X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/807a17ae62b1b75bd7df70c1fb81929ca72f1759..29f8072e6d40a3e345b88d1b98dc095e6db4973d:/README.md
diff --git a/README.md b/README.md
index df48c65..f480238 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,3 @@
-**These policies are in active development and so might contain changes that do not work with current versions of Firefox.**
-
-**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.**
-
Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
| Policy Name | Description
@@ -11,6 +7,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
| **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update.
| **[`Authentication`](#authentication)** | Configure sites that support integrated authentication.
+| **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user.
| **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only).
| **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons).
| **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config.
@@ -22,14 +19,15 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`Certificates -> ImportEnterpriseRoots`](#certificates--importenterpriseroots)** | Trust certificates that have been added to the operating system certificate store by a user or administrator.
| **[`Certificates -> Install`](#certificates--install)** | Install certificates into the Firefox certificate store.
| **[`Cookies`](#cookies)** | Configure cookie preferences.
+| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
| **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
| **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
| **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
| **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
| **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
| **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
-| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
| **[`DisableFirefoxAccounts`](#disablefirefoxaccounts)** | Disable Firefox Accounts integration (Sync).
+| **[`DisableFirefoxScreenshots`](#disablefirefoxscreenshots)** | Remove access to Firefox Screenshots.
| **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield).
| **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button.
| **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar.
@@ -45,11 +43,10 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or update.
| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
-| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
| **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
+| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
| **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
| **[`DontCheckDefaultBrowser`](#dontcheckdefaultbrowser)** | Don't check if Firefox is the default browser at startup.
-| **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory.
| **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory.
| **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection.
| **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it.
@@ -57,17 +54,18 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions.
| **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions.
| **[`ExtensionUpdate`](#extensionupdate)** | Control extension updates.
-| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
| **[`FirefoxHome`](#firefoxhome)** | Customize the Firefox Home page.
-| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
+| **[`FlashPlugin`](#flashplugin)** | Configure the default Flash plugin policy as well as origins for which Flash is allowed.
| **[`Handlers`](#handlers)** | Configure default application handlers.
+| **[`HardwareAcceleration`](#hardwareacceleration)** | Control hardware acceleration.
| **[`Homepage`](#homepage)** | Configure the default homepage and how Firefox starts.
| **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
| **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
+| **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
+| **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
| **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
| **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates..
-| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
| **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
| **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
| **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
@@ -82,6 +80,7 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`PopupBlocking`](#popupblocking)** | Configure the default pop-up window policy as well as origins for which pop-up windows are allowed.
| **[`Preferences`](#preferences)** | Set and lock preferences.
| **[`Preferences (Deprecated)`](#preferences-deprecated)** | Set and lock some preferences.
+| **[`PrimaryPassword`](#primarypassword)** | Require or prevent using a primary (formerly master) password.
| **[`PromptForDownloadLocation`](#promptfordownloadlocation)** | Ask where to save each file before downloading.
| **[`Proxy`](#proxy)** | Configure proxy settings.
| **[`RequestedLocales`](#requestedlocales)** | Set the the list of requested locales for the application in order of preference.
@@ -89,10 +88,10 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`SanitizeOnShutdown` (Selective)](#sanitizeonshutdown-selective)** | Clear data on shutdown.
| **[`SearchBar`](#searchbar)** | Set whether or not search bar is displayed.
| **[`SearchEngines`](#searchengines-this-policy-is-only-available-on-the-esr)** |
+| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
| **[`SearchEngines -> Default`](#searchengines--default)** | Set the default search engine.
| **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages.
| **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines.
-| **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines.
| **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions.
| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules.
| **[`ShowHomeButton`](#showhomebutton)** | Show the home button on the toolbar.
@@ -101,91 +100,92 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information.
| **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user.
| **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited.
+| **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts.
### 3rdparty
Allow WebExtensions to configure policy. For more information, see [Adding policy support to your extension](https://extensionworkshop.com/documentation/enterprise/adding-policy-support-to-your-extension/).
-### AppAutoUpdate
-
-Enable or disable **automatic** application update.
+### AllowedDomainsForApps
-If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
+Define domains allowed to access Google Workspace.
-If set to false, application updates are downloaded but the user can choose when to install the update.
+This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
-If you have disabled updates via DisableAppUpdate, this policy has no effect.
+If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
-**Compatibility:** Firefox 75, Firefox ESR 68.7\
+**Compatibility:** Firefox 89, Firefox ESR 78.11\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** app.update.auto
+**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
```
Value (string):
```
- or
+
+
```
#### macOS
```
- AppAutoUpdate
- |
+ AllowedDomainsForApps
+ managedfirefox.com,example.com
```
#### policies.json
```
{
"policies": {
- "AppAutoUpdate": true | false
+ "AllowedDomainsForApps": "managedfirefox.com,example.com"
}
}
```
-### AllowedDomainsForApps
+### AppAutoUpdate
-Define domains allowed to access Google Workspace.
+Enable or disable **automatic** application update.
-This policy is based on the [Chrome policy](https://chromeenterprise.google/policies/#AllowedDomainsForApps) of the same name.
+If set to true, application updates are installed without user approval within Firefox. The operating system might still require approval.
