]> git.p6c8.net - policy-templates.git/commitdiff
git.p6c8.net / policy-templates.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | compact (merge: 154620f 0ca5ae6)
Merge branch 'master' into intune
authorMichael Kaply <345868+mkaply@users.noreply.github.com>
Wed, 20 May 2020 17:39:38 +0000 (12:39 -0500)
committerMichael Kaply <345868+mkaply@users.noreply.github.com>
Wed, 20 May 2020 17:39:38 +0000 (12:39 -0500)
1  2 
README.md patch | diff1 | diff2 | blob | history

diff --combined README.md
index 50fb47f1c6af420ccf89ddeaf4a787419a1cb4cd,f51ef9a0ca94165acf6082da8877afa6779dbfd6..c95e8f8820c84ef32d5eee868221439e4036aca9
--- 1/README.md
--- 2/README.md
+++ b/README.md
@@@ -23,6 -23,7 +23,7 @@@ Policies can be specified using the Gro
  | **[`DisableMasterPasswordCreation`](#disablemasterpasswordcreation)** | Remove the master password functionality.
  | **[`DisableAppUpdate`](#disableappupdate)** | Turn off application updates.
  | **[`DisableBuiltinPDFViewer`](#disablebuiltinpdfviewer)** | Disable the built in PDF viewer.
+ | **[`DisabledCiphers`](#disabledciphers)** | Disable ciphers.
  | **[`DisableDefaultBrowserAgent`](#disabledefaultbrowseragent)** | Prevent the default browser agent from taking any actions (Windows only).
  | **[`DisableDeveloperTools`](#disabledevelopertools)** | Remove access to all developer tools.
  | **[`DisableFeedbackCommands`](#disablefeedbackcommands)** | Disable the menus for reporting sites.
@@@ -107,15 -108,6 +108,15 @@@ If you have disabled updates via Disabl
  ```
  Software\Policies\Mozilla\Firefox\AppAutoUpdate = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppAutoUpdate
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -143,16 -135,6 +144,16 @@@ Change the URL for application update
  ```
  Software\Policies\Mozilla\Firefox\AppUpdateURL = "https://yoursite.com"
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/AppUpdateURL
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="AppUpdateURL" value="https://yoursite.com"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -192,58 -174,6 +193,58 @@@ Software\Policies\Mozilla\Firefox\Authe
  Software\Policies\Mozilla\Firefox\Authentication\AllowProxies\NTLM = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\Authentication\Locked = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_SPNEGO
 +```
 +Value (string):
 +```
 +<enabled/>
 +
 +<data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_Delegated
 +```
 +Value (string):
 +```
 +<enabled/>
 +
 +<data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_NTLM
 +```
 +Value (string):
 +```
 +<enabled/>
 +
 +<data id="Authentication" value="1&#xF000;mydomain&#xF000;2&#xF000;https://myotherdomain.com"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Authentication/Authentication_AllowNonFQDN
 +```
 +Value (string):
 +```
 +<enabled/>
 +
 +<data id="Authentication_AllowNonFQDN_NTLM" value="true | false"/>
 +<data id="Authentication_AllowNonFQDN_SPNEGO" value="true | false"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
 +```
 +Value (string):
 +```
 +<enabled/>
 +
 +<data id="StartPage" value="none | homepage | previous-session"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -316,15 -246,6 +317,15 @@@ Block access to the Add-ons Manager (ab
  ```
  Software\Policies\Mozilla\Firefox\BlockAboutAddons = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutAddons
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -352,15 -273,6 +353,15 @@@ Block access to about:config
  ```
  Software\Policies\Mozilla\Firefox\BlockAboutConfig = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutConfig
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -388,15 -300,6 +389,15 @@@ Block access to About Profiles (about:p
  ```
  Software\Policies\Mozilla\Firefox\BlockAboutProfiles = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutProfiles
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -424,15 -327,6 +425,15 @@@ Block access to Troubleshooting Informa
  ```
  Software\Policies\Mozilla\Firefox\BlockAboutSupport = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/BlockAboutSupport
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -464,20 -358,6 +465,20 @@@ Software\Policies\Mozilla\Firefox\Bookm
