe mode within the browser.
+
+On Windows, this disables safe mode via the command line as well.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, macOS)\
+**CCK2 Equivalent:** `disableSafeMode`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableSafeMode</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableSafeMode": true | false
+ }
+}
+```
+### DisableSecurityBypass
+Prevent the user from bypassing security in certain cases.
+
+`InvalidCertificate` prevents adding an exception when an invalid certificate is shown.
+
+`SafeBrowsing` prevents selecting "ignore the risk" and visiting a harmful site anyway.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `security.certerror.hideAddException`,`browser.safebrowsing.allowOverride`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+
+#### macOS
+```
+<dict>
+ <key>DisableSecurityBypass</key>
+ <dict>
+ <key>InvalidCertificate</key>
+ <true/> | <false/>
+ <key><SafeBrowsing/key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableSecurityBypass": {
+ "InvalidCertificate": true false,
+ "SafeBrowsing": true false
+ }
+ }
+}
+```
+### DisableSystemAddonUpdate
+Prevent system add-ons from being installed or update.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableSystemAddonUpdate</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableSystemAddonUpdate": true | false
+ }
+}
+```
+### DisableTelemetry
+Prevent the upload of telemetry data.
+
+Mozilla recommends that you do not disable telemetry. Information collected through telemetry helps us build a better product for businesses like yours.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `disableTelemetry`\
+**Preferences Affected:** `datareporting.healthreport.uploadEnabled,datareporting.policy.dataSubmissionEnabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisableTelemetry</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisableTelemetry": true | false
+ }
+}
+```
+### DisplayBookmarksToolbar
+Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `displayBookmarksToolbar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DisplayBookmarksToolbar</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayBookmarksToolbar": true | false
+ }
+}
+```
+### DisplayMenuBar (Deprecated)
+Set the initial state of the menubar. A user can still hide it and it will stay hidden.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
+```
+#### macOS
+```
+<dict>
+ <key>DisplayMenuBar</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayMenuBar": true | false
+ }
+}
+```
+### DisplayMenuBar
+Set the state of the menubar.
+
+`always` means the menubar is shown and cannot be hidden.
+
+`never` means the menubar is hidden and cannot be shown.
+
+`default-on` means the menubar is on by default but can be hidden.
+
+`default-off` means the menubar is off by default but can be shown.
+
+**Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
+**CCK2 Equivalent:** `displayMenuBar`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
+```
+Value (string):
+```
+<enabled/>
+<data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
+```
+#### macOS
+```
+<dict>
+ <key>DisplayMenuBar</key>
+ <string>always | never | default-on | default-off</string>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayMenuBar": "always", "never", "default-on", "default-off"
+ }
+}
+```
+### DNSOverHTTPS
+Configure DNS over HTTPS.
+
+`Enabled` determines whether DNS over HTTPS is enabled
+
+`ProviderURL` is a URL to another provider.
+
+`Locked` prevents the user from changing DNS over HTTPS preferences.
+
+`ExcludedDomains` excludes domains from DNS over HTTPS.
+
+**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.trr.mode`,`network.trr.uri`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_PROVIDER"
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
+```
+Value (string):
+```
+<enabled/>
+<data id="String" value="URL_TO_ALTERNATE_PROVIDER"/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
+```
+Value (string):
+```
+<enabled/>
+<data id="List" value="1example.com"/>
+```
+#### macOS
+```
+<dict>
+ <key>DNSOverHTTPS</key>
+ <dict>
+ <key>Enabled</key>
+ <true/> | <false/>
+ <key>ProviderURL</key>
+ <string>URL_TO_ALTERNATE_PROVIDER</string>
+ <key>Locked</key>
+ <true/> | <false/>
+ <key>ExcludedDomains</key>
+ <array>
+ <string>example.com</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DNSOverHTTPS": {
+ "Enabled": true | false,
+ "ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
+ "Locked": true | false,
+ "ExcludedDomains": ["example.com"]
+ }
+ }
+}
+```
+### DontCheckDefaultBrowser
+Don't check if Firefox is the default browser at startup.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `dontCheckDefaultBrowser`\
+**Preferences Affected:** `browser.shell.checkDefaultBrowser`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
+```
+Value (string):
+```
+<enabled/> or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>DontCheckDefaultBrowser</key>
+ <true/> | <false/>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DontCheckDefaultBrowser": true | false
+ }
+}
+```
+### DefaultDownloadDirectory
+Set the default download directory.