-If this policy is enabled, users can only access Google Workspace using accounts from the specified domains. If you want to allow Gmail, you can add ```consumer_accounts``` to the list.
+If set to false, application updates are downloaded but the user can choose when to install the update.
-**Compatibility:** Firefox 89, Firefox ESR 78.11\
+If you have disabled updates via `DisableAppUpdate`, this policy has no effect.
+
+**Compatibility:** Firefox 75, Firefox ESR 68.7\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** N/A
+**Preferences Affected:** `app.update.auto`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\AllowedDomainsForApps = "managedfirefox.com,example.com"
+Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AllowedDomainsForApps
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
```
Value (string):
```
-
-
+ or
```
#### macOS
```
- AllowedDomainsForApps
- managedfirefox.com,example.com
+ AppAutoUpdate
+ |
```
#### policies.json
```
{
"policies": {
- "AllowedDomainsForApps": "managedfirefox.com,example.com"
+ "AppAutoUpdate": true | false
}
}
```
@@ -230,7 +230,7 @@ Value (string):
Configure sites that support integrated authentication.
-See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information.
+See [Integrated authentication](https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html) for more information.
`PrivateBrowsing` enables integrated authentication in private browsing.
@@ -370,6 +370,98 @@ Value (string):
}
}
```
+### AutoLaunchProtocolsFromOrigins
+Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname.
+
+The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins.
+
+The schema is:
+```
+{
+ "items": {
+ "properties": {
+ "allowed_origins": {
+ "items": {
+ "type": "string"
+ },
+ "type": "array"
+ },
+ "protocol": {
+ "type": "string"
+ }
+ },
+ "required": [
+ "protocol",
+ "allowed_origins"
+ ],
+ "type": "object"
+ },
+ "type": "array"
+}
+```
+**Compatibility:** Firefox 90, Firefox ESR 78.12\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) =
+```
+[
+ {
+ "protocol": "zoommtg",
+ "allowed_origins": [
+ "https://somesite.zoom.us"
+ ]
+ }
+]
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ AutoLaunchProtocolsFromOrigins
+
+
+ protocol
+ zoommtg
+ allowed_origins
+
+ https://somesite.zoom.us
+
+
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "AutoLaunchProtocolsFromOrigins": [{
+ "protocol": "zoommtg",
+ "allowed_origins": [
+ "https://somesite.zoom.us"
+ ]
+ }]
+ }
+}
+```
### BackgroundAppUpdate
Enable or disable **automatic** application update **in the background**, when the application is not running.
@@ -378,7 +470,7 @@ If set to true, application updates may be installed (without user approval) in
If set to false, the application will not try to install updates when the application is not running.
-If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppUpdateAuto`, this policy has no effect.
+If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect.
**Compatibility:** Firefox 90 (Windows only)\
**CCK2 Equivalent:** N/A\
@@ -562,6 +654,8 @@ Note: [`ManagedBookmarks`](#managedbookmarks) is the new recommended way to add
Add bookmarks in either the bookmarks toolbar or menu. Only `Title` and `URL` are required. If `Placement` is not specified, the bookmark will be placed on the toolbar. If `Folder` is specified, it is automatically created and bookmarks with the same folder name are grouped together.
+If you want to clear all bookmarks set with this policy, you can set the value to an empty array (```[]```). This can be on Windows via the new Bookmarks (JSON) policy available with GPO and Intune.
+
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** `bookmarks.toolbar`,`bookmarks.menu`\
**Preferences Affected:** N/A
@@ -573,6 +667,12 @@ Software\Policies\Mozilla\Firefox\Bookmarks\1\URL = "https://example.com"
Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/favicon.ico"
Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
+
+Software\Policies\Mozilla\Firefox\Bookmarks (REG_MULTI_SZ) =
+```
+[]
+```
+
```
#### Windows (Intune)
OMA-URI:
@@ -588,6 +688,15 @@ Value (string):
```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Bookmarks
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -780,19 +889,32 @@ Configure cookie preferences.
`Block` is a list of origins (not domains) where cookies are always blocked. You must include http or https.
-`Default` determines whether cookies are accepted at all.
+`Behavior` sets the default behavior for cookies based on the values below.
-`AcceptThirdParty` determines how third-party cookies are handled.
+`BehaviorPrivateBrowsing` sets the default behavior for cookies in private browsing based on the values below.
+
+| Value | Description
+| --- | ---
+| accept | Accept all cookies
+| reject-foreign | Reject third party cookies
+| reject | Reject all cookies
+| limit-foreign | Reject third party cookies for sites you haven't visited
+| reject-tracker | Reject cookies for known trackers (default)
+| reject-tracker-and-partition-foreign | Reject cookies for known trackers and partition third-party cookies (Total Cookie Protection) (default for private browsing)
+
+`Default` (Deprecated) determines whether cookies are accepted at all.
+
+`AcceptThirdParty` (Deprecated) determines how third-party cookies are handled.
`ExpireAtSessionEnd` determines when cookies expire.
-`RejectTracker` only rejects cookies for trackers.
+`RejectTracker` (Deprecated) only rejects cookies for trackers.
`Locked` prevents the user from changing cookie preferences.
