X-Git-Url: https://git.p6c8.net/policy-templates.git/blobdiff_plain/f4ea54f0c9eb24cb40d27adaaa8de85d96f81485..299371a19ed5e305d47237e4cb8d622c44de8c95:/docs/index.md
diff --git a/docs/index.md b/docs/index.md
index 811b950..edf6a7b 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -90,6 +90,7 @@ Note: The `policies.json` must use the UTF-8 encoding.
| **[`LocalFileLinks`](#localfilelinks)** | Enable linking to local files by origin.
| **[`ManagedBookmarks`](#managedbookmarks)** | Configures a list of bookmarks managed by an administrator that cannot be changed by the user.
| **[`ManualAppUpdateOnly`](#manualappupdateonly)** | Allow manual updates only and do not notify the user about updates.
+| **[`MicrosoftEntraSSO`](#microsoftentrasso)** | Allow single sign-on for Microsoft Entra accounts on macOS.
| **[`NetworkPrediction`](#networkprediction)** | Enable or disable network prediction (DNS prefetching).
| **[`NewTabPage`](#newtabpage)** | Enable or disable the New Tab page.
| **[`NoDefaultBookmarks`](#nodefaultbookmarks)** | Disable the creation of default bookmarks.
@@ -333,7 +334,7 @@ OMA-URI:
Value (string):
```
-
+
```
#### macOS
```
@@ -1265,15 +1266,26 @@ Configure Firefox to use an agent for Data Loss Prevention (DLP) that is compati
`Enabled` indicates whether Firefox should use DLP. Note that if this value is true and no DLP agent is running, all DLP requests will be denied unless `DefaultResult` is set to 1 or 2.
+`InterceptionPoints` controls settings for specific interception points.
+
+* The `Clipboard` entry controls clipboard operations for files and text.
+ * `Enabled` indicates whether clipboard operations should use DLP. The default is true.
+* The `DragAndDrop` entry controls drag and drop operations for files and text.
+ * `Enabled` indicates whether drag and drop operations should use DLP. The default is true.
+* The `FileUpload` entry controls file upload operations for files chosen from the file picker.
+ * `Enabled` indicates whether file upload operations should use DLP. The default is true.
+* The `Print` entry controls print operation.
+ * `Enabled` indicates whether print operations should use DLP. The default is true.
+
`IsPerUser` indicates whether the pipe the DLP agent has created is per-user or per-system. The default is true, meaning per-user.
`PipePathName` is the name of the pipe the DLP agent has created and Firefox will connect to. The default is "path_user".
`ShowBlockedResult` indicates whether Firefox should show a notification when a DLP request is denied. The default is true.
-**Compatibility:** Firefox 132\
+**Compatibility:** Firefox 136\
**CCK2 Equivalent:** N/A\
-**Preferences Affected:** `browser.contentanalysis.agent_name`, `browser.contentanalysis.agent_timeout`, `browser.contentanalysis.allow_url_regex_list`, `browser.contentanalysis.bypass_for_same_tab_operations`, `browser.contentanalysis.client_signature`, `browser.contentanalysis.default_result`, `browser.contentanalysis.deny_url_regex_list`, `browser.contentanalysis.enabled`, `browser.contentanalysis.is_per_user`, `browser.contentanalysis.pipe_path_name`, `browser.contentanalysis.show_blocked_result`
+**Preferences Affected:** `browser.contentanalysis.agent_name`, `browser.contentanalysis.agent_timeout`, `browser.contentanalysis.allow_url_regex_list`, `browser.contentanalysis.bypass_for_same_tab_operations`, `browser.contentanalysis.client_signature`, `browser.contentanalysis.default_result`, `browser.contentanalysis.deny_url_regex_list`, `browser.contentanalysis.enabled`, `browser.contentanalysis.interception_point.clipboard.enabled`, `browser.contentanalysis.interception_point.drag_and_drop.enabled`, `browser.contentanalysis.interception_point.file_upload.enabled`, `browser.contentanalysis.interception_point.print.enabled`, `browser.contentanalysis.is_per_user`, `browser.contentanalysis.pipe_path_name`, `browser.contentanalysis.show_blocked_result`
