X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/2d3e23d4222cfc741746eccf975fd66e3196da4e..feb3a64154fbbe0e503713f5ee2c8392fbb91c9d:/docs/index.md diff --git a/docs/index.md b/docs/index.md index 5786f1b..2850b1f 100644 --- a/docs/index.md +++ b/docs/index.md @@ -58,6 +58,7 @@ Note: The `policies.json` must use the UTF-8 encoding. | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing. | **[`DisableProfileImport`](#disableprofileimport)** | Remove the ability to import data from other browers. | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org +| **[`DisableRemoteImprovements`](#disableremoteimprovements)** | Prevent Firefox from applying performance, stability, and feature changes between updates. | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. | **[`DisableSecurityBypass`](#disablesecuritybypass)** | Prevent the user from bypassing security in certain cases. | **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image. @@ -86,6 +87,7 @@ Note: The `policies.json` must use the UTF-8 encoding. | **[`HttpAllowlist`](#httpallowlist)** | Configure origins that will not be upgraded to HTTPS. | **[`HttpsOnlyMode`](#httpsonlymode)** | Configure HTTPS-Only Mode. | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed. +| **[`IPProtectionAvailable`](#ipprotectionavailable)** | Prevent the built-in VPN from being available to users. | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation. | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting. | **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites. @@ -316,7 +318,7 @@ Value (string): Prevent Firefox from being updated beyond the specified version. -You can specify the any version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version. +You can specify the version as ```xx.``` and Firefox will be updated with all minor versions, but will not be updated beyond the major version. You can also specify the version as ```xx.xx.``` and Firefox will be updated with all patch versions, but will not be updated beyond the minor version. @@ -2444,6 +2446,45 @@ Value (string): } } ``` +### DisableRemoteImprovements +Prevent Firefox from applying performance, stability, and feature changes between updates. + +For more information, see [Manage remote improvements settings in Firefox](https://support.mozilla.org/en-US/kb/remote-improvements). + +Note: This policy is not correctly reflected in preferences. This will be fixed soon. + +**Compatibility:** Firefox 148\ +**CCK2 Equivalent:** N/A +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisableRemoteImprovements = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableRemoteImprovements +``` +Value (string): +``` + or +``` +#### macOS +``` + + DisableRemoteImprovements + | + +``` +#### policies.json +``` +{ + "policies": { + "DisableRemoteImprovements": true | false + } +} +``` ### DisableSafeMode Disable safe mode within the browser. @@ -2965,7 +3006,7 @@ IF `BaselineExceptions` is true, Firefox will automatically apply exceptions req If `ConvenienceExceptions`is true, Firefox will apply exceptions automatically that are only required to fix minor issues and make convenience features available. (Firefox 145) -Note: Users can change `BaselineExceptions` and `ConvenienceExceptions` even when `Category` is set to ```strict``` unless `Locked` is set to true. +Note: Users can change `BaselineExceptions` and `ConvenienceExceptions` even when `Category` is set to ```strict``` unless `Locked` is set to true. If `Locked` is set to true, the defaults are used unless a different value is specified in policy for `BaselineExceptions` and `ConvenienceExceptions`. **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5. Category added in Firefox 142/140.2. BaselineExceptions and ConvenienceExceptions added in Firefox 145)\ **CCK2 Equivalent:** N/A\ @@ -3362,7 +3403,7 @@ The configuration for each extension is another dictionary that can contain the |         `normal_installed` | Automatically installs the extension but allows it to be disabled by the user. This option is not valid for the default configuration and requires an `install_url`. | |`install_url` | The URL from which Firefox can download a `force_installed` or `normal_installed` extension. Firefox automatically installs, updates, or re-installs the extension when the XPI file’s internal [`version`](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/version) changes. | `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the `.xpi` file and the page where the download is started (the referrer) must be allowed by these patterns. This setting can be used only for the default configuration. | -| `allowed_types` | Restricts which types of add-ons can be installed. Accepts a list of one or more of: `"extension"`, `"theme"`, `"dictionary"`, `"locale"`.

**Note:** This setting only applies when installation is otherwise allowed. If `"installation_mode": "blocked"` is set (either for a specific ID or for `"*"`), extensions remain blocked regardless of `allowed_types`. This setting can be used only for the default configuration. | +| `allowed_types` | Restricts which types of add-ons can be installed. Accepts a list of one or more of: `"extension"`, `"theme"`, `"dictionary"`, `"locale"`, `"sitepermission"`.

**Note:** This setting only applies when installation is otherwise allowed. If `"installation_mode": "blocked"` is set (either for a specific ID or for `"*"`), extensions remain blocked regardless of `allowed_types`. This setting can be used only for the default configuration. | | `blocked_install_message` | Maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when an extension is blocked. This could be used to direct users to your help desk, explain why a particular extension is blocked, or something similar. This setting can be used only for the default configuration. | | `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration. | | `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension. | @@ -3373,7 +3414,8 @@ The configuration for each extension is another dictionary that can contain the #### Interaction Notes - `"installation_mode": "blocked"` takes precedence over all other settings. When set, extensions cannot be installed regardless of `allowed_types` or `install_sources`. A configuration for a specific extension ID still overrides the `"*"` configuration. - To block all extensions except a few, use `"installation_mode": "blocked"` for `"*"` and explicitly override it for allowed or force-installed extensions. -- To block extensions but allow themes, dictionaries, and language packs, use `"allowed_types": ["theme", "dictionary", "locale"]` in the default (`"*"` ) configuration. (`"locale"` corresponds to Firefox language packs.) +- To block extensions but allow themes, dictionaries, language packs, and site permissions, leave the default (`"*"` ) `installation_mode` as `"allowed"` and set `"allowed_types": ["theme", "dictionary", "locale", "sitepermission"]`. (`"locale"` corresponds to Firefox language packs.) + **Do not set `"installation_mode": "blocked"` in this scenario**, because `allowed_types` is ignored when installation is blocked. **Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\ **CCK2 Equivalent:** N/A\ @@ -4292,6 +4334,40 @@ Value (string): } } ``` +### IPProtectionAvailable +Prevent the built-in VPN from being available to users. + +**Compatibility:** Firefox 149.0.2\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.ipProtection.enabled` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\IPProtectionAvailable = = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/IPProtectionAvailable +``` +Value (string): +``` + or +``` +#### macOS +``` + + IPProtectionAvailable + | + +``` +#### policies.json +``` +{ + "policies": { + "IPProtectionAvailable": true | false +} +``` ### LegacyProfiles Disable the feature enforcing a separate profile for each installation.