-**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (RejectTracker added in Firefox 63, AllowSession added in Firefox 79/78.1, Behavior added in Firefox 95/91.4)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.cookie.cookieBehavior`,`network.cookie.lifetimePolicy`
+**Preferences Affected:** `network.cookie.cookieBehavior`, `network.cookie.cookieBehavior.pbmode`, `network.cookie.lifetimePolicy`
#### Windows (GPO)
```
@@ -803,6 +925,8 @@ Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\Cookies\Behavior = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
+Software\Policies\Mozilla\Firefox\Cookies\BehaviorPrivateBrowsing = "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
```
#### Windows (Intune)
@@ -874,6 +998,24 @@ Value (string):
```
or
```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Behavior
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_BehaviorPrivateBrowsing
+```
+Value (string):
+```
+
+
+```
#### macOS
```
@@ -901,6 +1043,10 @@ Value (string):
|
Locked
|
+ Behavior
+ accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign
+ BehaviorPrivateBrowsing
+ accept | reject-foreign | reject | limit-foreign | reject-tracker | reject-tracker-and-partition-foreign
```
@@ -916,7 +1062,9 @@ Value (string):
"AcceptThirdParty": "always" | "never" | "from-visited",
"ExpireAtSessionEnd": true | false,
"RejectTracker": true | false,
- "Locked": true | false
+ "Locked": true | false,
+ "Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
+ "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
}
}
}
@@ -961,7 +1109,7 @@ Remove the master password functionality.
If this value is true, it works the same as setting [`PrimaryPassword`](#primarypassword) to false and removes the primary password functionality.
-If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
+If both `DisableMasterPasswordCreation` and `PrimaryPassword` are used, `DisableMasterPasswordCreation` takes precedent.
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** `noMasterPassword`\
@@ -995,6 +1143,50 @@ Value (string):
}
}
```
+### DefaultDownloadDirectory
+Set the default download directory.
+
+You can use ${home} for the native home directory.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ DefaultDownloadDirectory
+ ${home}/Downloads
+
+```
+#### policies.json (macOS and Linux)
+```
+{
+ "policies": {
+ "DefaultDownloadDirectory": "${home}/Downloads"
+}
+```
+#### policies.json (Windows)
+```
+{
+ "policies": {
+ "DefaultDownloadDirectory": "${home}\\Downloads"
+}
+```
### DisableAppUpdate
Turn off application updates within Firefox.
@@ -1263,21 +1455,21 @@ Value (string):
}
}
```
-### DisableFirefoxScreenshots
-Remove access to Firefox Screenshots.
+### DisableFirefoxAccounts
+Disable Firefox Accounts integration (Sync).
**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `extensions.screenshots.disabled`
+**CCK2 Equivalent:** `disableSync`\
+**Preferences Affected:** `identity.fxaccounts.enabled`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
```
Value (string):
```
@@ -1286,7 +1478,7 @@ Value (string):
#### macOS
```
- DisableFirefoxScreenshots
+ DisableFirefoxAccounts
|
```
@@ -1294,25 +1486,25 @@ Value (string):
```
{
"policies": {
- "DisableFirefoxScreenshots": true | false
+ "DisableFirefoxAccounts": true | false
}
}
```
-### DisableFirefoxAccounts
-Disable Firefox Accounts integration (Sync).
+### DisableFirefoxScreenshots
+Remove access to Firefox Screenshots.
**Compatibility:** Firefox 60, Firefox ESR 60\
-**CCK2 Equivalent:** `disableSync`\
-**Preferences Affected:** `identity.fxaccounts.enabled`
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `extensions.screenshots.disabled`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
```
Value (string):
```
@@ -1321,7 +1513,7 @@ Value (string):
#### macOS
```
- DisableFirefoxAccounts
+ DisableFirefoxScreenshots
|
```
@@ -1329,7 +1521,7 @@ Value (string):
```
{
"policies": {
- "DisableFirefoxAccounts": true | false
+ "DisableFirefoxScreenshots": true | false
}
}
```
@@ -1408,7 +1600,7 @@ Turn off saving information on web forms and the search bar.
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** `disableFormFill`\
-**Preferences Affected:** ` browser.formfill.enable`
+**Preferences Affected:** `browser.formfill.enable`
#### Windows (GPO)
```
@@ -1659,7 +1851,7 @@ Prevent the user from bypassing security in certain cases.
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `security.certerror.hideAddException`,`browser.safebrowsing.allowOverride`
+**Preferences Affected:** `security.certerror.hideAddException`, `browser.safebrowsing.allowOverride`
#### Windows (GPO)
```
@@ -1751,7 +1943,7 @@ Mozilla recommends that you do not disable telemetry. Information collected thro
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** `disableTelemetry`\
-**Preferences Affected:** `datareporting.healthreport.uploadEnabled,datareporting.policy.dataSubmissionEnabled,toolkit.telemetry.archive.enabled`
+**Preferences Affected:** `datareporting.healthreport.uploadEnabled`, `datareporting.policy.dataSubmissionEnabled`, `toolkit.telemetry.archive.enabled`
#### Windows (GPO)
```
@@ -1816,73 +2008,73 @@ Value (string):
}
}
```
-### DisplayMenuBar (Deprecated)
-Set the initial state of the menubar. A user can still hide it and it will stay hidden.
+### DisplayMenuBar
+Set the state of the menubar.
