X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/78f295c4448bd2b26f08204bc9c3cc0d91f6c8fd..77af2e932dcdfd4198b73c44b3189475d0796c38:/docs/index.md?ds=inline
diff --git a/docs/index.md b/docs/index.md
index 6d7aaa2..5c9e486 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -123,6 +123,7 @@ Note: The `policies.json` must use the UTF-8 encoding.
| **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
| **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
+| **[`SkipTermsOfUse`](#skiptermsofuse)** | Don't display the Firefox [Terms of Use](https://www.mozilla.org/about/legal/terms/firefox/) and [Privacy Notice](https://www.mozilla.org/privacy/firefox/) upon startup. You represent that you accept and have the authority to accept the Terms of Use on behalf of all individuals to whom you provide access to this browser.
| **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS.
| **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS.
| **[`StartDownloadsInTempDirectory`](#startdownloadsintempdirectory)** | Force downloads to start off in a local, temporary location rather than the default download directory.
@@ -676,7 +677,7 @@ to workaround the limit on the length of strings. Put all of your JSON on one li
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/AutoLaunchProtocolsFromOriginsOneLine
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOriginsOneLine
```
Value (string):
```
@@ -954,7 +955,7 @@ to workaround the limit on the length of strings. Put all of your JSON on one li
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/BookmarksOneLine
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BookmarksOneLine
```
Value (string):
```
@@ -1199,7 +1200,7 @@ to workaround the limit on the length of strings. Put all of your JSON on one li
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ContainersOneLine
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ContainersOneLine
```
Value (string):
```
@@ -1246,7 +1247,7 @@ Configure Firefox to use an agent for Data Loss Prevention (DLP) that is compati
`AgentName` is the name of the DLP agent. This is used in dialogs and notifications about DLP operations. The default is "A DLP Agent".
-`AgentTimeout` is the timeout in number of seconds after a DLP request is sent to the agent. After this timeout, the request will be denied unless `DefaultResult` is set to 1 or 2. The default is 30.
+`AgentTimeout` is the timeout in number of seconds after a DLP request is sent to the agent. After this timeout, the request will be denied unless `TimeoutResult` is set to 1 or 2. The default is 300.
`AllowUrlRegexList` is a space-separated list of regular expressions that indicates URLs for which DLP operations will always be allowed without consulting the agent. The default is "^about:(?!blank|srcdoc).*", meaning that any pages that start with "about:" will be exempt from DLP except for "about:blank" and "about:srcdoc", as these can be controlled by web content.
@@ -1270,8 +1271,14 @@ Configure Firefox to use an agent for Data Loss Prevention (DLP) that is compati
* The `Clipboard` entry controls clipboard operations for files and text.
* `Enabled` indicates whether clipboard operations should use DLP. The default is true.
+ * `PlainTextOnly` indicates whether to only analyze the text/plain format on the clipboard. If this
+ value is false, all formats will be analyzed, which some DLP agents may not expect. Regardless of
+ this value, files will be analyzed as usual. The default is true.
* The `DragAndDrop` entry controls drag and drop operations for files and text.
* `Enabled` indicates whether drag and drop operations should use DLP. The default is true.
+ * `PlainTextOnly` indicates whether to only analyze the text/plain format in what is being dropped.
+ If this value is false, all formats will be analyzed, which some DLP agents may not expect.
+ Regardless of this value, files will be analyzed as usual. The default is true.
* The `FileUpload` entry controls file upload operations for files chosen from the file picker.
* `Enabled` indicates whether file upload operations should use DLP. The default is true.
* The `Print` entry controls print operation.
@@ -1283,9 +1290,18 @@ Configure Firefox to use an agent for Data Loss Prevention (DLP) that is compati
`ShowBlockedResult` indicates whether Firefox should show a notification when a DLP request is denied. The default is true.
