X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/b0dd5607df0ad991b0e3c5fa53e4041c4a8d2dc5..96e490e624c662ecda65615462d7eb97fa9d8197:/docs/index.md
diff --git a/docs/index.md b/docs/index.md
index a61c45c..e5dfe9a 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,3 +1,6 @@
+> [!WARNING]
+> Documentation for policy behavior and syntax is being migrated to the [Firefox administrator reference](https://firefox-admin-docs.mozilla.org/).
+
Firefox policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution or you can specify system-wide policy by placing the file in `/etc/firefox/policies`.
Unfortunately, JSON files do not support comments, but you can add extra entries to the JSON to use as comments. You will see an error in about:policies, but the policies will still work properly. For example:
@@ -16,6 +19,7 @@ Note: The `policies.json` must use the UTF-8 encoding.
| Policy Name | Description
| --- | --- |
| **[`3rdparty`](#3rdparty)** | Set policies that WebExtensions can access via chrome.storage.managed.
+| **[`AIControls`](#aicontrols)** | Configure AI controls.
| **[`AllowedDomainsForApps`](#alloweddomainsforapps)** | Define domains allowed to access Google Workspace.
| **[`AllowFileSelectionDialogs`](#allowfileselectiondialogs)** | Allow file selection dialogs.
| **[`AppAutoUpdate`](#appautoupdate)** | Enable or disable automatic application update.
@@ -87,6 +91,7 @@ Note: The `policies.json` must use the UTF-8 encoding.
| **[`HttpAllowlist`](#httpallowlist)** | Configure origins that will not be upgraded to HTTPS.
| **[`HttpsOnlyMode`](#httpsonlymode)** | Configure HTTPS-Only Mode.
| **[`InstallAddonsPermission`](#installaddonspermission)** | Configure the default extension install policy as well as origins for extension installs are allowed.
+| **[`IPProtectionAvailable`](#ipprotectionavailable)** | Prevent the built-in VPN from being available to users.
| **[`LegacyProfiles`](#legacyprofiles)** | Disable the feature enforcing a separate profile for each installation.
| **[`LegacySameSiteCookieBehaviorEnabled`](#legacysamesitecookiebehaviorenabled)** | Enable default legacy SameSite cookie behavior setting.
| **[`LegacySameSiteCookieBehaviorEnabledForDomainList`](#legacysamesitecookiebehaviorenabledfordomainlist)** | Revert to legacy SameSite behavior for cookies on specified sites.
@@ -194,6 +199,262 @@ For GPO and Intune, the extension developer should provide an ADMX file.
}
```
+### AIControls
+Configure AI controls.
+For more information, see [Block generative AI features with Firefox AI controls](https://support.mozilla.org/en-US/kb/firefox-ai-controls) on support.mozilla.org.
+
+Each key controls the availability of a specific AI feature. The following AI feature keys are available:
+
+- `Default`: Controls the default state for AI features listed below, unless they are explicitly configured in the policy.
+- `Translations`: Controls AI-powered page translations.
+- `PDFAltText`: Controls AI-generated alt text for images in PDF documents.
+- `SmartTabGroups`: Controls AI-powered tab grouping suggestions.
+- `LinkPreviewKeyPoints`: Controls AI-generated key point summaries shown in link previews.
+- `SidebarChatbot`: Controls the AI chatbot panel in the Firefox sidebar.
+- `SmartWindow`: Controls AI-powered window arrangement features. (Firefox 150)
+
+All keys accept the following sub-keys:
+
+- `Value`:
+ - `available` makes the feature accessible to users and it can be enabled or disabled.
+ - `blocked` disables the feature and users won't see it. For on-device AI, any models already downloaded are removed.
+- `Locked`: if `true`, the user cannot change the setting.