-**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
+`always` means the menubar is shown and cannot be hidden.
+
+`never` means the menubar is hidden and cannot be shown.
+
+`default-on` means the menubar is on by default but can be hidden.
+
+`default-off` means the menubar is off by default but can be shown.
+
+**Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
**CCK2 Equivalent:** `displayMenuBar`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
```
-#### macOS
+#### Windows (Intune)
+OMA-URI:
```
-
- DisplayMenuBar
- |
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ DisplayMenuBar
+ always | never | default-on | default-off
```
#### policies.json
```
{
"policies": {
- "DisplayMenuBar": true | false
+ "DisplayMenuBar": "always", "never", "default-on", "default-off"
}
}
```
-### DisplayMenuBar
-Set the state of the menubar.
-
-`always` means the menubar is shown and cannot be hidden.
-
-`never` means the menubar is hidden and cannot be shown.
-
-`default-on` means the menubar is on by default but can be hidden.
-
-`default-off` means the menubar is off by default but can be shown.
+### DisplayMenuBar (Deprecated)
+Set the initial state of the menubar. A user can still hide it and it will stay hidden.
-**Compatibility:** Firefox 73, Firefox ESR 68.5 (Windows, some Linux)\
+**Compatibility:** Firefox 60, Firefox ESR 60 (Windows, some Linux)\
**CCK2 Equivalent:** `displayMenuBar`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
-```
-Value (string):
-```
-
-
+Software\Policies\Mozilla\Firefox\DisplayMenuBar = 0x1 | 0x0
```
#### macOS
```
DisplayMenuBar
- always | never | default-on | default-off
+ |
```
#### policies.json
```
{
"policies": {
- "DisplayMenuBar": "always", "never", "default-on", "default-off"
+ "DisplayMenuBar": true | false
}
}
```
@@ -1899,7 +2091,7 @@ Configure DNS over HTTPS.
**Compatibility:** Firefox 63, Firefox ESR 68 (ExcludedDomains added in 75/68.7)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.trr.mode`,`network.trr.uri`
+**Preferences Affected:** `network.trr.mode`, `network.trr.uri`
#### Windows (GPO)
```
@@ -2009,50 +2201,6 @@ Value (string):
}
}
```
-### DefaultDownloadDirectory
-Set the default download directory.
-
-You can use ${home} for the native home directory.
-
-**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.download.dir`,`browser.download.folderList`
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads"
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory
-```
-Value (string):
-```
-
-
-```
-#### macOS
-```
-
- DefaultDownloadDirectory
- ${home}/Downloads
-
-```
-#### policies.json (macOS and Linux)
-```
-{
- "policies": {
- "DefaultDownloadDirectory": "${home}/Downloads"
-}
-```
-#### policies.json (Windows)
-```
-{
- "policies": {
- "DefaultDownloadDirectory": "${home}\\Downloads"
-}
-```
### DownloadDirectory
Set and lock the download directory.
@@ -2060,7 +2208,7 @@ You can use ${home} for the native home directory.
**Compatibility:** Firefox 68, Firefox ESR 68\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.download.dir`,`browser.download.folderList`,`browser.download.useDownloadDir`
+**Preferences Affected:** `browser.download.dir`, `browser.download.folderList`, `browser.download.useDownloadDir`
#### Windows (GPO)
```
@@ -2114,7 +2262,7 @@ If `Fingerprinting` is set to true, fingerprinting scripts on websites are block
**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `privacy.trackingprotection.enabled`,`privacy.trackingprotection.pbmode.enabled`,`privacy.trackingprotection.cryptomining.enabled`,`privacy.trackingprotection.fingerprinting.enabled`
+**Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`
#### Windows (GPO)
```
@@ -2509,7 +2657,83 @@ Value (string):
}
}
```
-### FlashPlugin
+### FirefoxHome
+Customize the Firefox Home page.
+
+**Compatibility:** Firefox 68, Firefox ESR 68 (SponsoredTopSites and SponsoredPocket were added in Firefox 95, Firefox ESR 91.4)
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`, `browser.newtabpage.activity-stream.feeds.topsites`, `browser.newtabpage.activity-stream.feeds.section.highlights`, `browser.newtabpage.activity-stream.feeds.section.topstories`, `browser.newtabpage.activity-stream.feeds.snippets`, `browser.newtabpage.activity-stream.showSponsoredTopSites`, `browser.newtabpage.activity-stream.showSponsored`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredTopSites = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\SponsoredPocket = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
+```
+Value (string):
+```
+
+
+
+
+
+
+
+
+
+```
+#### macOS
+```
+
+ FirefoxHome
+
+ Search
+ |
+ TopSites
+ |
+ SponsoredTopSites
+ |
+ Highlights
+ |
+ Pocket
+ |
+ SponsoredPocket
+ |
+ Snippets
+ |
+ Locked
+ |
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "FirefoxHome": {
+ "Search": true | false,
+ "TopSites": true | false,
+ "SponsoredTopSites": true | false,
+ "Highlights": true | false,
+ "Pocket": true | false,
+ "SponsoredPocket": true | false,
+ "Snippets": true | false,
+ "Locked": true | false
+ }
+ }
+}
+```
+### FlashPlugin (Deprecated)
Configure the default Flash plugin policy as well as origins for which Flash is allowed.
