X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/cbf8658aa7fce2da28a638b6dfba5c9f0841dce1..bdc6d506be711b6cd24f417ce99c5cccd688121d:/README.md?ds=sidebyside diff --git a/README.md b/README.md index 4810f5c..e8f1148 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ **These policies are in active development and so might contain changes that do not work with current versions of Firefox.** -**You should use the officially released versions (https://github.com/mozilla/policy-templates/releases) if you are deploying changes.** +**You should use the [officially released versions](https://github.com/mozilla/policy-templates/releases) if you are deploying changes.** -Policies can be specified using the Group Policy templates on Windows (https://github.com/mozilla/policy-templates/tree/master/windows), configuration profiles on macOS (https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution. +Policies can be specified using the [Group Policy templates on Windows](https://github.com/mozilla/policy-templates/tree/master/windows), [Intune on Windows](https://support.mozilla.org/kb/managing-firefox-intune), [configuration profiles on macOS](https://github.com/mozilla/policy-templates/tree/master/mac), or by creating a file called `policies.json`. On Windows, create a directory called `distribution` where the EXE is located and place the file there. On Mac, the file goes into `Firefox.app/Contents/Resources/distribution`. On Linux, the file goes into `firefox/distribution`, where `firefox` is the installation directory for firefox, which varies by distribution. | Policy Name | Description | --- | --- | @@ -23,6 +23,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality. | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates. | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer. +| **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers. | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only). | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools. | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites. @@ -31,9 +32,9 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DisableFirefoxStudies`](#disablefirefoxstudies)** | Disable Firefox studies (Shield). | **[`DisableForgetButton`](#disableforgetbutton)** | Disable the "Forget" button. | **[`DisableFormHistory`](#disableformhistory)** | Turn off saving information on web forms and the search bar. +| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins. | **[`DisablePocket`](#disablepocket)** | Remove Pocket in the Firefox UI. | **[`DisablePrivateBrowsing`](#disableprivatebrowsing)** | Remove access to private browsing. -| **[`DisablePasswordReveal`](#disablepasswordreveal)** | Do not allow passwords to be revealed in saved logins. | **[`DisableProfileImport`](#disableprofileimport)** | Disables the "Import data from another browser" option in the bookmarks window. | **[`DisableProfileRefresh`](#disableprofilerefresh)** | Disable the Refresh Firefox button on about:support and support.mozilla.org | **[`DisableSafeMode`](#disablesafemode)** | Disable safe mode within the browser. @@ -48,6 +49,7 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`DefaultDownloadDirectory`](#defaultdownloaddirectory)** | Set the default download directory. | **[`DownloadDirectory`](#downloaddirectory)** | Set and lock the download directory. | **[`EnableTrackingProtection`](#enabletrackingprotection)** | Configure tracking protection. +| **[`EncryptedMediaExtensions`](#encryptedmediaextensions)** | Enable or disable Encrypted Media Extensions and optionally lock it. | **[`EnterprisePoliciesEnabled`](#enterprisepoliciesenabled)** | Enable policy support on macOS. | **[`Extensions`](#extensions)** | Control the installation, uninstallation and locking of extensions. | **[`ExtensionSettings`](#extensionsettings)** | Manage all aspects of extensions. @@ -81,8 +83,8 @@ Policies can be specified using the Group Policy templates on Windows (https://g | **[`SearchEngines -> PreventInstalls`](#searchengines--preventinstalls)** | Prevent installing search engines from webpages. | **[`SearchEngines -> Remove`](#searchengines--remove)** | Hide built-in search engines. | **[`SearchEngines -> Add`](#searchengines--add)** | Add new search engines. -| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules. | **[`SearchSuggestEnabled`](#searchsuggestenabled)** | Enable search suggestions. +| **[`SecurityDevices`](#securitydevices)** | Install PKCS #11 modules. | **[`SSLVersionMax`](#sslversionmax)** | Set and lock