  Software\Policies\Mozilla\Firefox\Bookmarks\1\Placement = "toolbar" | "menu"
  Software\Policies\Mozilla\Firefox\Bookmarks\1\Folder = "FolderName"
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Bookmarks/Bookmark01
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="BookmarkTitle" value="Example"/>
 +<data id="BookmarkURL" value="https://example.com"/>
 +<data id="BookmarkFavicon" value="https://example.com/favicon.ico"/>
 +<data id="BookmarkPlacement" value="toolbar | menu"/>
 +<data id="BookmarkFolder" value="FolderName"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -525,15 -405,6 +526,15 @@@ Enable or disable the detection of capt
  ```
  Software\Policies\Mozilla\Firefox\CaptivePortal = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/CaptivePortal
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -565,15 -436,6 +566,15 @@@ See https://support.mozilla.org/kb/sett
  ```
  Software\Policies\Mozilla\Firefox\Certificates\ImportEnterpriseRoots = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_ImportEnterpriseRoots
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -626,16 -488,6 +627,16 @@@ Binary (DER) and ASCII (PEM) certificat
  Software\Policies\Mozilla\Firefox\Certificates\Install\1 = "cert1.der"
  Software\Policies\Mozilla\Firefox\Certificates\Install\2 = "C:\Users\username\cert2.pem"
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Certificates/Certificates_Install
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="Certificates_Install" value="1&#xF000;cert1.der&#xF000;2&#xF000;C:\Users\username\cert2.pem"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -685,71 -537,11 +686,71 @@@ Configure cookie preferences
  Software\Policies\Mozilla\Firefox\Cookies\Allow\1 = "https://example.com"
  Software\Policies\Mozilla\Firefox\Cookies\Block\1 = "https://example.org"
  Software\Policies\Mozilla\Firefox\Cookies\Default = 0x1 | 0x0
 -Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" |"from-visited"
 +Software\Policies\Mozilla\Firefox\Cookies\AcceptThirdParty = "always" | "never" | "from-visited"
  Software\Policies\Mozilla\Firefox\Cookies\ExpireAtSessionEnd = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\Cookies\RejectTracker = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\Cookies\Locked = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Allow
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="Cookies_Allow" value="1&#xF000;https://example.com"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Block
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="Cookies_Block" value="1&#xF000;https://example.org"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Default
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_AcceptThirdParty
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="Cookies_AcceptThirdParty" value="always | never | from-visited"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_ExpireAtSessionEnd
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_RejectTracker
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Cookies/Cookies_Locked
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -803,15 -595,7 +804,15 @@@ Remove the "Set As Desktop Background..
  ```
  Software\Policies\Mozilla\Firefox\DisableSetDesktopBackground = 0x1 | 0x0
  ```
 -
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSetDesktopBackground
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -838,15 -622,7 +839,15 @@@ Remove the master password functionalit
  ```
  Software\Policies\Mozilla\Firefox\DisableMasterPasswordCreation = 0x1 | 0x0
  ```
 -
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableMasterPasswordCreation
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -873,15 -649,6 +874,15 @@@ Turn off application updates
  ```
  Software\Policies\Mozilla\Firefox\DisableAppUpdate = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -908,15 -675,7 +909,15 @@@ Disable the built in PDF viewer. PDF fi
  ```
  Software\Policies\Mozilla\Firefox\DisableBuiltinPDFViewer = 0x1 | 0x0
  ```
 -
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableBuiltinPDFViewer
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -932,6 -691,69 +933,69 @@@
    }
  }
  ```
+ ### DisabledCiphers
+ Disable specific cryptographic ciphers.