`Allow` is a list of origins where Flash are allowed.
@@ -2590,9 +2814,6 @@ Value (string):
}
}
```
-
-
-
### Handlers
Configure default application handlers. This policy is based on the internal format of `handlers.json`.
@@ -2775,72 +2996,6 @@ Value (string):
}
}
```
-### FirefoxHome
-Customize the Firefox Home page.
-
-**Compatibility:** Firefox 68, Firefox ESR 68\
-**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.newtabpage.activity-stream.showSearch`,`browser.newtabpage.activity-stream.feeds.topsites`,`browser.newtabpage.activity-stream.feeds.section.highlights`,`browser.newtabpage.activity-stream.feeds.section.topstories`,`browser.newtabpage.activity-stream.feeds.snippets`
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\FirefoxHome\Search = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\TopSites = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Highlights = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome
-```
-Value (string):
-```
-
-
-
-
-
-
-
-```
-#### macOS
-```
-
- FirefoxHome
-
- Search
- |
- TopSites
- |
- Highlights
- |
- Pocket
- |
- Snippets
- |
- Locked
- |
-
-
-```
-#### policies.json
-```
-{
- "policies": {
- "FirefoxHome": {
- "Search": true | false,
- "TopSites": true | false,
- "Highlights": true | false,
- "Pocket": true | false,
- "Snippets": true | false,
- "Locked": true | false
- }
- }
-}
-```
### HardwareAcceleration
Control hardware acceleration.
@@ -2891,7 +3046,7 @@ With Firefox 78, an additional option as added for `Startpage`, `homepage-locked
**Compatibility:** Firefox 60, Firefox ESR 60 (StartPage was added in Firefox 60, Firefox ESR 60.4, homepage-locked added in Firefox 78)\
**CCK2 Equivalent:** `homePage`,`lockHomePage`\
-**Preferences Affected:** `browser.startup.homepage`,`browser.startup.page`
+**Preferences Affected:** `browser.startup.homepage`, `browser.startup.page`
#### Windows (GPO)
```
@@ -3054,61 +3209,140 @@ Value (string):
```
or
```
-### LocalFileLinks
-Enable linking to local files by origin.
+### LegacySameSiteCookieBehaviorEnabled
+Enable default legacy SameSite cookie behavior setting.
-**Compatibility:** Firefox 68, Firefox ESR 68\
+If this policy is set to true, it reverts all cookies to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
+
+**Compatibility:** Firefox 96\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `capability.policy.localfilelinks.*`
+**Preferences Affected:** `network.cookie.sameSite.laxByDefault`
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
-Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabled = = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabled
```
Value (string):
```
-
-
+ or
```
#### macOS
```
- LocalFileLinks
-
- http://example.org
- http://example.edu
-
+ LegacySameSiteCookieBehaviorEnabled
+ |
```
#### policies.json
```
{
"policies": {
- "LocalFileLinks": ["http://example.org/",
- "http://example.edu/"]
- }
+ "LegacySameSiteCookieBehaviorEnabled": true | false
}
```
-### ManagedBookmarks
-Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
+### LegacySameSiteCookieBehaviorEnabledForDomainList
+Revert to legacy SameSite behavior for cookies on specified sites.
-The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
+If this policy is set to true, cookies set for domains in this list will revert to legacy SameSite behavior which means that cookies that don't explicitly specify a ```SameSite``` attribute are treated as if they were ```SameSite=None```.
-The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
+**Compatibility:** Firefox 96\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.cookie.sameSite.laxByDefault.disabledHosts`
+
+#### Windows (GPO)
```
-{
- "items": {
- "id": "BookmarkType",
- "properties": {
- "children": {
- "items": {
- "$ref": "BookmarkType"
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\1 = "example.org"
+Software\Policies\Mozilla\Firefox\LegacySameSiteCookieBehaviorEnabledForDomainList\2 = "example.edu"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacySameSiteCookieBehaviorEnabledForDomainList
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ LegacySameSiteCookieBehaviorEnabledForDomainList
+
+ example.org
+ example.edu
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "LegacySameSiteCookieBehaviorEnabledForDomainList": ["example.org",
+ "example.edu"]
+ }
+}
+```
+### LocalFileLinks
+Enable linking to local files by origin.
+
+**Compatibility:** Firefox 68, Firefox ESR 68\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `capability.policy.localfilelinks.*`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org"
+Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ LocalFileLinks
+
+ http://example.org
+ http://example.edu
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "LocalFileLinks": ["http://example.org/",
+ "http://example.edu/"]
+ }
+}
+```
+### ManagedBookmarks
+Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
+
+The bookmarks are only added as a button on the personal toolbar. They are not in the bookmarks folder.
+
+The syntax of this policy is exactly the same as the [Chrome ManagedBookmarks policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=ManagedBookmarks). The schema is:
+```
+{
+ "items": {
+ "id": "BookmarkType",
+ "properties": {
+ "children": {
+ "items": {
+ "$ref": "BookmarkType"
},
"type": "array"
},
@@ -3196,7 +3430,7 @@ Value (string):
toplevel_name
- My managed bookmarks folder
+ My managed bookmarks folder
url
example.com
@@ -3277,51 +3511,12 @@ This policy is primarily intended for advanced end users, not for enterprises.