the maximum version of TLS. | **[`SSLVersionMin`](#sslversionmin)** | Set and lock the minimum version of TLS. | **[`SupportMenu`](#supportmenu)** | Add a menuitem to the help menu for specifying support information. @@ -107,6 +109,15 @@ If you have disabled updates via DisableAppUpdate, this policy has no effect. ``` Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate +``` +Value (string): +``` + or +``` #### macOS ``` @@ -134,6 +145,16 @@ Change the URL for application update. ``` Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL +``` +Value (string): +``` + + +``` #### macOS ``` @@ -155,9 +176,11 @@ Configure sites that support integrated authentication. See https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication for more information. -**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3)\ +`PrivateBrowsing` enables integrated authentication in prviate browsing. + +**Compatibility:** Firefox 60, Firefox ESR 60 (AllowNonFQDN added in 62/60.2, AllowProxies added in 70/68.2, Locked added in 71/68.3, PrivateBrowsing added in 77/68.9)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies` +**Preferences Affected:** `network.negotiate-auth.trusted-uris`,`network.negotiate-auth.delegation-uris`,`network.automatic-ntlm-auth.trusted-uris`,`network.automatic-ntlm-auth.allow-non-fqdn`,`network.negotiate-auth.allow-non-fqdn`,`network.automatic-ntlm-auth.allow-proxies`,`network.negotiate-auth.allow-proxies`,`network.auth.private-browsing-sso` #### Windows (GPO) ``` @@ -172,6 +195,7 @@ Software\Policies\Mozilla\Firefox\Authentication\AllowNonFQDN\NTLM = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\SPNEGO = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\Authentication\PrivateBrowsing = 0x1 | 0x0 ``` #### Windows (Intune) OMA-URI: @@ -181,7 +205,6 @@ OMA-URI: Value (string): ``` - ``` OMA-URI: @@ -191,7 +214,6 @@ OMA-URI: Value (string): ``` - ``` OMA-URI: @@ -201,29 +223,33 @@ OMA-URI: Value (string): ``` - ``` -```OMA-URI: +OMA-URI: ``` ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN ``` Value (string): ``` - ``` OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Locked ``` Value (string): ``` - - - + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_PrivateBrowsing +``` +Value (string): +``` + or ``` #### macOS ``` @@ -261,6 +287,8 @@ Value (string): Locked | + PrivateBrowsing + | ``` @@ -280,7 +308,8 @@ Value (string): "SPNEGO": true | false, "NTLM": true | false }, - "Locked": true | false + "Locked": true | false, + "PrivateBrowsing": true | false } } } @@ -304,7 +333,7 @@ OMA-URI: ``` Value (string): ``` - + or ``` #### macOS ``` @@ -340,7 +369,7 @@ OMA-URI: ``` Value (string): ``` - + or ``` #### macOS ``` @@ -376,7 +405,7 @@ OMA-URI: ``` Value (string): ``` - + or ``` #### macOS ``` @@ -412,7 +441,7 @@ OMA-URI: ``` Value (string): ``` - + or ``` #### macOS ``` @@ -445,6 +474,20 @@ Software\Policies\Mozilla\Firefox\Bookmarks\1\Favicon = "https://example.com/fav Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu" Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01 +``` +Value (string): +``` + + + + + + +``` #### macOS ``` @@ -492,6 +535,15 @@ Enable or disable the detection of captive portals. ``` Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal +``` +Value (string): +``` + or +``` #### macOS ``` @@ -523,6 +575,15 @@ See https://support.mozilla.org/kb/setting-certificate-authorities-firefox for m ``` Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots +``` +Value (string): +``` + or +``` #### macOS ``` @@ -575,6 +636,16 @@ Binary (DER) and ASCII (PEM) certificates are both supported. Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der" Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install +``` +Value (string): +``` + + +``` #### macOS ``` @@ -624,11 +695,71 @@ Configure cookie preferences. Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com" Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org" Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0 -Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" |"from-visited" +Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited" Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked +``` +Value (string): +``` + or +``` #### macOS ``` @@ -682,7 +813,15 @@ Remove the "Set As Desktop Background..." menuitem when right clicking on an ima ``` Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground +``` +Value (string): +``` + or +``` #### macOS ``` @@ -709,7 +848,15 @@ Remove the master password functionality. ``` Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation +``` +Value (string): +``` + or +``` #### macOS ``` @@ -736,6 +883,15 @@ Turn off application updates. ``` Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate +``` +Value (string): +``` + or +``` #### macOS ``` @@ -762,7 +918,15 @@ Disable the built in PDF viewer. PDF files are downloaded and sent externally. ``` Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer +``` +Value (string): +``` + or +``` #### macOS ``` @@ -778,6 +942,86 @@ Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0 } } ``` +### DisabledCiphers +Disable specific cryptographic ciphers. + +**Compatibility:** Firefox 76, Firefox ESR 68.8\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_128_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_DHE_RSA_WITH_AES_256_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_128_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_AES_256_CBC_SHA +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DisabledCiphers/DisabledCiphers_TLS_RSA_WITH_3DES_EDE_CBC_SHA +``` +Value (string): +``` + or +``` +#### macOS +``` + + DisabledCiphers + + TLS_DHE_RSA_WITH_AES_128_CBC_SHA + | + TLS_DHE_RSA_WITH_AES_256_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + | + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + | + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + | + TLS_RSA_WITH_AES_128_CBC_SHA + | + TLS_RSA_WITH_AES_256_CBC_SHA + | + TLS_RSA_WITH_3DES_EDE_CBC_SHA + | + + +``` +#### policies.json +``` +{ + "policies": { + "DisabledCiphers" { + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false, + "TLS_RSA_WITH_AES_128_CBC_SHA": true | false, + "TLS_RSA_WITH_AES_256_CBC_SHA": true | false, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false + } + } +} +``` ### DisableDefaultBrowserAgent Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent. @@ -789,7 +1033,15 @@ Prevent the default browser agent from taking any actions. Only applicable to Wi ``` Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent +``` +Value (string): +``` + or +``` #### policies.json ``` { @@ -809,7 +1061,15 @@ Remove access to all developer tools. ``` Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0` ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools +``` +Value (string): +``` + or +``` #### macOS ``` @@ -836,6 +1096,15 @@ Disable the menus for reporting sites (Submit Feedback, Report Deceptive Site). ``` Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands +``` +Value (string): +``` + or +``` #### macOS ``` @@ -862,6 +1131,15 @@ Remove access to Firefox Screenshots. ``` Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots +``` +Value (string): +``` + or +``` #### macOS ``` @@ -888,6 +1166,15 @@ Disable Firefox Accounts integration (Sync). ``` Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts +``` +Value (string): +``` + or +``` #### macOS ``` @@ -914,6 +1201,15 @@ Disable Firefox studies (Shield). ``` Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies +``` +Value (string): +``` + or +``` #### macOS ``` @@ -940,6 +1236,15 @@ Disable the "Forget" button. ``` Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton +``` +Value (string): +``` + or +``` #### macOS ``` @@ -966,6 +1271,15 @@ Turn off saving information on web forms and the search bar. ``` Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory +``` +Value (string): +``` + or +``` #### macOS ``` @@ -992,7 +1306,15 @@ Do not allow passwords to be shown in saved logins ``` Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0 ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1019,7 +1341,16 @@ Remove Pocket in the Firefox UI. It does not remove it from the new tab page. ``` Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0 ``` -#### macOS +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket +``` +Value (string): +``` + or +``` +#### macOS ``` DisablePocket @@ -1045,6 +1376,15 @@ Remove access to private browsing. ``` Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1071,6 +1411,15 @@ Disables the "Import data from another browser" option in the bookmarks window. ``` Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1097,6 +1446,15 @@ Disable the Refresh Firefox button on about:support and support.mozilla.org, as ``` Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1125,6 +1483,15 @@ On Windows, this disables safe mode via the command line as well. ``` Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1156,6 +1523,24 @@ Prevent the user from bypassing security in certain cases. Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing +``` +Value (string): +``` + or +``` + #### macOS ``` @@ -1187,7 +1572,17 @@ Prevent system add-ons from being installed or update. **Preferences Affected:** N/A #### Windows (GPO) -```Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0 +``` +Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate +``` +Value (string): +``` + or ``` #### macOS ``` @@ -1217,6 +1612,15 @@ Mozilla recommends that you do not disable telemetry. Information collected thro ``` Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1243,6 +1647,15 @@ Set the initial state of the bookmarks toolbar. A user can still hide it and it ``` Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1303,6 +1716,16 @@ Set the state of the menubar. ``` Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1340,6 +1763,41 @@ Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ProviderURL = "URL_TO_ALTERNATE_P Software\Policies\Mozilla\Firefox\DNSOverHTTPS\Locked = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\DNSOverHTTPS\ExcludedDomains\1 = "example.com" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Enabled +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ProviderURL +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~DNSOverHTTPS/DNSOverHTTPS_ExcludedDomains +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1382,6 +1840,15 @@ Don't check if Firefox is the default browser at startup. ``` Software\Policies\Mozilla\Firefox\DontCheckDefaultBrowser = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DontCheckDefaultBrowser +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1410,6 +1877,16 @@ You can use ${home} for the native home directory. ``` Software\Policies\Mozilla\Firefox\DefaultDownloadDirectory = "${home}\Downloads" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DefaultDownloadDirectory +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1444,6 +1921,16 @@ You can use ${home} for the native home directory. ``` Software\Policies\Mozilla\Firefox\DownloadDirectory = "${home}\Downloads" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DownloadDirectory +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1492,6 +1979,19 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Cryptomining = 0x1 | Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TrackingProtection +``` +Value (string): +``` + + + + + +``` #### macOS ``` @@ -1525,6 +2025,54 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https } } ``` +### EncryptedMediaExtensions +Enable or disable Encrypted Media Extensions and optionally lock it. + +If `Enabled` is set to false, encrypted media extensions (like Widevine) are not downloaded by Firefox unless the user consents to installing them. + +If `Locked` is set to true and `Enabled` is set to false, Firefox will not download encrypted media extensions (like Widevine) or ask the user to install them. + +**Compatibility:** Firefox 77, Firefox ESR 68.9\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `media.eme.enabled` + +#### Windows (GPO) +``` +Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Enabled = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EncryptedMediaExtensions\Locked = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Enabled +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~EncryptedMediaExtensions/EncryptedMediaExtensions_Locked +``` +Value (string): +``` +or +``` +#### macOS +``` + + EncryptedMediaExtensions + + Enabled + | + + | + + +``` +#### policies.json +``` +{ + "policies": { + "EncryptedMediaExtensions": { + "Enabled": [true, false], + "Locked": [true, false] + } +} +``` ### EnterprisePoliciesEnabled Enable policy support on macOS. @@ -1633,6 +2181,26 @@ Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = } } ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings +``` +Value (string): +``` + + +``` #### macOS ``` @@ -1693,6 +2261,15 @@ Control extension updates. ``` Software\Policies\Mozilla\Firefox\ExtensionUpdate = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/ExtensionUpdate +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1730,6 +2307,32 @@ Software\Policies\Mozilla\Firefox\FlashPlugin\Block\1 = "https://example.edu" Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1779,6 +2382,21 @@ Software\Policies\Mozilla\Firefox\FirefoxHome\Pocket = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\FirefoxHome\Snippets = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\FirefoxHome\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CustomizeFirefoxHome +``` +Value (string): +``` + + + + + + + +``` #### macOS ``` @@ -1825,6 +2443,15 @@ Control hardware acceleration. ``` Software\Policies\Mozilla\Firefox\HardwareAcceleration = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/HardwareAcceleration +``` +Value (string): +``` + or +``` #### macOS ``` @@ -1945,6 +2572,24 @@ Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\1 = "https://exa Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu" Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default +``` +Value (string): +``` + +``` #### macOS ``` @@ -1989,6 +2634,15 @@ This policy only work on Windows via GPO (not policies.json). ``` Software\Policies\Mozilla\Firefox\LegacyProfiles = = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LegacyProfiles +``` +Value (string): +``` + or +``` ### LocalFileLinks Enable linking to local files by origin. @@ -2001,6 +2655,16 @@ Enable linking to local files by origin. Software\Policies\Mozilla\Firefox\LocalFileLinks\1 = "https://example.org" Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/LocalFileLinks +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2020,23 +2684,30 @@ Software\Policies\Mozilla\Firefox\LocalFileLinks\2 = "https://example.edu" } } ``` -### NoDefaultBookmarks -Disable the creation of default bookmarks. - -This policy is only effective if the user profile has not been created yet. +### NetworkPrediction +Enable or disable network prediction (DNS prefetching). -**Compatibility:** Firefox 60, Firefox ESR 60\ -**CCK2 Equivalent:** `removeDefaultBookmarks`\ -**Preferences Affected:** N/A +**Compatibility:** Firefox 67, Firefox ESR 60.7\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NetworkPrediction +``` +Value (string): +``` + or ``` #### macOS ``` - NoDefaultBookmarks + NetworkPrediction | ``` @@ -2044,25 +2715,33 @@ Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 ``` { "policies": { - "NoDefaultBookmarks": true | false - } + "NetworkPrediction": true | false } ``` -### NetworkPrediction -Enable or disable network prediction (DNS prefetching). +### NewTabPage +Enable or disable the New Tab page. -**Compatibility:** Firefox 67, Firefox ESR 60.7\ +**Compatibility:** Firefox 68, Firefox ESR 68\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `network.dns.disablePrefetch`,`network.dns.disablePrefetchFromHTTPS` +**Preferences Affected:** `browser.newtabpage.enabled` #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage +``` +Value (string): +``` + or ``` #### macOS ``` - NetworkPrediction + NewTabPage | ``` @@ -2070,24 +2749,35 @@ Software\Policies\Mozilla\Firefox\NetworkPrediction = 0x1 | 0x0 ``` { "policies": { - "NetworkPrediction": true | false + "NewTabPage": true | false } ``` -### NewTabPage -Enable or disable the New Tab page. +### NoDefaultBookmarks +Disable the creation of default bookmarks. -**Compatibility:** Firefox 68, Firefox ESR 68\ -**CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.newtabpage.enabled` +This policy is only effective if the user profile has not been created yet. + +**Compatibility:** Firefox 60, Firefox ESR 60\ +**CCK2 Equivalent:** `removeDefaultBookmarks`\ +**Preferences Affected:** N/A #### Windows (GPO) ``` -Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\NoDefaultBookmarks = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NoDefaultBookmarks +``` +Value (string): +``` + or ``` #### macOS ``` - NewTabPage + NoDefaultBookmarks | ``` @@ -2095,7 +2785,8 @@ Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0 ``` { "policies": { - "NewTabPage": true | false + "NoDefaultBookmarks": true | false + } } ``` ### OfferToSaveLogins @@ -2109,6 +2800,15 @@ Control whether or not Firefox offers to save passwords. ``` Software\Policies\Mozilla\Firefox\OfferToSaveLogins = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLogins +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2135,6 +2835,15 @@ Sets the default value of signon.rememberSignons without locking it. ``` Software\Policies\Mozilla\Firefox\OfferToSaveLoginsDefault = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OfferToSaveLoginsDefault +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2161,6 +2870,16 @@ Override the first run page. If the value is blank, no first run page is display ``` Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2186,6 +2905,16 @@ Override the upgrade page. If the value is blank, no upgrade page is displayed. ``` Software\Policies\Mozilla\Firefox\OverridePostUpdatePage = "http://example.org" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverridePostUpdatePage +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2211,6 +2940,15 @@ Remove access to the password manager via preferences and blocks about:logins on ``` Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2237,9 +2975,11 @@ Set permissions associated with camera, microphone, location, notifications, and `Locked` prevents the user from changing preferences for the feature. -**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6\ +`Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68. + +**Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification` +**Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default` #### Windows (GPO) ``` @@ -2262,6 +3002,85 @@ Software\Policies\Mozilla\Firefox\Permissions\Notifications\BlockNewRequests = 0 Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org" Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu" +Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video" +Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0 +``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Block +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Default +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Locked +``` +Value (string): +``` + or ``` #### macOS ``` @@ -2280,9 +3099,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl https://example.edu BlockNewRequests - + | Locked - + | Microphone @@ -2295,9 +3114,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl https://example.edu BlockNewRequests - + | Locked - + | Location @@ -2310,9 +3129,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl https://example.edu BlockNewRequests - + | Locked - + | Notifications @@ -2339,6 +3158,10 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl https://example.edu + Default + allow-audio-video | block-audio | block-audio-video + Locked + | @@ -2374,7 +3197,9 @@ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://exampl }, "Autoplay": { "Allow": ["https://example.org"], - "Block": ["https://example.edu"] + "Block": ["https://example.edu"], + "Default": "allow-audio-video" | "block-audio" | "block-audio-video", + "Locked": true | false } } } @@ -2400,6 +3225,32 @@ Software\Policies\Mozilla\Firefox\PopupBlocking\Allow\2 = "https://example.edu" Software\Policies\Mozilla\Firefox\PopupBlocking\Default = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\PopupBlocking\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Allow +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Default +``` +Value (string): +``` + or +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Popups/PopupBlocking_Locked +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2505,7 +3356,7 @@ Set and lock certain preferences. |     If false, the geolocation API is disabled. | Language dependent | intl.accept_languages | string | Firefox 70, Firefox ESR 68.2 |     If set, preferred language for web pages. -| media.eme.enabled | boolean | Firefox 70, Firefox ESR 68.2 | true +| media.eme.enabled (Deprecated - Switch to EncryptedMediaExtensions policy) | boolean | Firefox 70, Firefox ESR 68.2 | true |     If false, Encrypted Media Extensions are not enabled. | media.gmp-gmpopenh264.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, the OpenH264 plugin is not downloaded. @@ -2528,7 +3379,7 @@ disabled |     If set to Select Automatically, Firefox automatically chooses the default personal certificate. | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true |     If false, mixed active content (HTTP and HTTPS) is not blocked. -| security.osclientcerts.autoload | boolean | Firefox 72, Firefox ESR 68.4 (Windows only) | false +| security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS) | false |     If true, client certificates are loaded from the operating system certificate store. | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true |     If false, SSL errors cannot be sent to Mozilla. @@ -2543,6 +3394,15 @@ disabled Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value" ``` +#### Windows (Intune) +OMA-URI: (periods are replaced by underscores) +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2577,6 +3437,15 @@ Ask where to save each file before downloading. ``` Software\Policies\Mozilla\Firefox\PromptForDownloadLocation = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PromptForDownloadLocation +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2639,6 +3508,27 @@ Software\Policies\Mozilla\Firefox\Proxy\AutoConfigURL = URL_TO_AUTOCONFIG Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy +``` +Value (string): +``` + + + + + + + + + + + + + +``` #### macOS ``` @@ -2709,6 +3599,16 @@ or Software\Policies\Mozilla\Firefox\RequestedLocales = "de,en-US" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/RequestedLocalesString +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2765,6 +3665,15 @@ Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2819,6 +3728,15 @@ Clear all data on shutdown, including Browsing & Download History, Cookies, Acti ``` Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2845,6 +3763,16 @@ Set whether or not search bar is displayed. ``` Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" ``` + +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchBar +``` +Value (string): +``` + + #### macOS ``` @@ -2852,7 +3780,6 @@ Software\Policies\Mozilla\Firefox\SearchBar = "unified" | "separate" unified | separate ``` - #### policies.json ``` { @@ -2877,6 +3804,16 @@ Set the default search engine. This policy is only available on the ESR. ``` Software\Policies\Mozilla\Firefox\SearchEngines\Default = NAME_OF_SEARCH_ENGINE ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Default +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2909,6 +3846,15 @@ Prevent installing search engines from webpages. ``` Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls +``` +Value (string): +``` + or +``` #### macOS ``` @@ -2941,6 +3887,16 @@ Hide built-in search engines. This policy is only available on the ESR. ``` Software\Policies\Mozilla\Firefox\SearchEngines\Remove\1 = NAME_OF_SEARCH_ENGINE ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_Remove +``` +Value (string): +``` + + +``` #### macOS ``` @@ -2998,7 +3954,23 @@ Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\Description = "Example Des Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\SuggestURLTemplate = "https://www.example.org/suggestions/q={searchTerms}" Software\Policies\Mozilla\Firefox\SearchEngines\Add\1\PostData = "name=value&q={searchTerms}" ``` - +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_1 +``` +Value (string): +``` + + + + + + + + + +``` #### macOS ``` @@ -3061,6 +4033,15 @@ Enable search suggestions. ``` Software\Policies\Mozilla\Firefox\SearchSuggestEnabled = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SearchSuggestEnabled +``` +Value (string): +``` + or +``` #### macOS ``` @@ -3088,6 +4069,16 @@ Install PKCS #11 modules. ``` Software\Policies\Mozilla\Firefox\SecurityDevices\NAME_OF_DEVICE = PATH_TO_LIBRARY_FOR_DEVICE ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SecurityDevices +``` +Value (string): +``` + + +``` #### macOS ``` @@ -3121,6 +4112,16 @@ Set and lock the maximum version of TLS. ``` Software\Policies\Mozilla\Firefox\SSLVersionMax = "tls1" | "tls1.1" | "tls1.2" | "tls1.3" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMax +``` +Value (string): +``` + + +``` #### macOS ``` @@ -3149,6 +4150,16 @@ Set and lock the minimum version of TLS. ``` Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin +``` +Value (string): +``` + + +``` #### macOS ``` @@ -3178,6 +4189,18 @@ Software\Policies\Mozilla\Firefox\SupportMenu\Title = "Support Menu" Software\Policies\Mozilla\Firefox\SupportMenu\URL = "http://example.com/support" Software\Policies\Mozilla\Firefox\SupportMenu\AccessKey = "S" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SupportMenu +``` +Value (string): +``` + + + + +``` #### macOS ``` @@ -3227,6 +4250,18 @@ Software\Policies\Mozilla\Firefox\UserMessaging\ExtensionRecommendations = 0x1 | Software\Policies\Mozilla\Firefox\UserMessaging\FeatureRecommendations = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\UserMessaging\UrlbarInterventions = 0x1 | 0x0 ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_WhatsNew +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_ExtensionRecommendations +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_FeatureRecommendations +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/UserMessaging_UrlbarInterventions +``` +Value (string): +``` + or +``` #### macOS ``` @@ -3268,6 +4303,25 @@ Block websites from being visited. The parameters take an array of Match Pattern Software\Policies\Mozilla\Firefox\WebsiteFilter\Block\1 = "" Software\Policies\Mozilla\Firefox\WebsiteFilter\Exceptions\1 = "http://example.org/*" ``` +#### Windows (Intune) +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Block +``` +Value (string): +``` + + +``` +OMA-URI: +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/B_WebsiteFilter_Exceptions +``` +Value (string): +``` + + +``` #### macOS ```