+ **Compatibility:** Firefox 76, Firefox ESR 68.8\
+ **CCK2 Equivalent:** N/A\
+ **Preferences Affected:** N/A
+ #### Windows (GPO)
+ ```
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x1 | 0x0
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_128_CBC_SHA = 0x1 | 0x0
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_AES_256_CBC_SHA = 0x1 | 0x0
+ Software\Policies\Mozilla\Firefox\DisabledCiphers\TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x1 | 0x0
+ ```
+ #### macOS
+ ```
+ <dict>
+   <key>DisabledCiphers</key>
+     <dict>
+       <key>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</key>
+       <true/> | <false/>
+       <key>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</key>
+       <true/> | <false/>
+       <key>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</key>
+       <true/> | <false/>
+       <key>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</key>
+       <true/> | <false/>
+       <key>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</key>
+       <true/> | <false/>
+       <key>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</key>
+       <true/> | <false/>
+       <key>TLS_RSA_WITH_AES_128_CBC_SHA</key>
+       <true/> | <false/>
+       <key>TLS_RSA_WITH_AES_256_CBC_SHA</key>
+       <true/> | <false/>
+       <key>TLS_RSA_WITH_3DES_EDE_CBC_SHA</key>
+       <true/> | <false/>
+     </dict>
+ </dict>
+ ```
+ #### policies.json
+ ```
+ {
+   "policies": {
+     "DisabledCiphers" {
+       "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": true | false,
+       "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": true | false,
+       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": true | false,
+       "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": true | false,
+       "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": true | false,
+       "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": true | false,
+       "TLS_RSA_WITH_AES_128_CBC_SHA": true | false,
+       "TLS_RSA_WITH_AES_256_CBC_SHA": true | false,
+       "TLS_RSA_WITH_3DES_EDE_CBC_SHA": true | false
+     }
+   }
+ }
+ ```
  ### DisableDefaultBrowserAgent
  Prevent the default browser agent from taking any actions. Only applicable to Windows; other platforms don’t have the agent.
  
@@@ -943,15 -765,7 +1007,15 @@@
  ```
  Software\Policies\Mozilla\Firefox\DisableDefaultBrowserAgent = 0x1 | 0x0
  ```
 -
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDefaultBrowserAgent
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### policies.json
  ```
  {
@@@ -971,15 -785,7 +1035,15 @@@ Remove access to all developer tools
  ```
  Software\Policies\Mozilla\Firefox\DisableDeveloperTools = 0x1 | 0x0`
  ```
 -
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableDeveloperTools
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1006,15 -812,6 +1070,15 @@@ Disable the menus for reporting sites (
  ```
  Software\Policies\Mozilla\Firefox\DisableFeedbackCommands = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFeedbackCommands
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1041,15 -838,6 +1105,15 @@@ Remove access to Firefox Screenshots
  ```
  Software\Policies\Mozilla\Firefox\DisableFirefoxScreenshots = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxScreenshots
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1076,15 -864,6 +1140,15 @@@ Disable Firefox Accounts integration (S
  ```
  Software\Policies\Mozilla\Firefox\DisableFirefoxAccounts = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxAccounts
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1111,15 -890,6 +1175,15 @@@ Disable Firefox studies (Shield)
  ```
  Software\Policies\Mozilla\Firefox\DisableFirefoxStudies = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFirefoxStudies
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1146,15 -916,6 +1210,15 @@@ Disable the "Forget" button
  ```
  Software\Policies\Mozilla\Firefox\DisableForgetButton = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableForgetButton
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1181,15 -942,6 +1245,15 @@@ Turn off saving information on web form
  ```
  Software\Policies\Mozilla\Firefox\DisableFormHistory = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableFormHistory
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1216,15 -968,7 +1280,15 @@@ Do not allow passwords to be shown in s
  ```
  Software\Policies\Mozilla\Firefox\DisablePasswordReveal = 0x1 | 0x0
  ```
 -
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePasswordReveal
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1251,15 -995,6 +1315,15 @@@ Remove Pocket in the Firefox UI. It doe
  ```
  Software\Policies\Mozilla\Firefox\DisablePocket = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePocket
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1286,15 -1021,6 +1350,15 @@@ Remove access to private browsing
  ```
  Software\Policies\Mozilla\Firefox\DisablePrivateBrowsing = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisablePrivateBrowsing
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1321,15 -1047,6 +1385,15 @@@ Disables the "Import data from another 
  ```
  Software\Policies\Mozilla\Firefox\DisableProfileImport = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileImport
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1356,15 -1073,6 +1420,15 @@@ Disable the Refresh Firefox button on a
  ```
  Software\Policies\Mozilla\Firefox\DisableProfileRefresh = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableProfileRefresh
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1393,15 -1101,6 +1457,15 @@@ On Windows, this disables safe mode vi
  ```
  Software\Policies\Mozilla\Firefox\DisableSafeMode = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSafeMode
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1433,24 -1132,6 +1497,24 @@@ Prevent the user from bypassing securit