+
+You can use ${home} for the native home directory.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.download.dir`,`browser.download.folderList`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
+```
+Value (string):
+```
+<enabled/>
+<data id="Preferences_String" value="${home}\Downloads"/>
+```
+#### macOS
+```
+<dict>
+ <key>DefaultDownloadDirectory</key>
+ <string>${home}/Downloads</string>
+</dict>
+```
+#### policies.json (macOS and Linux)
+```
+{
+ "policies": {
+ "DefaultDownloadDirectory": "${home}/Downloads"
+}
+```
+#### policies.json (Windows)
+```
+{
+ "policies": {
+ "DefaultDownloadDirectory": "${home}\\Downloads"
+}
+```
+### DownloadDirectory
+Set and lock the download directory.
+
+You can use ${home} for the native home directory.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.download.dir`,`browser.download.folderList`,`browser.download.useDownloadDir`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
+```
+Value (string):
+```
+<enabled/>
+<data id="Preferences_String" value="${home}\Downloads"/>
+```
+#### macOS
+```
+<dict>
+ <key>DownloadDirectory</key>
+ <string>${home}/Downloads</string>
+</dict>
+```
+#### policies.json (macOS and Linux)
+```
+{
+ "policies": {
+ "DownloadDirectory": "${home}/Downloads"
+}
+```
+#### policies.json (Windows)
+```
+{
+ "policies": {
+ "DownloadDirectory": "${home}\\Downloads"
+}
+```
+### EnableTrackingProtection
+Configure tracking protection.
+
+If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it.
+
+If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing.
+
+If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it.
+
+If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
+
+If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
+
+`Exceptions` are origins for which tracking protection is not enabled.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Value = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TrackingProtection
+```
+Value (string):
+```
+<enabled/>
+<data id="TrackingProtectionLocked" value="true | false"/>
+<data id="Cryptomining" value="true | false"/>
+<data id="Fingerprinting" value="true | false"/>
+<data id=TrackingProtection_Exceptions" value="1https://example.com"/>
+```
+#### macOS
+```
+<dict>
+ <key>EnableTrackingProtection</key>
+ <dict>
+ <key>Value</key>
+ <true/> | <false/>
+ <key><Locked</key>
+ <true/> | <false/>
+ <key><Cryptomining</key>
+ <true/> | <false/>
+ <key><Fingerprinting</key>
+ <true/> | <false/>
+ <key>Exceptions</key>
+ <array>
+ <string>https://example.com</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "EnableTrackingProtection": {
+ "Value": [true, false],
+ "Locked": [true, false],
+ "Cryptomining": [true, false],
+ "Fingerprinting": [true, false],
+ "Exceptions": ["https://example.com"]
+ }
+}
+```
+### EncryptedMediaExtensions
+Enable or disable Encrypted Media Extensions and optionally lock it.
+
+If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
+
+If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
+
+**Compatibility:** Firefox 77, Firefox ESR 68.9\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `media.eme.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
+```
+Value (string):
+```
+<enabled/>or <disabled/>
+```
+#### macOS
+```
+<dict>
+ <key>EncryptedMediaExtensions</key>
+ <dict>
+ <key>Enabled</key>
+ <true/> | <false/>
+ <key><Locked</key>
+ <true/> | <false/>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "EncryptedMediaExtensions": {
+ "Enabled": [true, false],
+ "Locked": [true, false]
+ }
+}
+```
+### EnterprisePoliciesEnabled
+Enable policy support on macOS.
+
+**Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### macOS
+```
+<dict>
+ <key>EnterprisePoliciesEnabled</key>
+ <true/>
+</dict>
+```
+### Extensions
+Control the installation, uninstallation and locking of extensions.
+
+`Install` is a list of URLs or native paths for extensions to be installed.
+
+`Uninstall` is a list of extension IDs that should be uninstalled if found.
+
+`Locked` is a list of extension IDs that the user cannot disable or uninstall.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `addons`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\Extensions\Install\1 = "https://addons.mozilla.org/firefox/downloads/somefile.xpi"
+Software\Policies\Mozilla\Firefox\Extensions\Install\2 = "//path/to/xpi"
+Software\Policies\Mozilla\Firefox\Extensions\Uninstall\1 = "bad_addon_id@mozilla.org"
+Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "addon_id@mozilla.org"
+```
+#### macOS
+```
+<dict>
+ <key>Extensions</key>
+ <dict>
+ <key>Install</key>
+ <array>
+ <string>https://addons.mozilla.org/firefox/downloads/somefile.xpi</string>
+ <string>//path/to/xpi</string>
+ </array>
+ <key>Uninstall</key>
+ <array>
+ <string>bad_addon_id@mozilla.org</string>
+ </array>
+ <key>Locked</key>
+ <array>
+ <string>addon_id@mozilla.org</string>
+ </array>
+ </dict>
+</dict>
+```
+#### policies.json
+```
+{
+ "policies": {
+ "Extensions": {