X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/8cb45e9bf6f5ed3c4de3f38a1d88d8942a4dcc95..013ab3b2329be9137419d2c15c4c39fcce1d51ba:/README.md diff --git a/README.md b/README.md index 14c4f4d..bd3f58a 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,8 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update. | **[`AppUpdateURL`](#appupdateurl)** | Change the URL for application update. | **[`Authentication`](#authentication)** | Configure sites that support integrated authentication. -| **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable automatic application update in the background, when the application is not running. +| **[`AutoLaunchProtocolsFromOrigins`](#autolaunchprotocolsfromorigins)** | Define a list of external protocols that can be used from listed origins without prompting the user. +| **[`BackgroundAppUpdate`](#backgroundappupdate)** | Enable or disable the background updater (Windows only). | **[`BlockAboutAddons`](#blockaboutaddons)** | Block access to the Add-ons Manager (about:addons). | **[`BlockAboutConfig`](#blockaboutconfig)** | Block access to about:config. | **[`BlockAboutProfiles`](#blockaboutprofiles)** | Block access to About Profiles (about:profiles). @@ -101,6 +102,7 @@ Policies can be specified using the [Group Policy templates on Windows](https:// | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. | **[`UserMessaging`](#usermessaging)** | Don't show certain messages to the user. | **[`WebsiteFilter`](#websitefilter)** | Block websites from being visited. +| **[`WindowsSSO`](#windowssso)** | Allow Windows single sign-on for Microsoft, work, and school accounts. ### 3rdparty @@ -370,6 +372,98 @@ Value (string): } } ``` +### AutoLaunchProtocolsFromOrigins +Define a list of external protocols that can be used from listed origins without prompting the user. + +The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify an asterisk for all origins. + +The schema is: +``` +{ + "items": { + "properties": { + "allowed_origins": { + "items": { + "type": "string" + }, + "type": "array" + }, + "protocol": { + "type": "string" + } + }, + "required": [ + "protocol", + "allowed_origins" + ], + "type": "object" + }, + "type": "array" +} +``` +**Compatibility:** Firefox 90, Firefox ESR 78.12\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +Software\Policies\Mozilla\Firefox\AutoLaunchProtocolsFromOrigins (REG_MULTI_SZ) = +``` +[ + { + "protocol": "zoommtg", + "allowed_origins": [ + "https://somesite.zoom.us" + ] + } +] +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AutoLaunchProtocolsFromOrigins +``` +Value (string): +``` + + +``` +#### macOS +``` + + AutoLaunchProtocolsFromOrigins + + + protocol + zoommtg + allowed_origins + + https://somesite.zoom.us + + + + +``` +#### policies.json +``` +{ + "policies": { + "AutoLaunchProtocolsFromOrigins": [{ + "protocol": "zoommtg", + "allowed_origins": [ + "https://somesite.zoom.us" + ] + }] + } +} +``` ### BackgroundAppUpdate Enable or disable **automatic** application update **in the background**, when the application is not running. @@ -378,9 +472,9 @@ If set to true, application updates may be installed (without user approval) in If set to false, the application will not try to install updates when the application is not running. -If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppUpdateAuto`, this policy has no effect. +If you have disabled updates via `DisableAppUpdate` or disabled automatic updates via `AppAutoUpdate`, this policy has no effect. -**Compatibility:** Firefox 90\ +**Compatibility:** Firefox 90 (Windows only)\ **CCK2 Equivalent:** N/A\ **Preferences Affected:** `app.update.background.enabled` @@ -3196,7 +3290,7 @@ Value (string): toplevel_name - My managed bookmarks folder + My managed bookmarks folder url example.com @@ -3644,7 +3738,7 @@ Value (string): ``` { "policies": { - "PSFjs": { + "PDFjs": { "Enabled": true | false, "EnablePermissions": true | false } @@ -4790,7 +4884,7 @@ OMA-URI: Value (string): ``` - + ``` #### macOS ``` @@ -4958,7 +5052,9 @@ Add new search engines (up to five). This policy is only available on the ESR. ` `SuggestURLTemplate` is a search suggestions URL with {searchTerms} to substitute for the search term. -**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68)\ +`Encoding` is the query charset for the engine. It defaults to UTF-8. + +**Compatibility:** Firefox ESR 60 (POST support in Firefox ESR 68, Encoding support in Firefox 91)\ **CCK2 Equivalent:** `searchplugins`\ **Preferences Affected:** N/A @@ -5312,11 +5408,11 @@ Software\Policies\Mozilla\Firefox\UserMessaging\SkipOnboarding = 0x1 | 0x0 #### Windows (Intune) OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_WhatsNew -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_ExtensionRecommendations -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_FeatureRecommendations -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_UrlbarInterventions -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_SkipOnboarding +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_WhatsNew +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_ExtensionRecommendations +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_FeatureRecommendations +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_UrlbarInterventions +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~UserMessaging/UserMessaging_SkipOnboarding ``` Value (string): ``` @@ -5358,6 +5454,10 @@ Value (string): Block websites from being visited. The parameters take an array of Match Patterns, as documented in https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Match_patterns. The arrays are limited to 1000 entries each. +If you want to block all URLs, you can use `` or `*://*/*`. You can't have just a `*` on the right side. + +For specific protocols, use `https://*/*` or `http://*/*`. + As of Firefox 83 and Firefox ESR 78.5, file URLs are supported. **Compatibility:** Firefox 60, Firefox ESR 60\ @@ -5376,8 +5476,7 @@ OMA-URI: ``` Value (string): ``` - - + ``` OMA-URI: ``` @@ -5416,3 +5515,33 @@ Value (string): } } ``` +### WindowsSSO +Allow Windows single sign-on for Microsoft, work, and school accounts. + +If this policy is set to true, Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts. + +**Compatibility:** Firefox 91\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** network.http.windows-sso.enabled + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\WindowsSSO = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO +``` +Value (string): +``` + or +``` +#### policies.json +``` +{ + "policies": { + "WindowsSSO": true | false + } +} +```