}
}
```
-### PrimaryPassword
-Require or prevent using a primary (formerly master) password.
-
-If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
-
-If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
-
-**Compatibility:** Firefox 79, Firefox ESR 78.1\
-**CCK2 Equivalent:** `noMasterPassword`\
-**Preferences Affected:** N/A
-
-#### Windows (GPO)
-```
-Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
-```
-#### Windows (Intune)
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
-```
-Value (string):
-```
- or
-```
-#### macOS
-```
-
- PrimaryPassword
- |
-
-```
-#### policies.json
-```
-{
- "policies": {
- "PrimaryPassword": true | false
- }
-}
-```
### NetworkPrediction
Enable or disable network prediction (DNS prefetching).
**Compatibility:** Firefox 67, Firefox ESR 60.7\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS`
+**Preferences Affected:** `network.dns.disablePrefetch`, `network.dns.disablePrefetchFromHTTPS`
#### Windows (GPO)
```
@@ -3611,7 +3806,7 @@ Note: DisableBuiltinPDFViewer has not been deprecated. You can either continue t
**Compatibility:** Firefox 77, Firefox ESR 68.9\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `pdfjs.diabled`,`pdfjs.enablePermissions`
+**Preferences Affected:** `pdfjs.diabled`, `pdfjs.enablePermissions`
#### Windows (GPO)
```
@@ -3644,7 +3839,7 @@ Value (string):
```
{
"policies": {
- "PSFjs": {
+ "PDFjs": {
"Enabled": true | false,
"EnablePermissions": true | false
}
@@ -3666,7 +3861,7 @@ Set permissions associated with camera, microphone, location, notifications, aut
**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8, VirtualReality added in Firefox 80, Firefox ESR 78.2)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`.`permissions.default.xr`
+**Preferences Affected:** `permissions.default.camera`, `permissions.default.microphone`, `permissions.default.geo`, `permissions.default.desktop-notification`, `media.autoplay.default`, `permissions.default.xr`
#### Windows (GPO)
```
@@ -4073,6 +4268,7 @@ general.smoothScroll (Firefox 83, Firefox ESR 78.5)
geo.
gfx.
intl.
+keyword.enabled (Firefox 95, Firefox ESR 91.4)
layers.
layout.
media.
@@ -4082,6 +4278,7 @@ places.
print.
signon. (Firefox 83, Firefox ESR 78.5)
spellchecker. (Firefox 84, Firefox ESR 78.6)
+toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
ui.
widget.
```
@@ -4102,12 +4299,14 @@ as well as the following security preferences:
| If true, client certificates are loaded from the operating system certificate store.
| security.ssl.errorReporting.enabled | boolean | true
| If false, SSL errors cannot be sent to Mozilla.
+| security.tls.enable_0rtt_data | boolean | true
+| If false, TLS early data is turned off (Firefox 93, Firefox 91.2, Firefox 78.15).
| security.tls.hello_downgrade_check | boolean | true
| If false, the TLS 1.3 downgrade check is disabled.
| security.tls.version.enable-deprecated | boolean | false
-| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8)
+| If true, browser will accept TLS 1.0. and TLS 1.1 (Firefox 86, Firefox 78.8).
| security.warn_submit_secure_to_insecure | boolean | true
-| If false, no warning is shown when submitting s form from https to http.
+| If false, no warning is shown when submitting a form from https to http.
Using the preference as the key, set the `Value` to the corresponding preference value.
@@ -4118,7 +4317,7 @@ Default preferences can be modified by the user.
If a value is locked, it is also set as the default.
-User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy.
+User preferences persist across invocations of Firefox. It is the equivalent of a user setting the preference. They are most useful when a preference is needed very early in startup so it can't be set as default by policy. An example of this is ```toolkit.legacyUserProfileCustomizations.stylesheets```.
User preferences persist even if the policy is removed, so if you need to remove them, you should use the clear policy.
@@ -4380,6 +4579,45 @@ Value (string):
}
}
```
+### PrimaryPassword
+Require or prevent using a primary (formerly master) password.
+
+If this value is true, a primary password is required. If this value is false, it works the same as if [`DisableMasterPasswordCreation`](#disablemasterpasswordcreation) was true and removes the primary password functionality.
+
+If both DisableMasterPasswordCreation and PrimaryPassword are used, DisableMasterPasswordCreation takes precedent.
+
+**Compatibility:** Firefox 79, Firefox ESR 78.1\
+**CCK2 Equivalent:** `noMasterPassword`\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\PrimaryPassword = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PrimaryPassword
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ PrimaryPassword
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "PrimaryPassword": true | false
+ }
+}
+```
### PromptForDownloadLocation
Ask where to save each file before downloading.
@@ -4445,7 +4683,7 @@ To specify ports, append them to the hostnames with a colon (:).