+
+**Compatibility:** Firefox 149.0.2 (SmartWindow: Firefox 150)\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.ml.chat.enabled`, `browser.ml.chat.page`, `browser.ai.control.sidebarChatbot`, `browser.translations.enable`, `browser.ai.control.translations`, `pdfjs.enableAltText`, `browser.ai.control.pdfjsAltText`, `browser.ml.linkPreview.enabled`, `browser.ai.control.linkPreviewKeyPoints`, `browser.tabs.groups.smart.userEnabled`, `browser.ai.control.smartTabGroups`, `browser.ai.control.smartWindow`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\AIControls\Default\Value = "available" | "blocked"
+Software\Policies\Mozilla\Firefox\AIControls\Default\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AIControls\Translations\Value = "available" | "blocked"
+Software\Policies\Mozilla\Firefox\AIControls\Translations\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AIControls\PDFAltText\Value = "available" | "blocked"
+Software\Policies\Mozilla\Firefox\AIControls\PDFAltText\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AIControls\SmartTabGroups\Value = "available" | "blocked"
+Software\Policies\Mozilla\Firefox\AIControls\SmartTabGroups\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AIControls\LinkPreviewKeyPoints\Value = "available" | "blocked"
+Software\Policies\Mozilla\Firefox\AIControls\LinkPreviewKeyPoints\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AIControls\SidebarChatbot\Value = "available" | "blocked"
+Software\Policies\Mozilla\Firefox\AIControls\SidebarChatbot\Locked = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\AIControls\SmartWindow\Value = "available" | "blocked"
+Software\Policies\Mozilla\Firefox\AIControls\SmartWindow\Locked = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~Default/Default_Value
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~Default/Default_Locked
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~Translations/Translations_Value
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~Translations/Translations_Locked
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~PDFAltText/PDFAltText_Value
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~PDFAltText/PDFAltText_Locked
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~SmartTabGroups/SmartTabGroups_Value
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~SmartTabGroups/SmartTabGroups_Locked
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~LinkPreviewKeyPoints/LinkPreviewKeyPoints_Value
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~LinkPreviewKeyPoints/LinkPreviewKeyPoints_Locked
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~SidebarChatbot/SidebarChatbot_Value
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~SidebarChatbot/SidebarChatbot_Locked
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~SmartWindow/SmartWindow_Value
+```
+Value (string):
+```
+
+
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~AIControls~SmartWindow/SmartWindow_Locked
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ AIControls
+
+ Default
+
+ Value
+ available | blocked
+ Locked
+ |
+
+ Translations
+
+ Value
+ available | blocked
+ Locked
+ |
+
+ PDFAltText
+
+ Value
+ available | blocked
+ Locked
+ |
+
+ SmartTabGroups
+
+ Value
+ available | blocked
+ Locked
+ |
+
+ LinkPreviewKeyPoints
+
+ Value
+ available | blocked
+ Locked
+ |
+
+ SidebarChatbot
+
+ Value
+ available | blocked
+ Locked
+ |
+
+ SmartWindow
+
+ Value
+ available | blocked
+ Locked
+ |
+
+
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "AIControls": {
+ "Default": {
+ "Value": "available" | "blocked",
+ "Locked": true | false
+ },
+ "Translations": {
+ "Value": "available" | "blocked",
+ "Locked": true | false
+ },
+ "PDFAltText": {
+ "Value": "available" | "blocked",
+ "Locked": true | false
+ },
+ "SmartTabGroups": {
+ "Value": "available" | "blocked",
+ "Locked": true | false
+ },
+ "LinkPreviewKeyPoints": {
+ "Value": "available" | "blocked",
+ "Locked": true | false
+ },
+ "SidebarChatbot": {
+ "Value": "available" | "blocked",
+ "Locked": true | false
+ },
+ "SmartWindow": {
+ "Value": "available" | "blocked",
+ "Locked": true | false
+ }
+ }
+ }
+}
+```
### AllowedDomainsForApps
Define domains allowed to access Google Workspace.
@@ -1581,7 +1842,7 @@ Value (string):
"IsPerUser": true | false,
"PipePathName": "pipe_custom_name",
"ShowBlockedResult": true | false,
- "TimeoutResult": 0 | 1 | 2,
+ "TimeoutResult": 0 | 1 | 2
}
}
}
@@ -1722,7 +1983,7 @@ Value (string):
"Block": ["http://example.edu/"],
"Locked": true | false,
"Behavior": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
- "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign",
+ "BehaviorPrivateBrowsing": "accept" | "reject-foreign" | "reject" | "limit-foreign" | "reject-tracker" | "reject-tracker-and-partition-foreign"
}
}
}
@@ -1913,7 +2174,7 @@ Value (string):
{
"policies": {
"DisabledCiphers": {
- "CIPHER_NAME": true | false,
+ "CIPHER_NAME": true | false
}
}
}
@@ -2894,7 +3155,7 @@ Value (string):
"ProviderURL": "URL_TO_ALTERNATE_PROVIDER",
"Locked": true | false,
"ExcludedDomains": ["example.com"],
- "Fallback": true | false,
+ "Fallback": true | false
}
}
}
@@ -2999,7 +3260,7 @@ If `SuspectedFingerprinting` is set to true, Firefox reduces the amount of infor
`Exceptions` are origins for which tracking protection is not enabled.
-`Category` can be either ```strict``` or ```standard```. If category is set, it overrides all other settings except `Exceptions` and the user cannot change the category. (Firefox 142, Firefox ESR 140.2)
+`Category` can be either ```strict``` or ```standard```. If category is set, it overrides all other settings except `Exceptions`, `BaselineExceptions` and `ConvenienceExceptions`, and the user cannot change the category. (Firefox 142, Firefox ESR 140.2)
IF `BaselineExceptions` is true, Firefox will automatically apply exceptions required to avoid major website breakage. (Firefox 145)
@@ -4333,6 +4594,40 @@ Value (string):
}
}
```
+### IPProtectionAvailable
+Prevent the built-in VPN from being available to users.
+
+**Compatibility:** Firefox 149.0.2\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `browser.ipProtection.enabled`
+
+#### Windows (GPO)
+```
+Software\Policies\Mozilla\Firefox\IPProtectionAvailable = = 0x1 | 0x0
+```
+#### Windows (Intune)
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/IPProtectionAvailable
+```
+Value (string):
+```
+ or
+```
+#### macOS
+```
+
+ IPProtectionAvailable
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "IPProtectionAvailable": true | false
+}
+```
### LegacyProfiles
Disable the feature enforcing a separate profile for each installation.