X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/40df6bf1f001f38a3590ae9b62c5cf220ba602a6..cf5b67845fb2685494b7b68aedd1d43e4a31bc68:/docs/index.md diff --git a/docs/index.md b/docs/index.md index 4bc7410..1e8faf0 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,7 +1,6 @@ Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`. Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example: - ``` { "policies": { @@ -12,6 +11,7 @@ Unfortunately, JSON files do not support comments, but you can add extra entries } } ``` +Note: The `policies.json` must use the UTF-8 encoding. | Policy Name | Description | --- | --- | @@ -80,6 +80,8 @@ Unfortunately, JSON files do not support comments, but you can add extra entries | **[`Handlers`](#handlers)** | Configure default application handlers. | **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration. | **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts. +| **[`HttpAllowlist`](#httpallowlist)** | Configure origins that will not be upgraded to HTTPS. +| **[`HttpsOnlyMode`](#httpsonlymode)** | Configure HTTPS-Only Mode. | **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed. | **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation. | **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting. @@ -666,6 +668,18 @@ Value (string): } ]'/> ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/AutoLaunchProtocolsFromOriginsOneLine +``` +Value (string): +``` + + +``` #### macOS ``` @@ -932,6 +946,18 @@ Value (string): ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/BookmarksOneLine +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1165,6 +1191,18 @@ Value (string): } '/> ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ContainersOneLine +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2750,6 +2788,18 @@ Value (string): ] '/> ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExemptDomainFileTypePairsFromFileTypeDownloadWarningsOneLine +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2937,6 +2987,18 @@ Value (string): } }'/> ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettingsOneLine +``` +Value (string): +``` + + +``` #### macOS ``` @@ -3320,6 +3382,18 @@ Value (string): } '/> ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/HandlersOneLine +``` +Value (string): +``` + + +``` #### macOS ``` @@ -3536,6 +3610,92 @@ Value (string): } } ``` +### HttpAllowlist +Configure sites that will not be upgraded to HTTPS. + +The sites are specified as a list of origins. + +**Compatibility:** Firefox 127\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\HttpAllowlist\1 = "http://example.org" +Software\Policies\Mozilla\Firefox\HttpAllowlist\2 = "http://example.edu" +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HttpAllowlist +``` +Value (string): +``` + + +``` +#### macOS +``` + + HttpAllowlist + + http://example.org + http://example.edu + + +``` +#### policies.json +``` +{ + "policies": { + "HttpAllowlist ": ["http://example.org", + "http://example.edu"] + } +} +``` +### HttpsOnlyMode +Configure HTTPS-Only Mode. + +| Value | Description +| --- | --- | +| allowed | HTTPS-Only Mode is off by default, but the user can turn it on. +| disallowed | HTTPS-Only Mode is off and the user can't turn it on. +| enabled | HTTPS-Only Mode is on by default, but the user can turn it off. +| force_enabled | HTTPS-Only Mode is on and the user can't turn it off. + +**Compatibility:** Firefox 127\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `dom.security.https_only_mode` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\HttpsOnlyMode = "allowed", "disallowed", "enabled", "force_enabled" +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HttpsOnlyMode +``` +Value (string): +``` + + +``` +#### macOS +``` + + HttpsOnlyMode + allowed | disallowed | enabled | force_enabled + +``` +#### policies.json +``` +{ + "policies": { + "HttpsOnlyMode": "allowed" | "disallowed" | "enabled" | "force_enabled" + } +} +``` ### InstallAddonsPermission Configure the default extension install policy as well as origins for extension installs are allowed. This policy does not override turning off all extension installs. @@ -3838,6 +3998,18 @@ Value (string): } ]'/> ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ManagedBoomarksOneLine +``` +Value (string): +``` + + +``` #### macOS ``` @@ -4273,7 +4445,6 @@ Value (string): } } ``` - ### PDFjs Disable or configure PDF.js, the built-in PDF viewer. @@ -4915,6 +5086,18 @@ Value (string): } }'/> ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/PreferencesOneLine +``` +Value (string): +``` + + +``` #### macOS ``` @@ -6327,6 +6510,18 @@ Value (string): ``` +If you are using custom ADMX and ADML administrative templates in Intune, you can use this OMA-URI instead +to workaround the limit on the length of strings. Put all of your JSON on one line. + +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/WebsiteFilterOneLine +``` +Value (string): +``` + + +``` #### macOS ```