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** `networkProxy*`\
-**Preferences Affected:** `network.proxy.type`,`network.proxy.autoconfig_url`,`network.proxy.socks_remote_dns`,`signon.autologin.proxy`,`network.proxy.socks_version`,`network.proxy.no_proxies_on`,`network.proxy.share_proxy_settings`,`network.proxy.http`,`network.proxy.http_port`,`network.proxy.ftp`,`network.proxy.ftp_port`,`network.proxy.ssl`,`network.proxy.ssl_port`,`network.proxy.socks`,`network.proxy.socks_port`
+**Preferences Affected:** `network.proxy.type`, `network.proxy.autoconfig_url`, `network.proxy.socks_remote_dns`, `signon.autologin.proxy`, `network.proxy.socks_version`, `network.proxy.no_proxies_on`, `network.proxy.share_proxy_settings`, `network.proxy.http`, `network.proxy.http_port`, `network.proxy.ftp`, `network.proxy.ftp_port`, `network.proxy.ssl`, `network.proxy.ssl_port`, `network.proxy.socks`, `network.proxy.socks_port`
#### Windows (GPO)
```
@@ -4606,7 +4844,7 @@ Previously, these values were always locked. Starting with Firefox 74 and Firefo
**Compatibility:** Firefox 68, Firefox ESR 68 (Locked added in 74/68.6)\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps`
+**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
@@ -4741,7 +4979,7 @@ Clear all data on shutdown, including Browsing & Download History, Cookies, Acti
**Compatibility:** Firefox 60, Firefox ESR 60\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`,`privacy.clearOnShutdown.cache`,`privacy.clearOnShutdown.cookies`,`privacy.clearOnShutdown.downloads`,`privacy.clearOnShutdown.formdata`,`privacy.clearOnShutdown.history`,`privacy.clearOnShutdown.sessions`,`privacy.clearOnShutdown.siteSettings`,`privacy.clearOnShutdown.offlineApps`
+**Preferences Affected:** `privacy.sanitize.sanitizeOnShutdown`, `privacy.clearOnShutdown.cache`, `privacy.clearOnShutdown.cookies`, `privacy.clearOnShutdown.downloads`, `privacy.clearOnShutdown.formdata`, `privacy.clearOnShutdown.history`, `privacy.clearOnShutdown.sessions`, `privacy.clearOnShutdown.siteSettings`, `privacy.clearOnShutdown.offlineApps`
#### Windows (GPO)
```
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
@@ -4790,7 +5028,7 @@ OMA-URI:
Value (string):
```
-
+
```
#### macOS
```
@@ -4811,35 +5049,86 @@ Value (string):
### SearchEngines (This policy is only available on the ESR.)
-### SearchEngines | Default
+### SearchEngines | Add
-Set the default search engine. This policy is only available on the ESR.
+Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required.
-**Compatibility:** Firefox ESR 60\
-**CCK2 Equivalent:** `defaultSearchEngine`\
+`Name` is the name of the search engine.
+
+`URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
+
+`Method` is either GET or POST
+
+`IconURL` is a URL for the icon to use.
+
+`Alias` is a keyword to use for the engine.
+
+`Description` is a description of the search engine.
+
+`PostData` is the POST data as name value pairs separated by &.
+
+`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
+
+`Encoding` is the query charset for the engine. It defaults to UTF-8.
+
+**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\
+**CCK2 Equivalent:** `searchplugins`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
```
Value (string):
```
-
+
+
+
+
+
+
+
+
```
#### macOS
```
SearchEngines
- Default
- NAME_OF_SEARCH_ENGINE
+ Add
+
+
+ Name
+ Example1
+ URLTemplate
+ https://www.example.org/q={searchTerms}
+ Method
+ GET | POST
+ IconURL
+ https://www.example.org/favicon.ico
+ Alias
+ example
+ Description
+ Example Description
+ SuggestURLTemplate
+ https://www.example.org/suggestions/q={searchTerms}
+ PostData
+ name=value&q={searchTerms}
+
+
```
@@ -4848,39 +5137,51 @@ Value (string):
{
"policies": {
"SearchEngines": {
- "Default": "NAME_OF_SEARCH_ENGINE"
+ "Add": [
+ {
+ "Name": "Example1",
+ "URLTemplate": "https://www.example.org/q={searchTerms}",
+ "Method": "GET" | "POST",
+ "IconURL": "https://www.example.org/favicon.ico",
+ "Alias": "example",
+ "Description": "Description",
+ "PostData": "name=value&q={searchTerms}",
+ "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
+ }
+ ]
}
}
}
```
-### SearchEngines | PreventInstalls
+### SearchEngines | Default
-Prevent installing search engines from webpages.
+Set the default search engine. This policy is only available on the ESR.
**Compatibility:** Firefox ESR 60\
-**CCK2 Equivalent:** `disableSearchEngineInstall`\
+**CCK2 Equivalent:** `defaultSearchEngine`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default
```
Value (string):
```
- or
+
+
```
#### macOS
```
SearchEngines
- PreventInstalls
- |
+ Default
+ NAME_OF_SEARCH_ENGINE
```
@@ -4889,42 +5190,39 @@ Value (string):
{
"policies": {
"SearchEngines": {
- "PreventInstalls": true | false
+ "Default": "NAME_OF_SEARCH_ENGINE"
}
}
}
```
-### SearchEngines | Remove
+### SearchEngines | PreventInstalls
-Hide built-in search engines. This policy is only available on the ESR.
+Prevent installing search engines from webpages.
