X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/6a92a7271f4a657bfe2c28653d5704ab72b719c3..b73dd6b8957504a3666ad0b86dc187334516468b:/README.md diff --git a/README.md b/README.md index f51ef9a..98565f0 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ **These policies are in active development and so might contain changes that do not work with current versions of Firefox.** -**You should use the officially released versions (https://github.com/mozilla/policy-templates/releases) if you are deploying changes.** +**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.** -Policies can be specified using the Group Policy templates on Windows (https://github.com/mozilla/policy-templates/tree/master/windows), configuration profiles on macOS (https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution. +Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution. | Policy Name | Description | --- | --- | @@ -32,9 +32,9 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield). | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button. | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar. +| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins. | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI. | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing. -| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins. | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window. | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. @@ -49,6 +49,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory. | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory. | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection. +| **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it. | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS. | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions. | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions. @@ -68,6 +69,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page. | **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page. | **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager. +| **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer. | **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications. | **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed. | **[`Preferences`](#preferences)** | Set and lock some preferences. @@ -82,8 +84,8 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages. | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines. | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines. -| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules. | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions. +| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules. | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS. | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. @@ -108,6 +110,15 @@ If you have disabled updates via DisableAppUpdate, this policy has no effect. ``` Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate +``` +Value (string): +``` + or +``` #### macOS ``` @@ -135,6 +146,16 @@ Change the URL for application update. ``` Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL +``` +Value (string): +``` + + +``` #### macOS ``` @@ -156,9 +177,11 @@ Configure sites that support integrated authentication. See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information. -**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3)\ +`PrivateBrowsing` enables integrated authentication in prviate browsing. + +**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies` +**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso` #### Windows (GPO) ``` @@ -173,6 +196,61 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN +``` +Value (string): +``` + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing +``` +Value (string): +``` + or ``` #### macOS ``` @@ -210,6 +288,8 @@ Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0 Locked | + PrivateBrowsing + | ``` @@ -229,7 +309,8 @@ Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0 "SPNEGO": true | false, "NTLM": true | false }, - "Locked": true | false + "Locked": true | false, + "PrivateBrowsing": true | false } } } @@ -246,6 +327,15 @@ Block access to the Add-ons Manager (about:addons). ``` Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons +``` +Value (string): +``` + or +``` #### macOS ``` @@ -273,6 +363,15 @@ Block access to about:config. ``` Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig +``` +Value (string): +``` + or +``` #### macOS ``` @@ -300,6 +399,15 @@ Block access to About Profiles (about:profiles). ``` Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles +``` +Value (string): +``` + or +``` #### macOS ``` @@ -327,6 +435,15 @@ Block access to Troubleshooting Information (about:support). ``` Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport +``` +Value (string): +``` + or +``` #### macOS ``` @@ -358,6 +475,20 @@ Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/fav Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu" Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01 +``` +Value (string): +``` + + + + + + +``` #### macOS ``` @@ -405,6 +536,15 @@ Enable or disable the detection of captive portals. ``` Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal +``` +Value (string): +``` + or +``` #### macOS ``` @@ -436,6 +576,15 @@ See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for m ``` Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots +``` +Value (string): +``` + or +``` #### macOS ``` @@ -488,6 +637,16 @@ Binary (DER) and ASCII (PEM) certificates are both supported. Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der" Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install +``` +Value (string): +``` + + +``` #### macOS ``` @@ -537,11 +696,71 @@ Configure cookie preferences. Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com" Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org" Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" |"from-visited" +Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited" Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked +``` +Value (string): +``` + or +``` #### macOS ``` @@ -595,7 +814,15 @@ Remove the "Set As Desktop Background..." menuitem when right clicking on an ima ``` Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground +``` +Value (string): +``` + or +``` #### macOS ``` @@ -622,7 +849,15 @@ Remove the master password functionality. ``` Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation +``` +Value (string): +``` + or +``` #### macOS ``` @@ -649,6 +884,15 @@ Turn off application updates. ``` Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate +``` +Value (string): +``` + or +``` #### macOS ``` @@ -675,7 +919,15 @@ Disable the built in PDF viewer. PDF files are downloaded and sent externally. ``` Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer +``` +Value (string): +``` + or +``` #### macOS ``` @@ -710,6 +962,23 @@ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_128_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_256_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_3DES_EDE_CBC_SHA +``` +Value (string): +``` + or +``` #### macOS ``` @@ -765,7 +1034,15 @@ Prevent the default browser agent from taking any actions. Only applicable to Wi ``` Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent +``` +Value (string): +``` + or +``` #### policies.json ``` { @@ -785,7 +1062,15 @@ Remove access to all developer tools. ``` Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0` ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools +``` +Value (string): +``` + or +``` #### macOS ``` @@ -812,6 +1097,15 @@ Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site). ``` Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands +``` +Value (string): +``` + or +``` #### macOS ``` @@ -838,6 +1132,15 @@ Remove access to Firefox Screenshots. ``` Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots +``` +Value (string): +``` + or +``` #### macOS ``` @@ -864,6 +1167,15 @@ Disable Firefox Accounts integration (Sync). ``` Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts +``` +Value (string): +``` + or +``` #### macOS ``` @@ -890,6 +1202,15 @@ Disable Firefox studies (Shield). ``` Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies +``` +Value (string): +``` + or +``` #### macOS ``` @@ -916,6 +1237,15 @@ Disable the "Forget" button. ``` Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton +``` +Value (string): +``` + or +``` #### macOS ``` @@ -942,6 +1272,15 @@ Turn off saving information on web forms and the search bar. ``` Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory +``` +Value (string): +``` + or +``` #### macOS ``` @@ -968,7 +1307,15 @@ Do not allow passwords to be shown in saved logins ``` Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal +``` +Value (string): +``` + or +``` #### macOS ``` @@ -995,6 +1342,15 @@ Remove Pocket in the Firefox UI. It does not remove it from the new tab page. ``` Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1021,6 +1377,15 @@ Remove access to private browsing. ``` Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1047,6 +1412,15 @@ Disables the "Import data from another browser" option in the bookmarks window. ``` Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1073,6 +1447,15 @@ Disable the Refresh Firefox button on about:support and support.mozilla.org, as ``` Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1101,6 +1484,15 @@ On Windows, this disables safe mode via the command line as well. ``` Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1132,6 +1524,24 @@ Prevent the user from bypassing security in certain cases. Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing +``` +Value (string): +``` + or +``` + #### macOS ``` @@ -1149,8 +1559,8 @@ Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0 { "policies": { "DisableSecurityBypass": { - "InvalidCertificate": true false, - "SafeBrowsing": true false + "InvalidCertificate": true | false, + "SafeBrowsing": true | false } } } @@ -1163,7 +1573,17 @@ Prevent system add-ons from being installed or update. **Preferences Affected:** N/A #### Windows (GPO) -```Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0 +``` +Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate +``` +Value (string): +``` + or ``` #### macOS ``` @@ -1193,6 +1613,15 @@ Mozilla recommends that you do not disable telemetry. Information collected thro ``` Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1219,6 +1648,15 @@ Set the initial state of the bookmarks toolbar. A user can still hide it and it ``` Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1279,6 +1717,16 @@ Set the state of the menubar. ``` Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1316,6 +1764,41 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_P Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1358,6 +1841,15 @@ Don't check if Firefox is the default browser at startup. ``` Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1386,6 +1878,16 @@ You can use ${home} for the native home directory. ``` Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1420,6 +1922,16 @@ You can use ${home} for the native home directory. ``` Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1468,6 +1980,19 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TrackingProtection +``` +Value (string): +``` + + + + + +``` #### macOS ``` @@ -1493,26 +2018,74 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https { "policies": { "EnableTrackingProtection": { - "Value": [true, false], - "Locked": [true, false], - "Cryptomining": [true, false], - "Fingerprinting": [true, false], + "Value": true | false, + "Locked": true | false, + "Cryptomining": true | false, + "Fingerprinting": true | false, "Exceptions": ["https://example.com"] } } ``` -### EnterprisePoliciesEnabled -Enable policy support on macOS. +### EncryptedMediaExtensions +Enable or disable Encrypted Media Extensions and optionally lock it. -**Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\ +If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them. + +If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them. + +**Compatibility:** Firefox 77, Firefox ESR 68.9\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** N/A +**Preferences Affected:** `media.eme.enabled` +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked +``` +Value (string): +``` +or +``` #### macOS ``` - EnterprisePoliciesEnabled - + EncryptedMediaExtensions + + Enabled + | + + | + + +``` +#### policies.json +``` +{ + "policies": { + "EncryptedMediaExtensions": { + "Enabled": true | false, + "Locked": true | false + } +} +``` +### EnterprisePoliciesEnabled +Enable policy support on macOS. + +**Compatibility:** Firefox 63, Firefox ESR 60.3 (macOS only)\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### macOS +``` + + EnterprisePoliciesEnabled + ``` ### Extensions @@ -1609,6 +2182,26 @@ Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = } } ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1669,6 +2262,15 @@ Control extension updates. ``` Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExtensionUpdate +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1706,6 +2308,32 @@ Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu" Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1755,6 +2383,21 @@ Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome +``` +Value (string): +``` + + + + + + + +``` #### macOS ``` @@ -1801,6 +2444,15 @@ Control hardware acceleration. ``` Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1839,6 +2491,38 @@ Software\Policies\Mozilla\Firefox\Homepage\Additional\1 = "https://example.org" Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu" Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" | "previous-session" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL +``` +Value (string): +``` + + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional +``` +Value (string): +``` + + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage +``` +Value (string): +``` + + + +``` #### macOS ``` @@ -1889,6 +2573,24 @@ Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://exa Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu" Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default +``` +Value (string): +``` + +``` #### macOS ``` @@ -1933,6 +2635,15 @@ This policy only work on Windows via GPO (not policies.json). ``` Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles +``` +Value (string): +``` + or +``` ### LocalFileLinks Enable linking to local files by origin. @@ -1945,6 +2656,16 @@ Enable linking to local files by origin. Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org" Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1964,23 +2685,30 @@ Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu" } } ``` -### NoDefaultBookmarks -Disable the creation of default bookmarks. - -This policy is only effective if the user profile has not been created yet. +### NetworkPrediction +Enable or disable network prediction (DNS prefetching). -**Compatibility:** Firefox 60, Firefox ESR 60\ -**CCK2 Equivalent:** `removeDefaultBookmarks`\ -**Preferences Affected:** N/A +**Compatibility:** Firefox 67, Firefox ESR 60.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction +``` +Value (string): +``` + or ``` #### macOS ``` - NoDefaultBookmarks + NetworkPrediction | ``` @@ -1988,25 +2716,33 @@ Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 ``` { "policies": { - "NoDefaultBookmarks": true | false - } + "NetworkPrediction": true | false } ``` -### NetworkPrediction -Enable or disable network prediction (DNS prefetching). +### NewTabPage +Enable or disable the New Tab page. -**Compatibility:** Firefox 67, Firefox ESR 60.7\ +**Compatibility:** Firefox 68, Firefox ESR 68\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS` +**Preferences Affected:** `browser.newtabpage.enabled` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage +``` +Value (string): +``` + or ``` #### macOS ``` - NetworkPrediction + NewTabPage | ``` @@ -2014,24 +2750,35 @@ Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 ``` { "policies": { - "NetworkPrediction": true | false + "NewTabPage": true | false } ``` -### NewTabPage -Enable or disable the New Tab page. +### NoDefaultBookmarks +Disable the creation of default bookmarks. -**Compatibility:** Firefox 68, Firefox ESR 68\ -**CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.newtabpage.enabled` +This policy is only effective if the user profile has not been created yet. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `removeDefaultBookmarks`\ +**Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks +``` +Value (string): +``` + or ``` #### macOS ``` - NewTabPage + NoDefaultBookmarks | ``` @@ -2039,7 +2786,8 @@ Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0 ``` { "policies": { - "NewTabPage": true | false + "NoDefaultBookmarks": true | false + } } ``` ### OfferToSaveLogins @@ -2053,6 +2801,15 @@ Control whether or not Firefox offers to save passwords. ``` Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2079,6 +2836,15 @@ Sets the default value of signon.rememberSignons without locking it. ``` Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2105,6 +2871,16 @@ Override the first run page. If the value is blank, no first run page is display ``` Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2130,6 +2906,16 @@ Override the upgrade page. If the value is blank, no upgrade page is displayed. ``` Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2155,6 +2941,15 @@ Remove access to the password manager via preferences and blocks about:logins on ``` Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2170,6 +2965,56 @@ Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0 } } ``` +### PDFjs +Disable or configure PDF.js, the built-in PDF viewer. + +If `Enabled` is set to false, the built-in PDF viewer is disabled. + +If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text. + +Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions. + +**Compatibility:** Firefox 77, Firefox ESR 68.9\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `pdfjs.diabled`,`pdfjs.enablePermissions` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions +``` +Value (string): +``` +or +``` +#### macOS +``` + + PDFjs + + Enabled + | + + | + + +``` +#### policies.json +``` +{ + "policies": { + "PSFjs": { + "Enabled": true | false, + "EnablePermissions": true | false + } +} +``` ### Permissions Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below. @@ -2211,6 +3056,83 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video" Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2354,6 +3276,32 @@ Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu" Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2459,7 +3407,7 @@ Set and lock certain preferences. |     If false, the geolocation API is disabled. | Language dependent | intl.accept_languages | string | Firefox 70, Firefox ESR 68.2 |     If set, preferred language for web pages. -| media.eme.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true +| media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true |     If false, Encrypted Media Extensions are not enabled. | media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, the OpenH264 plugin is not downloaded. @@ -2497,6 +3445,15 @@ disabled Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value" ``` +#### Windows (Intune) +OMA-URI: (periods are replaced by underscores) +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2531,6 +3488,15 @@ Ask where to save each file before downloading. ``` Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2593,6 +3559,27 @@ Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy +``` +Value (string): +``` + + + + + + + + + + + + + +``` #### macOS ``` @@ -2631,17 +3618,17 @@ Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0 "policies": { "Proxy": { "Mode": "none", "system", "manual", "autoDetect", "autoConfig", - "Locked": [true, false], + "Locked": true | false, "HTTPProxy": "hostname", - "UseHTTPProxyForAllProtocols": [true, false], + "UseHTTPProxyForAllProtocols": true | false, "SSLProxy": "hostname", "FTPProxy": "hostname", "SOCKSProxy": "hostname", "SOCKSVersion": 4 | 5 "Passthrough": "", "AutoConfigURL": "URL_TO_AUTOCONFIG", - "AutoLogin": [true, false], - "UseProxyForDNS": [true, false] + "AutoLogin": true | false, + "UseProxyForDNS": true | false } } } @@ -2663,6 +3650,16 @@ or Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2719,6 +3716,15 @@ Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2773,6 +3779,15 @@ Clear all data on shutdown, including Browsing & Download History, Cookies, Acti ``` Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2799,6 +3814,16 @@ Set whether or not search bar is displayed. ``` Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" ``` + +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar +``` +Value (string): +``` + + #### macOS ``` @@ -2806,7 +3831,6 @@ Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" unified | separate ``` - #### policies.json ``` { @@ -2831,6 +3855,16 @@ Set the default search engine. This policy is only available on the ESR. ``` Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2863,6 +3897,15 @@ Prevent installing search engines from webpages. ``` Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2895,6 +3938,16 @@ Hide built-in search engines. This policy is only available on the ESR. ``` Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2952,7 +4005,23 @@ Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Des Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}" Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}" ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1 +``` +Value (string): +``` + + + + + + + + + +``` #### macOS ``` @@ -3015,6 +4084,15 @@ Enable search suggestions. ``` Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchSuggestEnabled +``` +Value (string): +``` + or +``` #### macOS ``` @@ -3042,6 +4120,16 @@ Install PKCS #11 modules. ``` Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices +``` +Value (string): +``` + + +``` #### macOS ``` @@ -3075,6 +4163,16 @@ Set and lock the maximum version of TLS. ``` Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax +``` +Value (string): +``` + + +``` #### macOS ``` @@ -3103,6 +4201,16 @@ Set and lock the minimum version of TLS. ``` Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin +``` +Value (string): +``` + + +``` #### macOS ``` @@ -3132,6 +4240,18 @@ Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu" Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support" Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu +``` +Value (string): +``` + + + + +``` #### macOS ``` @@ -3181,6 +4301,18 @@ Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_WhatsNew +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_ExtensionRecommendations +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_FeatureRecommendations +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_UrlbarInterventions +``` +Value (string): +``` + or +``` #### macOS ``` @@ -3222,6 +4354,25 @@ Block websites from being visited. The parameters take an array of Match Pattern Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "" Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions +``` +Value (string): +``` + + +``` #### macOS ```