#### Windows (GPO)
```
@@ -1285,6 +1297,10 @@ Software\Policies\Mozilla\Firefox\ContentAnalysis\ClientSignature = "My DLP Comp
Software\Policies\Mozilla\Firefox\ContentAnalysis\DefaultResult = 0x0 | 0x1 | 0x2
Software\Policies\Mozilla\Firefox\ContentAnalysis\DenyUrlRegexList = "https://example\.com/.* https://subdomain\.example\.com/.*"
Software\Policies\Mozilla\Firefox\ContentAnalysis\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\Clipboard\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\DragAndDrop\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\FileUpload\Enabled = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\ContentAnalysis\InterceptionPoints\Print\Enabled = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\ContentAnalysis\IsPerUser = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\ContentAnalysis\PipePathName = "pipe_custom_name"
Software\Policies\Mozilla\Firefox\ContentAnalysis\ShowBlockedResult = 0x1 | 0x0
@@ -1363,6 +1379,38 @@ Value (string):
```
OMA-URI:
```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_InterceptionPoints_Clipboard_Enabled
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_InterceptionPoints_DragAndDrop_Enabled
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_InterceptionPoints_FileUpload_Enabled
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
+./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_InterceptionPoints_Print_Enabled
+```
+Value (string):
+```
+ or
+```
+OMA-URI:
+```
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~ContentAnalysis/ContentAnalysis_IsPerUser
```
Value (string):
@@ -1400,6 +1448,20 @@ Value (string):
"DefaultResult": 0 | 1 | 2,
"DenyUrlRegexList": "https://example\.com/.* https://subdomain\.example\.com/.*",
"Enabled": true | false,
+ "InterceptionPoints": {
+ "Clipboard": {
+ "Enabled": true | false
+ },
+ "DragAndDrop": {
+ "Enabled": true | false
+ },
+ "FileUpload": {
+ "Enabled": true | false
+ },
+ "Print": {
+ "Enabled": true | false
+ }
+ },
"IsPerUser": true | false,
"PipePathName": "pipe_custom_name",
"ShowBlockedResult": true | false,
@@ -2475,7 +2537,7 @@ This policy only works on Windows through GPO (not policies.json).
#### Windows (GPO)
```
-Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = = 0x1 | 0x0
+Software\Policies\Mozilla\Firefox\DisableThirdPartyModuleBlocking = 0x1 | 0x0
```
#### Windows (Intune)
OMA-URI:
@@ -3092,6 +3154,9 @@ This policy maps an extension ID to its configuration. With an extension ID, the
To obtain an extension ID, install the extension and go to about:support. You will see the ID in the Extensions section. I've also created an extension that makes it easy to find the ID of extensions on AMO. You can download it [here](https://github.com/mkaply/queryamoid/releases/tag/v0.1).
Or you can ask the Mozilla Addons API, see [docs](https://mozilla.github.io/addons-server/topics/api/addons.html#detail), which returns the ID as `guid`: https://addons.mozilla.org/api/v5/addons/addon/ublock-origin/
+**Note:**
+If the extension ID is a UUID ({12345678-1234-1234-1234-1234567890ab}), you must include the curly braces around the ID.
+
The configuration for each extension is another dictionary that can contain the fields documented below.
| Name | Description |
@@ -4311,6 +4376,30 @@ Value (string):
}
}
```
+### MicrosoftEntraSSO
+Allow single sign-on for Microsoft Entra accounts on macOS.
+
+If this policy is set to true, Firefox will use credentials stored in the Company Portal to sign in to Microsoft Entra accounts.
+
+**Compatibility:** Firefox 132.0.1, Firefox ESR 128.5\
+**CCK2 Equivalent:** N/A\
+**Preferences Affected:** `network.http.microsoft-entra-sso.enabled`
+
+#### macOS
+```
+
+ MicrosoftEntraSSO
+ |
+
+```
+#### policies.json
+```
+{
+ "policies": {
+ "MicrosoftEntraSSO": true | false
+ }
+}
+```
### NetworkPrediction
Enable or disable network prediction (DNS prefetching).
