X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/70e84384e23250d321dbdb368559da114a6ef2b5..55d1d84bbc71aa851f2727fdeabbec32d7084f8e:/README.md
diff --git a/README.md b/README.md
index c95e8f8..9cd4d11 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
**These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
-**You should use the officially released versions (https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
+**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
-Policies can be specified using the Group Policy templates on Windows (https://github.com/mozilla/policy-templates/tree/master/windows), configuration profiles on macOS (https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution.
+Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
| Policy Name | Description
| --- | --- |
@@ -32,9 +32,9 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
| **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
| **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
+| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
| **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI.
| **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing.
-| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins.
| **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window.
| **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org
| **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser.
@@ -49,6 +49,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
| **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
| **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
+| **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
| **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS.
| **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
| **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
@@ -68,7 +69,9 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`OverrideFirstRunPage`](#overridefirstrunpage)** | Override the first run page.
| **[`OverridePostUpdatePage`](#overridepostupdatepage)** | Override the upgrade page.
| **[`PasswordManagerEnabled`](#passwordmanagerenabled)** | Remove (some) access to the password manager.
+| **[`PDFjs`](#pdfjs)** | Disable or configure PDF.js, the built-in PDF viewer.
| **[`Permissions`](#permissions)** | Set permissions associated with camera, microphone, location, and notifications.
+| **[`PictureInPicture`](#pictureinpicture)** | Enable or disable Picture-in-Picture.
| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
| **[`Preferences`](#preferences)** | Set and lock some preferences.
| **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
@@ -82,8 +85,8 @@ Policies can be specified using the Group Policy templates on Windows (https://g
| **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
| **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
-| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
| **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
+| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
| **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
| **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
| **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
@@ -175,9 +178,11 @@ Configure sites that support integrated authentication.
See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
-**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3)\
+`PrivateBrowsing` enables integrated authentication in prviate browsing.
+
+**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`
+**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso`
#### Windows (GPO)
```
@@ -192,6 +197,7 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
@@ -201,7 +207,6 @@ OMA-URI:
Value (string):
```
-
```
OMA-URI:
@@ -211,7 +216,6 @@ OMA-URI:
Value (string):
```
-
```
OMA-URI:
@@ -221,7 +225,6 @@ OMA-URI:
Value (string):
```
-
```
OMA-URI:
@@ -231,19 +234,24 @@ OMA-URI:
Value (string):
```
-
```
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked
```
Value (string):
```
-
-
-
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing
+```
+Value (string):
+```
+ or
```
#### macOS
```
@@ -281,6 +289,8 @@ Value (string):
Locked
|
+ PrivateBrowsing
+ |
```
@@ -300,7 +310,8 @@ Value (string):
"SPNEGO": true | false,
"NTLM": true | false
},
- "Locked": true | false
+ "Locked": true | false,
+ "PrivateBrowsing": true | false
}
}
}
@@ -952,6 +963,23 @@ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA =
Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_CBC_SHA
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -1532,8 +1560,8 @@ Value (string):
{
"policies": {
"DisableSecurityBypass": {
- "InvalidCertificate": true false,
- "SafeBrowsing": true false
+ "InvalidCertificate": true | false,
+ "SafeBrowsing": true | false
}
}
}
@@ -1737,6 +1765,41 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_P
Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -1779,6 +1842,15 @@ Don't check if Firefox is the default browser at startup.
```
Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -1807,6 +1879,16 @@ You can use ${home} for the native home directory.
```
Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -1841,6 +1923,16 @@ You can use ${home} for the native home directory.
```
Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -1927,14 +2019,62 @@ Value (string):
{
"policies": {
"EnableTrackingProtection": {
- "Value": [true, false],
- "Locked": [true, false],
- "Cryptomining": [true, false],
- "Fingerprinting": [true, false],
+ "Value": true | false,
+ "Locked": true | false,
+ "Cryptomining": true | false,
+ "Fingerprinting": true | false,
"Exceptions": ["https://example.com"]
}
}
```
+### EncryptedMediaExtensions
+Enable or disable Encrypted Media Extensions and optionally lock it.