  Software\Policies\Mozilla\Firefox\DisableSecurityBypass\InvalidCertificate = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\DisableSecurityBypass\SafeBrowsing = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_InvalidCertificate
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/P_DisableSecurityBypass_SafeBrowsing
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +
  #### macOS
  ```
  <dict>
@@@ -1482,17 -1163,7 +1546,17 @@@ Prevent system add-ons from being insta
  **Preferences Affected:** N/A
  
  #### Windows (GPO)
 -```Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
 +```
 +Software\Policies\Mozilla\Firefox\DisableSystemAddonUpdate = 0x1 | 0x0
 +```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableSystemAddonUpdate
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
  ```
  #### macOS
  ```
@@@ -1522,15 -1193,6 +1586,15 @@@ Mozilla recommends that you do not disa
  ```
  Software\Policies\Mozilla\Firefox\DisableTelemetry = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableTelemetry
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1557,15 -1219,6 +1621,15 @@@ Set the initial state of the bookmarks 
  ```
  Software\Policies\Mozilla\Firefox\DisplayBookmarksToolbar = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayBookmarksToolbar
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1626,16 -1279,6 +1690,16 @@@ Set the state of the menubar
  ```
  Software\Policies\Mozilla\Firefox\DisplayMenuBar = "always", "never", "default-on", "default-off"
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisplayMenuBar_Enum
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="DisplayMenuBar" value="always | never | default-on | default-off"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1825,19 -1468,6 +1889,19 @@@ Software\Policies\Mozilla\Firefox\Enabl
  Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Fingerprinting = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com"
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/TrackingProtection
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="TrackingProtectionLocked" value="true | false"/>
 +<data id="Cryptomining" value="true | false"/>
 +<data id="Fingerprinting" value="true | false"/>
 +<data id=TrackingProtection_Exceptions" value="1&#xF000;https://example.com"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -1979,26 -1609,6 +2043,26 @@@ Software\Policies\Mozilla\Firefox\Exten
    }
  }
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="ExtensionSettings" value='
 +  "*": {
 +      "blocked_install_message": "Custom error message.",
 +      "install_sources": ["https://addons.mozilla.org/"],
 +      "installation_mode": "blocked",
 +      "allowed_types": ["extension"]
 +    },
 +    "uBlock0@raymondhill.net": {
 +      "installation_mode": "force_installed",
 +      "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 +    }'/>
 +```
  #### macOS
  ```
  <dict>
@@@ -2096,33 -1706,6 +2160,33 @@@ Software\Policies\Mozilla\Firefox\Flash
  Software\Policies\Mozilla\Firefox\FlashPlugin\Default = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\FlashPlugin\Locked = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Allow
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
 +
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Locked
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Flash/FlashPlugin_Default
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -2256,38 -1839,6 +2320,38 @@@ Software\Policies\Mozilla\Firefox\Homep
  Software\Policies\Mozilla\Firefox\Homepage\Additional\2 = "https://example.edu"
  Software\Policies\Mozilla\Firefox\Homepage\StartPage = "none" | "homepage" |  "previous-session"
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL
 +```
 +Value (string):
 +```
 +<enabled/>
 +
 +<data id="HomepageURL" value="https://example.com"/>
 +<data id="HomepageLocked" value="true | false"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageAdditional
 +```
 +Value (string):
 +```
 +<enabled/>
 +
 +<data id="HomepageAdditional" value="1&#xF000;http://example.org&#xF000;2&#xF000;http://example.edu"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageStartPage
 +```
 +Value (string):
 +```
 +<enabled/>
 +
 +<data id="StartPage" value="none | homepage | previous-session"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -2338,24 -1889,6 +2402,24 @@@ Software\Policies\Mozilla\Firefox\Insta
  Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Allow\2 = "https://example.edu"
  Software\Policies\Mozilla\Firefox\InstallAddonsPermission\Default = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Allow
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="Permissions" value="1&#xF000;https://example.org&#xF000;2&#xF000;https://example.edu"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Addons/InstallAddonsPermission_Default
 +```
 +Value (string):
 +```
 +<enabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -2495,15 -2028,6 +2559,15 @@@ Enable or disable the New Tab page
  ```
  Software\Policies\Mozilla\Firefox\NewTabPage = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/NewTabPage
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -2581,16 -2105,6 +2645,16 @@@ Override the first run page. If the val
  ```
  Software\Policies\Mozilla\Firefox\OverrideFirstRunPage = "http://example.org"
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/OverrideFirstRunPage
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="OverridePage" value="https://example.com"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -2641,15 -2155,6 +2705,15 @@@ Remove access to the password manager v
  ```
  Software\Policies\Mozilla\Firefox\PasswordManagerEnabled = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/PasswordManagerEnabled
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -2676,9 -2181,11 +2740,11 @@@ Set permissions associated with camera
  
  `Locked` prevents the user from changing preferences for the feature.