@@ -5237,6 +5326,7 @@ general.autoScroll (Firefox 83, Firefox ESR 78.5)
general.smoothScroll (Firefox 83, Firefox ESR 78.5)
geo.
gfx.
+identity.fxaccounts.toolbar (Firefox 133)
intl.
keyword.enabled (Firefox 95, Firefox ESR 91.4)
layers.
@@ -5275,9 +5365,9 @@ as well as the following security preferences:
| security.mixed_content.block_active_content | boolean | true
| If set to true, mixed active content (HTTP subresources such as scripts, fetch requests, etc. on a HTTPS page) will be blocked.
| security.mixed_content.block_display_content | boolean | false
-| If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked. (Firefox 127, Firefox ESR 128.0)
+| If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be blocked and ```security.mixed_content.upgrade_display_content``` will be ignored. (Firefox 127, Firefox ESR 128.0)
| security.mixed_content.upgrade_display_content | boolean | true
-| If set to true, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0)
+| If set to false, mixed passive/display content (HTTP subresources such as images, videos, etc. on a HTTPS page) will NOT be upgraded to HTTPS. (Firefox 127, Firefox ESR 128.0)
| security.osclientcerts.autoload | boolean | false
| If true, client certificates are loaded from the operating system certificate store.
| security.OCSP.enabled | integer | 1
@@ -5286,6 +5376,8 @@ as well as the following security preferences:
| If true, if an OCSP request times out, the connection fails.
| security.osclientcerts.assume_rsa_pss_support | boolean | true
| If false, we don't assume an RSA key can do RSA-PSS. (Firefox 114, Firefox ESR 102.12)
+| security.pki.certificate_transparency.mode | integer | 0
+| Configures Certificate Transparency support mode (Firefox 133)
| security.ssl.enable_ocsp_stapling | boolean | true
| If false, OCSP stapling is not enabled.
| security.ssl.errorReporting.enabled | boolean | true
@@ -5881,7 +5973,7 @@ Note: Starting with Firefox 128, History clears FormData and Downloads as well.
`SiteSettings` Site Preferences
-`OfflineApps` Offline Website Data.
+`OfflineApps` Offline Website Data (*Deprecated - part of Cookies*)
`Locked` prevents the user from changing these preferences.
@@ -5893,12 +5985,9 @@ Note: Starting with Firefox 128, History clears FormData and Downloads as well.
```
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cache = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Cookies = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Downloads = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\FormData = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\History = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Sessions = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\SiteSettings = 0x1 | 0x0
-Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
```
#### Windows (Intune)
@@ -5920,22 +6009,6 @@ Value (string):
```
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/C_SanitizeOnShutdown_Downloads
-```
-Value (string):
-```
- or
-```
-OMA-URI:
-```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/D_SanitizeOnShutdown_FormData
-```
-Value (string):
-```
- or
-```
-OMA-URI:
-```
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/E_SanitizeOnShutdown_History
```
Value (string):
@@ -5960,14 +6033,6 @@ Value (string):
```
OMA-URI:
```
-./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/H_SanitizeOnShutdown_OfflineApps
-```
-Value (string):
-```
- or
-```
-OMA-URI:
-```
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
```
Value (string):
@@ -5983,18 +6048,12 @@ Value (string):
|
Cookies
|
- Downloads
- |
- FormData
- |
History
|
Sessions
|
SiteSettings
|
- OfflineApps
- |
Locked
|
@@ -6007,12 +6066,9 @@ Value (string):
"SanitizeOnShutdown": {
"Cache": true | false,
"Cookies": true | false,
- "Downloads": true | false,
- "FormData": true | false,
"History": true | false,
"Sessions": true | false,
"SiteSettings": true | false,
- "OfflineApps": true | false,
"Locked": true | false
}
}