X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/2f30b9e6d5a7efc84716144bb762e5bf9ab7c897..733158f519a9a02ff0c17cda5a4d833e172b0ba3:/README.md?ds=inline diff --git a/README.md b/README.md index 0fc1848..f480238 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,3 @@ -**These policies are in active development and so might contain changes that do not work with current versions of Firefox.** - -**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.** - Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`. | Policy Name | Description @@ -23,14 +19,15 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator. | **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store. | **[`Cookies`](#cookies)** | Configure cookie preferences. +| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory. | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers. | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only). | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. -| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots. | **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync). +| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots. | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield). | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button. | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar. @@ -46,11 +43,10 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update. | **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry | **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar. -| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar. | **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar. +| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar. | **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS. | **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup. -| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory. | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory. | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection. | **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it. @@ -58,17 +54,18 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions. | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions. | **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates. -| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed. | **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page. -| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. +| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed. | **[`Handlers`](#handlers)** | Configure default application handlers. +| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts. | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed. | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation. +| **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting. +| **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites. | **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin. | **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user. | **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.. -| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password. | **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching). | **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page. | **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks. @@ -83,6 +80,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. | **[`Preferences`](#preferences)** | Set and lock preferences. | **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences. +| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password. | **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading. | **[`Proxy`](#proxy)** | Configure proxy settings. | **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference. @@ -90,10 +88,10 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown. | **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed. | **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** | +| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines. | **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine. | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages. | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines. -| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines. | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions. | **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules. | **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar. @@ -108,86 +106,86 @@ Policies can be specified using the [Group Policy templates on Windows](https:// Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/). -### AppAutoUpdate - -Enable or disable **automatic** application update. +### AllowedDomainsForApps -If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval. +Define domains allowed to access Google Workspace. -If set to false, application updates are downloaded but the user can choose when to install the update. +This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name. -If you have disabled updates via DisableAppUpdate, this policy has no effect. +If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list. -**Compatibility:** Firefox 75, Firefox ESR 68.7\ +**Compatibility:** Firefox 89, Firefox ESR 78.11\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** app.update.auto +**Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com" ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps ``` Value (string): ``` - or + + ``` #### macOS ``` - AppAutoUpdate - | + AllowedDomainsForApps + managedfirefox.com,example.com ``` #### policies.json ``` { "policies": { - "AppAutoUpdate": true | false + "AllowedDomainsForApps": "managedfirefox.com,example.com" } } ``` -### AllowedDomainsForApps +### AppAutoUpdate -Define domains allowed to access Google Workspace. +Enable or disable **automatic** application update. -This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name. +If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval. -If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list. +If set to false, application updates are downloaded but the user can choose when to install the update. -**Compatibility:** Firefox 89, Firefox ESR 78.11\ +If you have disabled updates via `DisableAppUpdate`, this policy has no effect. + +**Compatibility:** Firefox 75, Firefox ESR 68.7\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** N/A +**Preferences Affected:** `app.update.auto` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com" +Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate ``` Value (string): ``` - - + or ``` #### macOS ``` - AllowedDomainsForApps - managedfirefox.com,example.com + AppAutoUpdate + | ``` #### policies.json ``` { "policies": { - "AllowedDomainsForApps": "managedfirefox.com,example.com" + "AppAutoUpdate": true | false } } ``` @@ -232,7 +230,7 @@ Value (string): Configure sites that support integrated authentication. -See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information. +See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information. `PrivateBrowsing` enables integrated authentication in private browsing. @@ -656,6 +654,8 @@ Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together. +If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune. + **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\ **Preferences Affected:** N/A @@ -667,6 +667,12 @@ Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com" Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico" Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu" Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName" + +Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) = +``` +[] +``` + ``` #### Windows (Intune) OMA-URI: @@ -682,6 +688,15 @@ Value (string): ``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks +``` +Value (string): +``` + + +``` #### macOS ``` @@ -874,19 +889,32 @@ Configure cookie preferences. `Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https. -`Default` determines whether cookies are accepted at all. +`Behavior` sets the default behavior for cookies based on the values below. + +`BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below. + +| Value | Description +| --- | --- +| accept | Accept all cookies +| reject-foreign | Reject third party cookies +| reject | Reject all cookies +| limit-foreign | Reject third party cookies for sites you haven't visited +| reject-tracker | Reject cookies for known trackers (default) +| reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing) -`AcceptThirdParty` determines how third-party cookies are handled. +`Default` (Deprecated) determines whether cookies are accepted at all. + +`AcceptThirdParty` (Deprecated) determines how third-party cookies are handled. `ExpireAtSessionEnd` determines when cookies expire. -`RejectTracker` only rejects cookies for trackers. +`RejectTracker` (Deprecated) only rejects cookies for trackers. `Locked` prevents the user from changing cookie preferences. -**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\ +**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy` +**Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy` #### Windows (GPO) ``` @@ -897,6 +925,8 @@ Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited" Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign" +Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign" Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0 ``` #### Windows (Intune) @@ -968,6 +998,24 @@ Value (string): ``` or ``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing +``` +Value (string): +``` + + +``` #### macOS ``` @@ -995,6 +1043,10 @@ Value (string): | Locked | + Behavior + accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign + BehaviorPrivateBrowsing + accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign ``` @@ -1010,7 +1062,9 @@ Value (string): "AcceptThirdParty": "always" | "never" | "from-visited", "ExpireAtSessionEnd": true | false, "RejectTracker": true | false, - "Locked": true | false + "Locked": true | false, + "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign", + "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign", } } } @@ -1055,7 +1109,7 @@ Remove the master password functionality. If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality. -If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent. +If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent. **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** `noMasterPassword`\ @@ -1089,6 +1143,50 @@ Value (string): } } ``` +### DefaultDownloadDirectory +Set the default download directory. + +You can use ${home} for the native home directory. + +**Compatibility:** Firefox 68, Firefox ESR 68\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.download.dir`, `browser.download.folderList` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads" +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory +``` +Value (string): +``` + + +``` +#### macOS +``` + + DefaultDownloadDirectory + ${home}/Downloads + +``` +#### policies.json (macOS and Linux) +``` +{ + "policies": { + "DefaultDownloadDirectory": "${home}/Downloads" +} +``` +#### policies.json (Windows) +``` +{ + "policies": { + "DefaultDownloadDirectory": "${home}\\Downloads" +} +``` ### DisableAppUpdate Turn off application updates within Firefox. @@ -1357,21 +1455,21 @@ Value (string): } } ``` -### DisableFirefoxScreenshots -Remove access to Firefox Screenshots. +### DisableFirefoxAccounts +Disable Firefox Accounts integration (Sync). **Compatibility:** Firefox 60, Firefox ESR 60\ -**CCK2 Equivalent:** N/A\ -**Preferences Affected:** `extensions.screenshots.disabled` +**CCK2 Equivalent:** `disableSync`\ +**Preferences Affected:** `identity.fxaccounts.enabled` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts ``` Value (string): ``` @@ -1380,7 +1478,7 @@ Value (string): #### macOS ``` - DisableFirefoxScreenshots + DisableFirefoxAccounts | ``` @@ -1388,25 +1486,25 @@ Value (string): ``` { "policies": { - "DisableFirefoxScreenshots": true | false + "DisableFirefoxAccounts": true | false } } ``` -### DisableFirefoxAccounts -Disable Firefox Accounts integration (Sync). +### DisableFirefoxScreenshots +Remove access to Firefox Screenshots. **Compatibility:** Firefox 60, Firefox ESR 60\ -**CCK2 Equivalent:** `disableSync`\ -**Preferences Affected:** `identity.fxaccounts.enabled` +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `extensions.screenshots.disabled` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots ``` Value (string): ``` @@ -1415,7 +1513,7 @@ Value (string): #### macOS ``` - DisableFirefoxAccounts + DisableFirefoxScreenshots | ``` @@ -1423,7 +1521,7 @@ Value (string): ``` { "policies": { - "DisableFirefoxAccounts": true | false + "DisableFirefoxScreenshots": true | false } } ``` @@ -1502,7 +1600,7 @@ Turn off saving information on web forms and the search bar. **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** `disableFormFill`\ -**Preferences Affected:** ` browser.formfill.enable` +**Preferences Affected:** `browser.formfill.enable` #### Windows (GPO) ``` @@ -1753,7 +1851,7 @@ Prevent the user from bypassing security in certain cases. **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `security.certerror.hideAddException`,`browser.safebrowsing.allowOverride` +**Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride` #### Windows (GPO) ``` @@ -1845,7 +1943,7 @@ Mozilla recommends that you do not disable telemetry. Information collected thro **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** `disableTelemetry`\ -**Preferences Affected:** `datareporting.healthreport.uploadEnabled,datareporting.policy.dataSubmissionEnabled,toolkit.telemetry.archive.enabled` +**Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled` #### Windows (GPO) ``` @@ -1910,32 +2008,6 @@ Value (string): } } ``` -### DisplayMenuBar (Deprecated) -Set the initial state of the menubar. A user can still hide it and it will stay hidden. - -**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\ -**CCK2 Equivalent:** `displayMenuBar`\ -**Preferences Affected:** N/A - -#### Windows (GPO) -``` -Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0 -``` -#### macOS -``` - - DisplayMenuBar - | - -``` -#### policies.json -``` -{ - "policies": { - "DisplayMenuBar": true | false - } -} -``` ### DisplayMenuBar Set the state of the menubar. @@ -1980,6 +2052,32 @@ Value (string): } } ``` +### DisplayMenuBar (Deprecated) +Set the initial state of the menubar. A user can still hide it and it will stay hidden. + +**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\ +**CCK2 Equivalent:** `displayMenuBar`\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0 +``` +#### macOS +``` + + DisplayMenuBar + | + +``` +#### policies.json +``` +{ + "policies": { + "DisplayMenuBar": true | false + } +} +``` ### DNSOverHTTPS Configure DNS over HTTPS. @@ -1993,7 +2091,7 @@ Configure DNS over HTTPS. **Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.trr.mode`,`network.trr.uri` +**Preferences Affected:** `network.trr.mode`, `network.trr.uri` #### Windows (GPO) ``` @@ -2103,23 +2201,23 @@ Value (string): } } ``` -### DefaultDownloadDirectory -Set the default download directory. +### DownloadDirectory +Set and lock the download directory. You can use ${home} for the native home directory. **Compatibility:** Firefox 68, Firefox ESR 68\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.download.dir`,`browser.download.folderList` +**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads" +Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads" ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory ``` Value (string): ``` @@ -2129,7 +2227,7 @@ Value (string): #### macOS ``` - DefaultDownloadDirectory + DownloadDirectory ${home}/Downloads ``` @@ -2137,66 +2235,22 @@ Value (string): ``` { "policies": { - "DefaultDownloadDirectory": "${home}/Downloads" + "DownloadDirectory": "${home}/Downloads" } ``` #### policies.json (Windows) ``` { "policies": { - "DefaultDownloadDirectory": "${home}\\Downloads" + "DownloadDirectory": "${home}\\Downloads" } ``` -### DownloadDirectory -Set and lock the download directory. +### EnableTrackingProtection +Configure tracking protection. -You can use ${home} for the native home directory. +If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it. -**Compatibility:** Firefox 68, Firefox ESR 68\ -**CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.download.dir`,`browser.download.folderList`,`browser.download.useDownloadDir` - -#### Windows (GPO) -``` -Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads" -``` -#### Windows (Intune) -OMA-URI: -``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory -``` -Value (string): -``` - - -``` -#### macOS -``` - - DownloadDirectory - ${home}/Downloads - -``` -#### policies.json (macOS and Linux) -``` -{ - "policies": { - "DownloadDirectory": "${home}/Downloads" -} -``` -#### policies.json (Windows) -``` -{ - "policies": { - "DownloadDirectory": "${home}\\Downloads" -} -``` -### EnableTrackingProtection -Configure tracking protection. - -If this policy is not configured, tracking protection is not enabled by default in the browser, but it is enabled by default in private browsing and the user can change it. - -If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing. +If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing. If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it. @@ -2208,7 +2262,7 @@ If `Fingerprinting` is set to true, fingerprinting scripts on websites are block **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled` +**Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled` #### Windows (GPO) ``` @@ -2603,7 +2657,83 @@ Value (string): } } ``` -### FlashPlugin +### FirefoxHome +Customize the Firefox Home page. + +**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4) +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome +``` +Value (string): +``` + + + + + + + + + +``` +#### macOS +``` + + FirefoxHome + + Search + | + TopSites + | + SponsoredTopSites + | + Highlights + | + Pocket + | + SponsoredPocket + | + Snippets + | + Locked + | + + +``` +#### policies.json +``` +{ + "policies": { + "FirefoxHome": { + "Search": true | false, + "TopSites": true | false, + "SponsoredTopSites": true | false, + "Highlights": true | false, + "Pocket": true | false, + "SponsoredPocket": true | false, + "Snippets": true | false, + "Locked": true | false + } + } +} +``` +### FlashPlugin (Deprecated) Configure the default Flash plugin policy as well as origins for which Flash is allowed. `Allow` is a list of origins where Flash are allowed. @@ -2684,9 +2814,6 @@ Value (string): } } ``` - - - ### Handlers Configure default application handlers. This policy is based on the internal format of `handlers.json`. @@ -2869,72 +2996,6 @@ Value (string): } } ``` -### FirefoxHome -Customize the Firefox Home page. - -**Compatibility:** Firefox 68, Firefox ESR 68\ -**CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`,`browser.newtabpage.activity-stream.feeds.topsites`,`browser.newtabpage.activity-stream.feeds.section.highlights`,`browser.newtabpage.activity-stream.feeds.section.topstories`,`browser.newtabpage.activity-stream.feeds.snippets` - -#### Windows (GPO) -``` -Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0 -``` -#### Windows (Intune) -OMA-URI: -``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome -``` -Value (string): -``` - - - - - - - -``` -#### macOS -``` - - FirefoxHome - - Search - | - TopSites - | - Highlights - | - Pocket - | - Snippets - | - Locked - | - - -``` -#### policies.json -``` -{ - "policies": { - "FirefoxHome": { - "Search": true | false, - "TopSites": true | false, - "Highlights": true | false, - "Pocket": true | false, - "Snippets": true | false, - "Locked": true | false - } - } -} -``` ### HardwareAcceleration Control hardware acceleration. @@ -2985,7 +3046,7 @@ With Firefox 78, an additional option as added for `Startpage`, `homepage-locked **Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\ **CCK2 Equivalent:** `homePage`,`lockHomePage`\ -**Preferences Affected:** `browser.startup.homepage`,`browser.startup.page` +**Preferences Affected:** `browser.startup.homepage`, `browser.startup.page` #### Windows (GPO) ``` @@ -3148,6 +3209,85 @@ Value (string): ``` or ``` +### LegacySameSiteCookieBehaviorEnabled +Enable default legacy SameSite cookie behavior setting. + +If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```. + +**Compatibility:** Firefox 96\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.cookie.sameSite.laxByDefault` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled +``` +Value (string): +``` + or +``` +#### macOS +``` + + LegacySameSiteCookieBehaviorEnabled + | + +``` +#### policies.json +``` +{ + "policies": { + "LegacySameSiteCookieBehaviorEnabled": true | false +} +``` +### LegacySameSiteCookieBehaviorEnabledForDomainList +Revert to legacy SameSite behavior for cookies on specified sites. + +If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```. + +**Compatibility:** Firefox 96\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org" +Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu" +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList +``` +Value (string): +``` + + +``` +#### macOS +``` + + LegacySameSiteCookieBehaviorEnabledForDomainList + + example.org + example.edu + + +``` +#### policies.json +``` +{ + "policies": { + "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org", + "example.edu"] + } +} +``` ### LocalFileLinks Enable linking to local files by origin. @@ -3371,51 +3511,12 @@ This policy is primarily intended for advanced end users, not for enterprises. } } ``` -### PrimaryPassword -Require or prevent using a primary (formerly master) password. - -If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality. - -If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent. - -**Compatibility:** Firefox 79, Firefox ESR 78.1\ -**CCK2 Equivalent:** `noMasterPassword`\ -**Preferences Affected:** N/A - -#### Windows (GPO) -``` -Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0 -``` -#### Windows (Intune) -OMA-URI: -``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword -``` -Value (string): -``` - or -``` -#### macOS -``` - - PrimaryPassword - | - -``` -#### policies.json -``` -{ - "policies": { - "PrimaryPassword": true | false - } -} -``` ### NetworkPrediction Enable or disable network prediction (DNS prefetching). **Compatibility:** Firefox 67, Firefox ESR 60.7\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS` +**Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS` #### Windows (GPO) ``` @@ -3705,7 +3806,7 @@ Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue t **Compatibility:** Firefox 77, Firefox ESR 68.9\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `pdfjs.diabled`,`pdfjs.enablePermissions` +**Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions` #### Windows (GPO) ``` @@ -3760,7 +3861,7 @@ Set permissions associated with camera, microphone, location, notifications, aut **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`.`permissions.default.xr` +**Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr` #### Windows (GPO) ``` @@ -4167,6 +4268,7 @@ general.smoothScroll (Firefox 83, Firefox ESR 78.5) geo. gfx. intl. +keyword.enabled (Firefox 95, Firefox ESR 91.4) layers. layout. media. @@ -4176,6 +4278,7 @@ places. print. signon. (Firefox 83, Firefox ESR 78.5) spellchecker. (Firefox 84, Firefox ESR 78.6) +toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4) ui. widget. ``` @@ -4203,7 +4306,7 @@ as well as the following security preferences: | security.tls.version.enable-deprecated | boolean | false |     If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8). | security.warn_submit_secure_to_insecure | boolean | true -|     If false, no warning is shown when submitting s form from https to http. +|     If false, no warning is shown when submitting a form from https to http.   Using the preference as the key, set the `Value` to the corresponding preference value. @@ -4214,7 +4317,7 @@ Default preferences can be modified by the user. If a value is locked, it is also set as the default. -User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. +User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```. User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy. @@ -4476,6 +4579,45 @@ Value (string): } } ``` +### PrimaryPassword +Require or prevent using a primary (formerly master) password. + +If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality. + +If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent. + +**Compatibility:** Firefox 79, Firefox ESR 78.1\ +**CCK2 Equivalent:** `noMasterPassword`\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword +``` +Value (string): +``` + or +``` +#### macOS +``` + + PrimaryPassword + | + +``` +#### policies.json +``` +{ + "policies": { + "PrimaryPassword": true | false + } +} +``` ### PromptForDownloadLocation Ask where to save each file before downloading. @@ -4541,7 +4683,7 @@ To specify ports, append them to the hostnames with a colon (:). **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** `networkProxy*`\ -**Preferences Affected:** `network.proxy.type`,`network.proxy.autoconfig_url`,`network.proxy.socks_remote_dns`,`signon.autologin.proxy`,`network.proxy.socks_version`,`network.proxy.no_proxies_on`,`network.proxy.share_proxy_settings`,`network.proxy.http`,`network.proxy.http_port`,`network.proxy.ftp`,`network.proxy.ftp_port`,`network.proxy.ssl`,`network.proxy.ssl_port`,`network.proxy.socks`,`network.proxy.socks_port` +**Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port` #### Windows (GPO) ``` @@ -4702,7 +4844,7 @@ Previously, these values were always locked. Starting with Firefox 74 and Firefo **Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps` +**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps` #### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0 @@ -4837,7 +4979,7 @@ Clear all data on shutdown, including Browsing & Download History, Cookies, Acti **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps` +**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps` #### Windows (GPO) ``` Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0 @@ -4907,35 +5049,86 @@ Value (string): ### SearchEngines (This policy is only available on the ESR.) -### SearchEngines | Default +### SearchEngines | Add -Set the default search engine. This policy is only available on the ESR. +Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required. -**Compatibility:** Firefox ESR 60\ -**CCK2 Equivalent:** `defaultSearchEngine`\ +`Name` is the name of the search engine. + +`URLTemplate` is the search URL with {searchTerms} to substitute for the search term. + +`Method` is either GET or POST + +`IconURL` is a URL for the icon to use. + +`Alias` is a keyword to use for the engine. + +`Description` is a description of the search engine. + +`PostData` is the POST data as name value pairs separated by &. + +`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term. + +`Encoding` is the query charset for the engine. It defaults to UTF-8. + +**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\ +**CCK2 Equivalent:** `searchplugins`\ **Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}" +Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}" ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1 ``` Value (string): ``` - + + + + + + + + ``` #### macOS ``` SearchEngines - Default - NAME_OF_SEARCH_ENGINE + Add + + + Name + Example1 + URLTemplate + https://www.example.org/q={searchTerms} + Method + GET | POST + IconURL + https://www.example.org/favicon.ico + Alias + example + Description + Example Description + SuggestURLTemplate + https://www.example.org/suggestions/q={searchTerms} + PostData + name=value&q={searchTerms} + + ``` @@ -4944,39 +5137,51 @@ Value (string): { "policies": { "SearchEngines": { - "Default": "NAME_OF_SEARCH_ENGINE" + "Add": [ + { + "Name": "Example1", + "URLTemplate": "https://www.example.org/q={searchTerms}", + "Method": "GET" | "POST", + "IconURL": "https://www.example.org/favicon.ico", + "Alias": "example", + "Description": "Description", + "PostData": "name=value&q={searchTerms}", + "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}" + } + ] } } } ``` -### SearchEngines | PreventInstalls +### SearchEngines | Default -Prevent installing search engines from webpages. +Set the default search engine. This policy is only available on the ESR. **Compatibility:** Firefox ESR 60\ -**CCK2 Equivalent:** `disableSearchEngineInstall`\ +**CCK2 Equivalent:** `defaultSearchEngine`\ **Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default ``` Value (string): ``` - or + + ``` #### macOS ``` SearchEngines - PreventInstalls - | + Default + NAME_OF_SEARCH_ENGINE ``` @@ -4985,42 +5190,39 @@ Value (string): { "policies": { "SearchEngines": { - "PreventInstalls": true | false + "Default": "NAME_OF_SEARCH_ENGINE" } } } ``` -### SearchEngines | Remove +### SearchEngines | PreventInstalls -Hide built-in search engines. This policy is only available on the ESR. +Prevent installing search engines from webpages. -**Compatibility:** Firefox ESR 60.2\ -**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\ +**Compatibility:** Firefox ESR 60\ +**CCK2 Equivalent:** `disableSearchEngineInstall`\ **Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE +Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls ``` Value (string): ``` - - + or ``` #### macOS ``` SearchEngines - Remove - - NAME_OF_SEARCH_ENGINE - + PreventInstalls + | ``` @@ -5029,91 +5231,42 @@ Value (string): { "policies": { "SearchEngines": { - "Remove": ["NAME_OF_SEARCH_ENGINE"] + "PreventInstalls": true | false } } } ``` -### SearchEngines | Add - -Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required. - -`Name` is the name of the search engine. - -`URLTemplate` is the search URL with {searchTerms} to substitute for the search term. - -`Method` is either GET or POST - -`IconURL` is a URL for the icon to use. - -`Alias` is a keyword to use for the engine. - -`Description` is a description of the search engine. - -`PostData` is the POST data as name value pairs separated by &. - -`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term. +### SearchEngines | Remove -`Encoding` is the query charset for the engine. It defaults to UTF-8. +Hide built-in search engines. This policy is only available on the ESR. -**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\ -**CCK2 Equivalent:** `searchplugins`\ +**Compatibility:** Firefox ESR 60.2\ +**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\ **Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1" -Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}" -Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST" -Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico" -Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example" -Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description" -Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}" -Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}" +Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE ``` #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove ``` Value (string): ``` - - - - - - - - + ``` #### macOS ``` SearchEngines - Add - - - Name - Example1 - URLTemplate - https://www.example.org/q={searchTerms} - Method - GET | POST - IconURL - https://www.example.org/favicon.ico - Alias - example - Description - Example Description - SuggestURLTemplate - https://www.example.org/suggestions/q={searchTerms} - PostData - name=value&q={searchTerms} - + Remove + NAME_OF_SEARCH_ENGINE + ``` @@ -5122,18 +5275,7 @@ Value (string): { "policies": { "SearchEngines": { - "Add": [ - { - "Name": "Example1", - "URLTemplate": "https://www.example.org/q={searchTerms}", - "Method": "GET" | "POST", - "IconURL": "https://www.example.org/favicon.ico", - "Alias": "example", - "Description": "Description", - "PostData": "name=value&q={searchTerms}", - "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}" - } - ] + "Remove": ["NAME_OF_SEARCH_ENGINE"] } } } @@ -5144,7 +5286,7 @@ Enable search suggestions. **Compatibility:** Firefox 68, Firefox ESR 68\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.urlbar.suggest.searches`,`browser.search.suggest.enabled` +**Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled` #### Windows (GPO) ``` @@ -5389,7 +5531,7 @@ Prevent Firefox from messaging the user in certain situations. `ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages. -`FeatureRecommendations` IF false, don't recommend browser features. +`FeatureRecommendations` If false, don't recommend browser features. `UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar. @@ -5397,7 +5539,7 @@ Prevent Firefox from messaging the user in certain situations. **Compatibility:** Firefox 75, Firefox ESR 68.7\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`,`browser.aboutwelcome.enabled` +**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled` #### Windows (GPO) ``` @@ -5524,7 +5666,7 @@ If this policy is set to true, Firefox will use credentials stored in Windows to **Compatibility:** Firefox 91\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** network.http.windows-sso.enabled +**Preferences Affected:** `network.http.windows-sso.enabled` #### Windows (GPO) ```