  
- **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6\
+ `Default` specifies the default value for Autoplay. block-audio-video is not supported on Firefox ESR 68.
+ **Compatibility:** Firefox 62, Firefox ESR 60.2 (Autoplay added in Firefox 74, Firefox ESR 68.6, Autoplay Default/Locked added in Firefox 76, Firefox ESR 68.8)\
  **CCK2 Equivalent:** N/A\
- **Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`
+ **Preferences Affected:** `permissions.default.camera`,`permissions.default.microphone`,`permissions.default.geo`,`permissions.default.desktop-notification`,`media.autoplay.default`
  
  #### Windows (GPO)
  ```
@@@ -2701,58 -2208,9 +2767,60 @@@ Software\Policies\Mozilla\Firefox\Permi
  Software\Policies\Mozilla\Firefox\Permissions\Notifications\Locked = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Allow\1 = "https://example.org"
  Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Block\1 = "https://example.edu"
+ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Default = "allow-audio-video" | "block-audio" | "block-audio-video"
+ Software\Policies\Mozilla\Firefox\Permissions\Autoplay\Locked = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_BlockNewRequests
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Location/Location_Locked
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Allow
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="Permissions" value="1&#xF000;https://example.org"/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_BlockNewRequests
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Notifications/Notifications_Locked
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Permissions~Autoplay/Autoplay_Allow
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="Permissions" value="1&#xF000;https://example.org"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -2770,9 -2228,9 +2838,9 @@@
          <string>https://example.edu</string>
        </array>
        <key>BlockNewRequests</key>
-       <true/>
+       <true/> | <false/>
        <key>Locked</key>
-       <true/>
+       <true/> | <false/>
      </dict>
      <key>Microphone</key>
      <dict>
@@@ -2785,9 -2243,9 +2853,9 @@@
          <string>https://example.edu</string>
        </array>
        <key>BlockNewRequests</key>
-       <true/>
+       <true/> | <false/>
        <key>Locked</key>
-       <true/>
+       <true/> | <false/>
      </dict>
      <key>Location</key>
      <dict>
@@@ -2800,9 -2258,9 +2868,9 @@@
          <string>https://example.edu</string>
        </array>
        <key>BlockNewRequests</key>
-       <true/>
+       <true/> | <false/>
        <key>Locked</key>
-       <true/>
+       <true/> | <false/>
      </dict>
      <key>Notifications</key>
      <dict>
@@@ -2829,6 -2287,10 +2897,10 @@@
        <array>
          <string>https://example.edu</string>
        </array>
+       <key>Default</key>
+       <string>allow-audio-video | block-audio | block-audio-video</string>
+       <key>Locked</key>
+       <true/> | <false/>
      </dict>
    </dict>
  </dict>
@@@ -2864,7 -2326,9 +2936,9 @@@
        },
        "Autoplay": {
          "Allow": ["https://example.org"],
-         "Block": ["https://example.edu"]
+         "Block": ["https://example.edu"],
+         "Default": "allow-audio-video" | "block-audio" | "block-audio-video",
+         "Locked": true | false
        }
      }
    }
@@@ -3018,7 -2482,7 +3092,7 @@@ disable
  | &nbsp;&nbsp;&nbsp;&nbsp;If set to Select Automatically, Firefox automatically chooses the default personal certificate.
  | security.mixed_content.block_active_content | boolean | Firefox 70, Firefox ESR 68.2 | true
  | &nbsp;&nbsp;&nbsp;&nbsp;If false, mixed active content (HTTP and HTTPS) is not blocked.
