X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/acb013adb67c0e801cbd0b65ec5de6fd03b1969f..a55a57c7b6748276b477861958b7a028ed9e3ab2:/README.md?ds=inline
diff --git a/README.md b/README.md
index 9d3fe82..efde516 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,19 @@
Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
+Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
+
+```
+{
+ "policies": {
+ "Authentication": {
+ "SPNEGO": ["mydomain.com", "https://myotherdomain.com"]
+ }
+ "Authentication_Comment": "These domains are required for us"
+ }
+}
+```
+
| Policy Name | Description
| --- | --- |
| **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
@@ -47,7 +60,9 @@ Policies can be specified using the [Group Policy templates on Windows](https://
| **[`DisableSetDesktopBackground`](#disablesetdesktopbackground)** | Remove the "Set As Desktop Background..." menuitem when right clicking on an image.
| **[`DisableSystemAddonUpdate`](#disablesystemaddonupdate)** | Prevent system add-ons from being installed or updated.
| **[`DisableTelemetry`](#disabletelemetry)** | DisableTelemetry
+| **[`DisableThirdPartyModuleBlocking`](#disablethirdpartymoduleblocking)** | Do not allow blocking third-party modules.
| **[`DisplayBookmarksToolbar`](#displaybookmarkstoolbar)** | Set the initial state of the bookmarks toolbar.
+| **[`DisplayBookmarksToolbar (Deprecated)`](#displaybookmarkstoolbar-deprecated)** | Set the initial state of the bookmarks toolbar.
| **[`DisplayMenuBar`](#displaymenubar)** | Set the state of the menubar.
| **[`DisplayMenuBar (Deprecated)`](#displaymenubar-deprecated)** | Set the initial state of the menubar.
| **[`DNSOverHTTPS`](#dnsoverhttps)** | Configure DNS over HTTPS.
@@ -1209,6 +1224,7 @@ Value (string):
{
"policies": {
"DefaultDownloadDirectory": "${home}/Downloads"
+ }
}
```
#### policies.json (Windows)
@@ -1216,6 +1232,7 @@ Value (string):
{
"policies": {
"DefaultDownloadDirectory": "${home}\\Downloads"
+ }
}
```
### DisableAppUpdate
@@ -2049,7 +2066,71 @@ Value (string):
}
}
```
+### DisableThirdPartyModuleBlocking
+Do not allow blocking third-party modules from the `about:third-party` page.
+
+This policy only works on Windows through GPO (not policies.json).
+
+**Compatibility:** Firefox 110 (Windows only, GPO only)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableThirdPartyModuleBlocking
+```
+Value (string):
+```
+ or
+```
### DisplayBookmarksToolbar
+Set the initial state of the bookmarks toolbar. A user can still change how it is displayed.
+
+`always` means the bookmarks toolbar is always shown.
+
+`never` means the bookmarks toolbar is not shown.
+
+`newtab` means the bookmarks toolbar is only shown on the new tab page.
+
+**Compatibility:** Firefox 109, Firefox ESR 102.7\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** N/A
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = "always", "never", "newtab"
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar_Enum
+```
+Value (string):
+```
+
+
+```
+#### macOS
+```
+
+ DisplayBookmarksToolbar
+ always | never | newtab
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "DisplayBookmarksToolbar": "always" | "never" | "newtab"
+ }
+}
+```
+### DisplayBookmarksToolbar (Deprecated)
Set the initial state of the bookmarks toolbar. A user can still hide it and it will stay hidden.
**Compatibility:** Firefox 60, Firefox ESR 60\
@@ -2334,6 +2415,8 @@ If `Cryptomining` is set to true, cryptomining scripts on websites are blocked.
If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked.
+If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112)
+
`Exceptions` are origins for which tracking protection is not enabled.
**Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5)\
@@ -2379,6 +2462,7 @@ OMA-URI:
```
Value (string):
```
+
```
OMA-URI:
@@ -4511,6 +4595,7 @@ spellchecker. (Firefox 84, Firefox ESR 78.6)
toolkit.legacyUserProfileCustomizations.stylesheets (Firefox 95, Firefox ESR 91.4)
ui.
widget.
+xpinstall.signatures.required (Firefox ESR 102.10, Firefox ESR only)
```
as well as the following security preferences:
| Preference | Type | Default
@@ -4521,12 +4606,16 @@ as well as the following security preferences:
| If set to true, adds the words "Not Secure" for insecure sites.
| security.insecure_connection_text.pbmode.enabled | bool | false
| If set to true, adds the words "Not Secure" for insecure sites in private browsing.
-| security.insecure_field_warning.contextual.enabled | bool | true
-| If set to false, remove the warning for inscure login fields.
| security.mixed_content.block_active_content | boolean | true
| If false, mixed active content (HTTP and HTTPS) is not blocked.
| security.osclientcerts.autoload | boolean | false
| If true, client certificates are loaded from the operating system certificate store.
+| security.OCSP.enabled | integer | 1
+| If 0, do not fetch OCSP. If 1, fetch OCSP for DV and EV certificates. If 2, fetch OCSP only for EV certificates
+| security.OCSP.require | boolean | false
+| If true, if an OCSP request times out, the connection fails.
+| security.ssl.enable_ocsp_stapling | boolean | true
+| If false, OCSP stapling is not enabled.
| security.ssl.errorReporting.enabled | boolean | true
| If false, SSL errors cannot be sent to Mozilla.
| security.tls.enable_0rtt_data | boolean | true
@@ -4888,6 +4977,8 @@ Value (string):
Configure proxy settings. These settings correspond to the connection settings in Firefox preferences.
To specify ports, append them to the hostnames with a colon (:).
+Unless you lock this policy, changes the user already has in place will take effect.
+
`Mode` is the proxy method being used.
`Locked` is whether or not proxy settings can be changed.
@@ -4932,8 +5023,98 @@ Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
```
#### Windows (Intune)
+**Note**
+These setttings were moved to a category to make them easier to configure via Intune.
+
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Locked
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_ConnectionType
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_HTTPProxy
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseHTTPProxyForAllProtocols
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SSLProxy
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_SOCKSProxy
+```
+Value (string):
+```
+
+
+
+```
OMA-URI:
```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoConfigURL
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_Passthrough
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_AutoLogin
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ProxySettings/Proxy_UseProxyForDNS
+```
+Value (string):
+```
+ or
+```
+OMA-URI (Old way):
+```
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
```
Value (string):
@@ -4941,11 +5122,11 @@ Value (string):
-
+
-
-
-
+
+
+
@@ -5728,7 +5909,7 @@ Value (string):
-