+
+If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them.
+
+If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them.
+
+**Compatibility:** Firefox 77, Firefox ESR 68.9\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `media.eme.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked
+```
+Value (string):
+```
+or
+```
+#### macOS
+```
+
+ EncryptedMediaExtensions
+
+ Enabled
+ |
+
+ |
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "EncryptedMediaExtensions": {
+ "Enabled": true | false,
+ "Locked": true | false
+ }
+}
+```
### EnterprisePoliciesEnabled
Enable policy support on macOS.
@@ -2123,6 +2263,15 @@ Control extension updates.
```
Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExtensionUpdate
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -2169,7 +2318,6 @@ Value (string):
```
-
```
OMA-URI:
```
@@ -2236,6 +2384,21 @@ Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
+```
+Value (string):
+```
+
+
+
+
+
+
+
+```
#### macOS
```
@@ -2282,6 +2445,15 @@ Control hardware acceleration.
```
Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -2464,6 +2636,15 @@ This policy only work on Windows via GPO (not policies.json).
```
Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles
+```
+Value (string):
+```
+ or
+```
### LocalFileLinks
Enable linking to local files by origin.
@@ -2476,6 +2657,16 @@ Enable linking to local files by origin.
Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -2495,23 +2686,30 @@ Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
}
}
```
-### NoDefaultBookmarks
-Disable the creation of default bookmarks.
-
-This policy is only effective if the user profile has not been created yet.
+### NetworkPrediction
+Enable or disable network prediction (DNS prefetching).
-**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `removeDefaultBookmarks`\
-**Preferences Affected:** N/A
+**Compatibility:** Firefox 67, Firefox ESR 60.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction
+```
+Value (string):
+```
+ or
```
#### macOS
```
- NoDefaultBookmarks
+ NetworkPrediction
|
```
@@ -2519,25 +2717,33 @@ Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
```
{
"policies": {
- "NoDefaultBookmarks": true | false
- }
+ "NetworkPrediction": true | false
}
```
-### NetworkPrediction
-Enable or disable network prediction (DNS prefetching).
+### NewTabPage
+Enable or disable the New Tab page.
-**Compatibility:** Firefox 67, Firefox ESR 60.7\
+**Compatibility:** Firefox 68, Firefox ESR 68\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS`
+**Preferences Affected:** `browser.newtabpage.enabled`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
+```
+Value (string):
+```
+ or
```
#### macOS
```
- NetworkPrediction
+ NewTabPage
|
```
@@ -2545,24 +2751,26 @@ Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0
```
{
"policies": {
- "NetworkPrediction": true | false
+ "NewTabPage": true | false
}
```
-### NewTabPage
-Enable or disable the New Tab page.
+### NoDefaultBookmarks
+Disable the creation of default bookmarks.
-**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.newtabpage.enabled`
+This policy is only effective if the user profile has not been created yet.
+
+**Compatibility:** Firefox 60, Firefox ESR 60\
+**CCK2 Equivalent:** `removeDefaultBookmarks`\
+**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks
```
Value (string):
```
@@ -2571,7 +2779,7 @@ Value (string):
#### macOS
```
- NewTabPage
+ NoDefaultBookmarks
|
```
@@ -2579,7 +2787,8 @@ Value (string):
```
{
"policies": {
- "NewTabPage": true | false
+ "NoDefaultBookmarks": true | false
+ }
}
```
### OfferToSaveLogins
@@ -2593,6 +2802,15 @@ Control whether or not Firefox offers to save passwords.
```
Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -2619,6 +2837,15 @@ Sets the default value of signon.rememberSignons without locking it.
```
Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -2680,6 +2907,16 @@ Override the upgrade page. If the value is blank, no upgrade page is displayed.
```
Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -2729,6 +2966,56 @@ Value (string):
}
}
```
+### PDFjs
+Disable or configure PDF.js, the built-in PDF viewer.
+
+If `Enabled` is set to false, the built-in PDF viewer is disabled.