- | security.osclientcerts.autoload | boolean | Firefox 72, Firefox ESR 68.4 (Windows only) | false
+ | security.osclientcerts.autoload | boolean | Firefox 72 (Windows), Firefox 75 (macOS)  | false
  | &nbsp;&nbsp;&nbsp;&nbsp;If true, client certificates are loaded from the operating system certificate store.
  | security.ssl.errorReporting.enabled | boolean | Firefox 68, Firefox ESR 68 | true
  | &nbsp;&nbsp;&nbsp;&nbsp;If false, SSL errors cannot be sent to Mozilla.
@@@ -3033,15 -2497,6 +3107,15 @@@
  Software\Policies\Mozilla\Firefox\Preferences\boolean_preference_name = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\Preferences\string_preference_name = "string_value"
  ```
 +#### Windows (Intune)
 +OMA-URI: (periods are replaced by underscores)
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Preferences/boolean_preference_name
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -3138,27 -2593,6 +3212,27 @@@ Software\Policies\Mozilla\Firefox\Proxy
  Software\Policies\Mozilla\Firefox\Proxy\AutoLogin = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\Proxy\UseProxyForDNS = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Proxy
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="ProxyLocked" value="true | false"/>
 +<data id="ConnectionType" value="none | system | manual | autoDetect | autoConfig"/>
 +<data id="HTTPProxy" value="https://httpproxy.example.com"/>
 +<data id="UseHTTPProxyForAllProtocols" value="true | false"/>
 +<data id="SSLProxy" value="https://sslproxy.example.com"/>
 +<data id="FTPProxy" value="https://ftpproxy.example.com"/>
 +<data id="SOCKSProxy" value="https://socksproxy.example.com"/>
 +<data id="SOCKSVersion" value="4 | 5"/>
 +<data id="AutoConfigURL" value="URL_TO_AUTOCONFIG"/>
 +<data id="Passthrough" value="<local>"/>
 +<data id="AutoLogin" value="true | false"/>
 +<data id="UseProxyForDNS" value="true | false"/>
 +```
  #### macOS
  ```
  <dict>
@@@ -3285,15 -2719,6 +3359,15 @@@ Software\Policies\Mozilla\Firefox\Sanit
  Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\OfflineApps = 0x1 | 0x0
  Software\Policies\Mozilla\Firefox\SanitizeOnShutdown\Locked = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~SanitizeOnShutdown/I_SanitizeOnShutdown_Locked
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -3348,15 -2773,6 +3422,15 @@@ Clear all data on shutdown, including B
  ```
  Software\Policies\Mozilla\Firefox\SanitizeOnShutdown = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/C_SanitizeOnShutdown
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -3447,15 -2863,6 +3521,15 @@@ Prevent installing search engines from 
  ```
  Software\Policies\Mozilla\Firefox\SearchEngines\PreventInstalls = 0x1 | 0x0
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Search/SearchEngines_PreventInstalls
 +```
 +Value (string):
 +```
 +<enabled/> or <disabled/>
 +```
  #### macOS
  ```
  <dict>
@@@ -3696,16 -3103,6 +3770,16 @@@ Set and lock the minimum version of TLS
  ```
  Software\Policies\Mozilla\Firefox\SSLVersionMin = "tls1" | "tls1.1" | "tls1.2" | "tls1.3"
  ```
 +#### Windows (Intune)
 +OMA-URI:
 +```
 +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/SSLVersionMin
 +```
 +Value (string):
 +```
 +<enabled/>
 +<data id="SSLVersion" value="tls1 | tls1.2 | tls1.3"/>
 +```
  #### macOS
  ```
  <dict>
My copy of the policy templates for Firefox

patrick-canterino.de