-**Compatibility:** Firefox 136\
+`TimeoutResult` indicates the desired behavior for DLP requests if the DLP agent does not respond to a request in less than `AgentTimeout` seconds. The default is 0.
+
+| Value | Description
+| --- | --- |
+| 0 | Deny the request (default)
+| 1 | Warn the user and allow them to choose whether to allow or deny
+| 2 | Allow the request
+
+
+**Compatibility:** Firefox 137\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.contentanalysis.agent_name`, `browser.contentanalysis.agent_timeout`, `browser.contentanalysis.allow_url_regex_list`, `browser.contentanalysis.bypass_for_same_tab_operations`, `browser.contentanalysis.client_signature`, `browser.contentanalysis.default_result`, `browser.contentanalysis.deny_url_regex_list`, `browser.contentanalysis.enabled`, `browser.contentanalysis.interception_point.clipboard.enabled`, `browser.contentanalysis.interception_point.drag_and_drop.enabled`, `browser.contentanalysis.interception_point.file_upload.enabled`, `browser.contentanalysis.interception_point.print.enabled`, `browser.contentanalysis.is_per_user`, `browser.contentanalysis.pipe_path_name`, `browser.contentanalysis.show_blocked_result`
+**Preferences Affected:** `browser.contentanalysis.agent_name`, `browser.contentanalysis.agent_timeout`, `browser.contentanalysis.allow_url_regex_list`, `browser.contentanalysis.bypass_for_same_tab_operations`, `browser.contentanalysis.client_signature`, `browser.contentanalysis.default_result`, `browser.contentanalysis.deny_url_regex_list`, `browser.contentanalysis.enabled`, `browser.contentanalysis.interception_point.clipboard.enabled`, `browser.contentanalysis.interception_point.clipboard.plain_text_only`, `browser.contentanalysis.interception_point.drag_and_drop.enabled`, `browser.contentanalysis.interception_point.drag_and_drop.plain_text_only`, `browser.contentanalysis.interception_point.file_upload.enabled`, `browser.contentanalysis.interception_point.print.enabled`, `browser.contentanalysis.is_per_user`, `browser.contentanalysis.pipe_path_name`, `browser.contentanalysis.show_blocked_result`, `browser.contentanalysis.timeout_result`
#### Windows (GPO)
```
@@ -1298,12 +1314,15 @@ Software\Policies\Mozilla\Firefox\ContentAnalysis\DefaultResult = 0x0 | 0x1 | 0x
Software\Policies\Mozilla\Firefox\ContentAnalysis\DenyUrlRegexList = "https://example\.com/.* https://subdomain\.example\.com/.*"
Software\Policies\Mozilla\Firefox\ContentAnalysis\Enabled = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\Clipboard\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\Clipboard\PlainTextOnly = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\DragAndDrop\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\DragAndDrop\PlainTextOnly = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\FileUpload\Enabled = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\Print\Enabled = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\ContentAnalysis\IsPerUser = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\ContentAnalysis\PipePathName = "pipe_custom_name"
Software\Policies\Mozilla\Firefox\ContentAnalysis\ShowBlockedResult = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\TimeoutResult = 0x0 | 0x1 | 0x2
```
#### Windows (Intune)
@@ -1379,7 +1398,15 @@ Value (string):
```
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_Clipboard
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints~Clipboard/ContentAnalysis_InterceptionPoints_Clipboard
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints~Clipboard/ContentAnalysis_InterceptionPoints_Clipboard_PlainTextOnly
```
Value (string):
```
@@ -1387,7 +1414,7 @@ Value (string):
```
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_DragAndDrop
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints~DragAndDrop/ContentAnalysis_InterceptionPoints_DragAndDrop
```
Value (string):
```
@@ -1395,7 +1422,7 @@ Value (string):
```
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_FileUpload
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints~DragAndDrop/ContentAnalysis_InterceptionPoints_DragAndDrop_PlainTextOnly
```
Value (string):
```
@@ -1403,7 +1430,15 @@ Value (string):
```
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_Print