+
+If `EnablePermissions` is set to true, the built-in PDF viewer will honor document permissions like preventing the copying of text.
+
+Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue to use it, or switch to using PDFjs->Enabled to disable the built-in PDF viewer. This new permission was added because we needed a place for PDFjs->EnabledPermissions.
+
+**Compatibility:** Firefox 77, Firefox ESR 68.9\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `pdfjs.diabled`,`pdfjs.enablePermissions`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PDFjs\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\PDFjs\EnablePermissions = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_Enabled
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~PDFjs/PDFjs_EnablePermissions
+```
+Value (string):
+```
+or
+```
+#### macOS
+```
+
+ PDFjs
+
+ Enabled
+ |
+
+ |
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "PSFjs": {
+ "Enabled": true | false,
+ "EnablePermissions": true | false
+ }
+}
+```
### Permissions
Set permissions associated with camera, microphone, location, notifications, and autoplay. Because these are origins, not domains, entries with unique ports must be specified separately. See examples below.
@@ -2821,6 +3108,32 @@ Value (string):
```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -2944,6 +3257,42 @@ Value (string):
}
}
```
+### PictureInPicture
+
+Enable or disable Picture-in-Picture.
+
+**Compatibility:** Firefox 78, Firefox ESR 78\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `media.videocontrols.picture-in-picture.video-toggle.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PictureInPicture = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PictureInPicture
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ PictureInPicture
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "PictureInPicture": true | false
+ }
+}
+```
### PopupBlocking
Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
@@ -2964,6 +3313,32 @@ Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu"
Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -3069,7 +3444,7 @@ Set and lock certain preferences.
| If false, the geolocation API is disabled. | Language dependent
| intl.accept_languages | string | Firefox 70, Firefox ESR 68.2
| If set, preferred language for web pages.
-| media.eme.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true
+| media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true
| If false, Encrypted Media Extensions are not enabled.
| media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true
| If false, the OpenH264 plugin is not downloaded.
@@ -3150,6 +3525,15 @@ Ask where to save each file before downloading.
```
Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -3271,17 +3655,17 @@ Value (string):
"policies": {
"Proxy": {
"Mode": "none", "system", "manual", "autoDetect", "autoConfig",
- "Locked": [true, false],
+ "Locked": true | false,
"HTTPProxy": "hostname",
- "UseHTTPProxyForAllProtocols": [true, false],
+ "UseHTTPProxyForAllProtocols": true | false,
"SSLProxy": "hostname",
"FTPProxy": "hostname",
"SOCKSProxy": "hostname",
"SOCKSVersion": 4 | 5
"Passthrough": "",
"AutoConfigURL": "URL_TO_AUTOCONFIG",
- "AutoLogin": [true, false],
- "UseProxyForDNS": [true, false]
+ "AutoLogin": true | false,
+ "UseProxyForDNS": true | false
}
}
}
@@ -3303,6 +3687,16 @@ or
Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -3457,6 +3851,16 @@ Set whether or not search bar is displayed.
```
Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
```
+
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar
+```
+Value (string):
+```
+
+
#### macOS
```
@@ -3464,7 +3868,6 @@ Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate"
unified | separate
```
-
#### policies.json
```
{
@@ -3489,6 +3892,16 @@ Set the default search engine. This policy is only available on the ESR.
```
Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -3562,6 +3975,16 @@ Hide built-in search engines. This policy is only available on the ESR.
```
Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -3619,7 +4042,23 @@ Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Des
Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
```
-
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
+```
+Value (string):
+```
+
+
+
+
+
+
+
+
+
+```
#### macOS
```
@@ -3682,6 +4121,15 @@ Enable search suggestions.
```
Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchSuggestEnabled
+```
+Value (string):
+```
+ or
+```
#### macOS
```
@@ -3709,6 +4157,16 @@ Install PKCS #11 modules.
```
Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -3742,6 +4200,16 @@ Set and lock the maximum version of TLS.
```
Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -3809,6 +4277,18 @@ Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu"
Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support"
Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S"
```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu
+```
+Value (string):
+```
+
+
+
+