-**Compatibility:** Firefox ESR 60.2\
-**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
+**Compatibility:** Firefox ESR 60\
+**CCK2 Equivalent:** `disableSearchEngineInstall`\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
+Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
```
Value (string):
```
-
-
+ or
```
#### macOS
```
SearchEngines
- Remove
-
- NAME_OF_SEARCH_ENGINE
-
+ PreventInstalls
+ |
```
@@ -4933,89 +5231,42 @@ Value (string):
{
"policies": {
"SearchEngines": {
- "Remove": ["NAME_OF_SEARCH_ENGINE"]
+ "PreventInstalls": true | false
}
}
}
```
-### SearchEngines | Add
-
-Add new search engines (up to five). This policy is only available on the ESR. `Name` and `URLTemplate` are required.
-
-`Name` is the name of the search engine.
-
-`URLTemplate` is the search URL with {searchTerms} to substitute for the search term.
-
-`Method` is either GET or POST
-
-`IconURL` is a URL for the icon to use.
-
-`Alias` is a keyword to use for the engine.
-
-`Description` is a description of the search engine.
-
-`PostData` is the POST data as name value pairs separated by &.
+### SearchEngines | Remove
-`SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term.
+Hide built-in search engines. This policy is only available on the ESR.
-**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68)\
-**CCK2 Equivalent:** `searchplugins`\
+**Compatibility:** Firefox ESR 60.2\
+**CCK2 Equivalent:** `removeDefaultSearchEngines` (removed all built-in engines)\
**Preferences Affected:** N/A
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Name = "Example1"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\URLTemplate = "https://www.example.org/q={searchTerms}"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Method = "GET" | "POST"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\IconURL = "https://www.example.org/favicon.ico"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Alias = "example"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Description"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}"
-Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}"
+Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE
```
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove
```
Value (string):
```
-
-
-
-
-
-
-
-
+
```
#### macOS
```
SearchEngines
- Add
-
-
- Name
- Example1
- URLTemplate
- https://www.example.org/q={searchTerms}
- Method
- GET | POST
- IconURL
- https://www.example.org/favicon.ico
- Alias
- example
- Description
- Example Description
- SuggestURLTemplate
- https://www.example.org/suggestions/q={searchTerms}
- PostData
- name=value&q={searchTerms}
-
+ Remove
+ NAME_OF_SEARCH_ENGINE
+
```
@@ -5024,18 +5275,7 @@ Value (string):
{
"policies": {
"SearchEngines": {
- "Add": [
- {
- "Name": "Example1",
- "URLTemplate": "https://www.example.org/q={searchTerms}",
- "Method": "GET" | "POST",
- "IconURL": "https://www.example.org/favicon.ico",
- "Alias": "example",
- "Description": "Description",
- "PostData": "name=value&q={searchTerms}",
- "SuggestURLTemplate": "https://www.example.org/suggestions/q={searchTerms}"
- }
- ]
+ "Remove": ["NAME_OF_SEARCH_ENGINE"]
}
}
}
@@ -5046,7 +5286,7 @@ Enable search suggestions.
**Compatibility:** Firefox 68, Firefox ESR 68\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.urlbar.suggest.searches`,`browser.search.suggest.enabled`
+**Preferences Affected:** `browser.urlbar.suggest.searches`, `browser.search.suggest.enabled`
#### Windows (GPO)
```
@@ -5291,7 +5531,7 @@ Prevent Firefox from messaging the user in certain situations.
`ExtensionRecommendations` If false, don't recommend extensions while the user is visiting web pages.
-`FeatureRecommendations` IF false, don't recommend browser features.
+`FeatureRecommendations` If false, don't recommend browser features.
`UrlbarInterventions` If false, Don't offer Firefox specific suggestions in the URL bar.
@@ -5299,7 +5539,7 @@ Prevent Firefox from messaging the user in certain situations.
**Compatibility:** Firefox 75, Firefox ESR 68.7\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`,`browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`,`browser.aboutwelcome.enabled`
+**Preferences Affected:** `browser.messaging-system.whatsNewPanel.enabled`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons`, `browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features`, `browser.aboutwelcome.enabled`
#### Windows (GPO)
```
@@ -5312,11 +5552,11 @@ Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0
#### Windows (Intune)
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_WhatsNew
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_ExtensionRecommendations
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_FeatureRecommendations
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_UrlbarInterventions
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_SkipOnboarding
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding
```
Value (string):
```
@@ -5358,6 +5598,10 @@ Value (string):
Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns.
The arrays are limited to 1000 entries each.
+If you want to block all URLs, you can use `` or `*://*/*`. You can't have just a `*` on the right side.
+
+For specific protocols, use `https://*/*` or `http://*/*`.
+
As of Firefox 83 and Firefox ESR 78.5, file URLs are supported.
**Compatibility:** Firefox 60, Firefox ESR 60\
@@ -5376,8 +5620,7 @@ OMA-URI:
```
Value (string):
```
-
-
+
```
OMA-URI:
```
@@ -5416,3 +5659,33 @@ Value (string):
}
}
```
+### WindowsSSO
+Allow Windows single sign-on for Microsoft, work, and school accounts.
+
+If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
+
+**Compatibility:** Firefox 91\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.http.windows-sso.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO
+```
+Value (string):
+```
+ or
+```
+#### policies.json
+```
+{
+ "policies": {
+ "WindowsSSO": true | false
+ }
+}
+```