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_FileUpload_Enabled
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis~InterceptionPoints/ContentAnalysis_InterceptionPoints_Print_Enabled
```
Value (string):
```
@@ -1434,6 +1469,15 @@ Value (string):
```
or
```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_TimeoutResult
+```
+Value (string):
+```
+
+
+```
#### policies.json
```
@@ -1450,10 +1494,12 @@ Value (string):
"Enabled": true | false,
"InterceptionPoints": {
"Clipboard": {
- "Enabled": true | false
+ "Enabled": true | false,
+ "PlainTextOnly": true | false
},
"DragAndDrop": {
- "Enabled": true | false
+ "Enabled": true | false,
+ "PlainTextOnly": true | false
},
"FileUpload": {
"Enabled": true | false
@@ -1465,6 +1511,7 @@ Value (string):
"IsPerUser": true | false,
"PipePathName": "pipe_custom_name",
"ShowBlockedResult": true | false,
+ "TimeoutResult": 0 | 1 | 2,
}
}
}
@@ -3027,7 +3074,7 @@ to workaround the limit on the length of strings. Put all of your JSON on one li
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExemptDomainFileTypePairsFromFileTypeDownloadWarningsOneLine
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExemptDomainFileTypePairsFromFileTypeDownloadWarningsOneLine
```
Value (string):
```
@@ -3174,6 +3221,7 @@ The configuration for each extension is another dictionary that can contain the
| `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension.
| `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`.
| `temporarily_allow_weak_signatures`| (Firefox 127) A boolean that indicates whether to allow installing extensions signed using deprecated signature algorithms.
+| `private_browsing`| (Firefox 136, Firefox ESR 128.8) A boolean that indicates whether or not this extension should be enabled in private browsing.
**Compatibility:** Firefox 69, Firefox ESR 68.1 (As of Firefox 85, Firefox ESR 78.7, installing a theme makes it the default.)\
**CCK2 Equivalent:** N/A\
@@ -3227,8 +3275,7 @@ Value (string):
"installation_mode": "force_installed",
"install_url": "https://addons.mozilla.org/firefox/downloads/latest/adguardadblocker@adguard.com/latest.xpi"
},
- {
- "https-everywhere@eff.org": {
+ "https-everywhere@eff.org": {
"installation_mode": "allowed",
"updates_disabled": false
}
@@ -3645,7 +3692,7 @@ to workaround the limit on the length of strings. Put all of your JSON on one li
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/HandlersOneLine
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HandlersOneLine
```
Value (string):
```
@@ -4261,7 +4308,7 @@ to workaround the limit on the length of strings. Put all of your JSON on one li
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ManagedBoomarksOneLine
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ManagedBookmarksOneLine
```
Value (string):
```
@@ -5378,8 +5425,10 @@ as well as the following security preferences:
| If true, if an OCSP request times out, the connection fails.
| security.osclientcerts.assume_rsa_pss_support | boolean | true
| If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
-| security.pki.certificate_transparency.disable_for_hosts
-| security.pki.certificate_transparency.disable_for_spki_hashes
+| security.pki.certificate_transparency.disable_for_hosts | |
+| See [this page](https://searchfox.org/mozilla-central/rev/d1fbe983fb7720f0a4aca0e748817af11c1a374e/modules/libpref/init/StaticPrefList.yaml#16334) for more details.
+| security.pki.certificate_transparency.disable_for_spki_hashes | |
+| See [this page](https://searchfox.org/mozilla-central/rev/d1fbe983fb7720f0a4aca0e748817af11c1a374e/modules/libpref/init/StaticPrefList.yaml#16344) for more details.
| security.pki.certificate_transparency.mode | integer | 0
| Configures Certificate Transparency support mode (Firefox 133)
| security.ssl.enable_ocsp_stapling | boolean | true
@@ -5471,7 +5520,7 @@ to workaround the limit on the length of strings. Put all of your JSON on one li
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/PreferencesOneLine
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PreferencesOneLine
```
Value (string):
```
@@ -5961,17 +6010,17 @@ or
### SanitizeOnShutdown (Selective)
Clear data on shutdown.
-Note: Starting with Firefox 128, History clears FormData and Downloads as well.
+Note: Starting with Firefox 136, FormData and History have been separated again.
`Cache`
`Cookies`
-`Downloads` Download History (*Deprecated*)
+`Downloads` Download History (*Deprecated - part of History*)
-`FormData` Form & Search History (*Deprecated*)
+`FormData` Form History
-`History` Browsing History, Download History, Form & Search History.
+`History` Browsing History, Download History
`Sessions` Active Logins
@@ -5983,12 +6032,13 @@ Note: Starting with Firefox 128, History clears FormData and Downloads as well.
**Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6, History update in Firefox 128)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`, `privacy.clearOnShutdown_v2.historyFormDataAndDownloads` (Firefox 128), `privacy.clearOnShutdown_v2.cookiesAndStorage` (Firefox 128), `privacy.clearOnShutdown_v2.cache` (Firefox 128), `privacy.clearOnShutdown_v2.siteSettings` (Firefox 128)
+**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`, `privacy.clearOnShutdown_v2.historyFormDataAndDownloads` (Firefox 128), `privacy.clearOnShutdown_v2.cookiesAndStorage` (Firefox 128), `privacy.clearOnShutdown_v2.cache` (Firefox 128), `privacy.clearOnShutdown_v2.siteSettings` (Firefox 128), `privacy.clearOnShutdown_v2.formdata` (Firefox 128)
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
@@ -6013,6 +6063,14 @@ Value (string):
```
OMA-URI:
```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_FormData
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
```
Value (string):
@@ -6052,6 +6110,8 @@ Value (string):
|
Cookies
|
+ FormData
+ |
History
|
Sessions
@@ -6070,6 +6130,7 @@ Value (string):
"SanitizeOnShutdown": {
"Cache": true | false,
"Cookies": true | false,
+ "FormData": true | false,
"History": true | false,
"Sessions": true | false,
"SiteSettings": true | false,
@@ -6079,7 +6140,7 @@ Value (string):
}
```
### SanitizeOnShutdown (All)
-Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form & Search History, Site Preferences and Offline Website Data.
+Clear all data on shutdown, including Browsing & Download History, Cookies, Active Logins, Cache, Form History, Site Preferences and Offline Website Data.
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** N/A\
@@ -6563,6 +6624,41 @@ Value (string):
}
}
```
+### SkipTermsOfUse
+If true, don't display the Firefox [Terms of Use](https://www.mozilla.org/about/legal/terms/firefox/) and [Privacy Notice](https://www.mozilla.org/privacy/firefox/) upon startup. You represent that you accept and have the authority to accept the Terms of Use on behalf of all individuals to whom you provide access to this browser.
+
+**Compatibility:** Firefox 138, Firefox ESR 140\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\SkipTermsOfUse = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+FIXME
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ SkipTermsOfUse
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "SkipTermsOfUse": true | false
+ }
+}
+```
### SSLVersionMax
Set and lock the maximum version of TLS. (Firefox defaults to a maximum of TLS 1.3.)
@@ -6773,7 +6869,7 @@ Prevent Firefox from messaging the user in certain situations.
`FeatureRecommendations` If false, don't recommend browser features.
-`UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
+`UrlbarInterventions` If false,don't offer Firefox specific suggestions in the URL bar.
`SkipOnboarding` If true, don't show onboarding messages on the new tab page.
@@ -6927,7 +7023,7 @@ to workaround the limit on the length of strings. Put all of your JSON on one li
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/WebsiteFilterOneLine
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WebsiteFilterOneLine
```
Value (string):
```