From d7258527982f90ac62a4e9971b86f97bfe1ea4c4 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 15:12:03 +0100 Subject: [PATCH 01/16] chore: sync with cb8a787 --- src/content/docs/reference/policies/Extensions.mdx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/content/docs/reference/policies/Extensions.mdx b/src/content/docs/reference/policies/Extensions.mdx index b29af22..61b04e1 100644 --- a/src/content/docs/reference/policies/Extensions.mdx +++ b/src/content/docs/reference/policies/Extensions.mdx @@ -7,10 +7,10 @@ category: "Extensions" Control the installation, uninstallation and locking of extensions. > [!WARNING] -> This method may be removed in future. -> We strongly recommend that you use the **[`ExtensionSettings`](/enterprise-admin-reference/reference/policies/extensionsettings)** policy. -> It has the same functionality with additional configuration options. -> It does not support native paths, so you will have to use `file://` URLs. +> The **[`ExtensionSettings`](#extensionsettings)** policy was added in Firefox 69. +> It provides additional functionality to `Extensions` and is closer in compatibility to Chrome and Edge. +> It does not support native paths, so you'll have to use `file://` URLs. +> Before using `Extensions`, it's recommended to use `ExtensionSettings` as all future improvements will be applied to that policy instead. **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** `addons`\ From df6515b60414a00f677cab61c24656b2479a7329 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 15:33:58 +0100 Subject: [PATCH 02/16] chore: sync with ccbeded --- .../policies/VisualSearchEnabled.mdx | 48 +++++++++++++++++++ .../docs/reference/policies/WebsiteFilter.mdx | 1 - 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 src/content/docs/reference/policies/VisualSearchEnabled.mdx diff --git a/src/content/docs/reference/policies/VisualSearchEnabled.mdx b/src/content/docs/reference/policies/VisualSearchEnabled.mdx new file mode 100644 index 0000000..a9087ce --- /dev/null +++ b/src/content/docs/reference/policies/VisualSearchEnabled.mdx @@ -0,0 +1,48 @@ +--- +title: "VisualSearchEnabled" +description: "Enable or disable visual search." +category: "Search" +--- + +**Compatibility:** Firefox 144\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.search.visualSearch.featureGate` + +## Windows (GPO) + +```url +Software\Policies\Mozilla\Firefox\VisualSearchEnabled = 0x1 | 0x0 +``` + +## Windows (Intune) + +OMA-URI: + +```url +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/VisualSearchEnabled +``` + +Value (string): + +```xml + or +``` + +## macOS + +```xml + + VisualSearchEnabled + | + +``` + +## policies.json + +```json +{ + "policies": { + "VisualSearchEnabled": true | false + } +} +``` diff --git a/src/content/docs/reference/policies/WebsiteFilter.mdx b/src/content/docs/reference/policies/WebsiteFilter.mdx index c99083e..7f61ef9 100644 --- a/src/content/docs/reference/policies/WebsiteFilter.mdx +++ b/src/content/docs/reference/policies/WebsiteFilter.mdx @@ -85,7 +85,6 @@ Value (string): http://example.org/* - ``` From 02ed7df965a37b30b0fac1157d5cca492617e6ef Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 15:35:40 +0100 Subject: [PATCH 03/16] chore: sync with e4d1870 --- src/content/docs/reference/policies/Preferences.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/src/content/docs/reference/policies/Preferences.mdx b/src/content/docs/reference/policies/Preferences.mdx index b836877..c133724 100644 --- a/src/content/docs/reference/policies/Preferences.mdx +++ b/src/content/docs/reference/policies/Preferences.mdx @@ -95,6 +95,7 @@ as well as the following security preferences: | security.tls.hello_downgrade_check | boolean | true | If false, the TLS 1.3 downgrade check is disabled. | | security.tls.version.enable-deprecated | boolean | false | If true, browser will accept TLS 1.0 and TLS 1.1. (Firefox 86, Firefox 78.8) | | security.warn_submit_secure_to_insecure | boolean | true | If false, no warning is shown when submitting a form from https to http. | +| security.webauthn.always_allow_direct_attestation | boolean | false | If true, unnecessary (redundant) WebAuthn prompts are not shown. | Using the preference as the key, set the `Value` to the corresponding preference value. From c2680772cac424685119e8a1c8cad286578d288b Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 15:40:21 +0100 Subject: [PATCH 04/16] chore: sync with dbfd325 --- .../docs/reference/policies/GenerativeAI.mdx | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 src/content/docs/reference/policies/GenerativeAI.mdx diff --git a/src/content/docs/reference/policies/GenerativeAI.mdx b/src/content/docs/reference/policies/GenerativeAI.mdx new file mode 100644 index 0000000..71a107c --- /dev/null +++ b/src/content/docs/reference/policies/GenerativeAI.mdx @@ -0,0 +1,77 @@ +--- +title: "GenerativeAI" +description: "Configure generative AI features." +category: "Miscellaneous" +--- + +Configure generative AI features. + +**Compatibility:** Firefox 144, Firefox ESR 140.4\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** `browser.ml.chat.enabled`, `browser.ml.linkPreview.optin`, `browser.tabs.groups.smart.userEnabled` + +## Values + +- `Chatbot` If false, AI chatbots are not available in the sidebar. +- `LinkPreviews` If false, AI is not used to generate link previews (Firefox 144). +- `TabGroups` If false, AI is not used to suggest names and tabs for tab groups (Firefox 144). +- `Locked` prevents the user from changing generative AI preferences. + +## Windows (GPO) + +```url +Software\Policies\Mozilla\Firefox\GenerativeAI\Chatbot = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\GenerativeAI\LinkPreviews = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\GenerativeAI\TabGroups = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\GenerativeAI\Locked = 0x1 | 0x0 +``` + +## Windows (Intune) + +OMA-URI: + +```url +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~GenerativeAI/GenerativeAI_Chatbot +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~GenerativeAI/GenerativeAI_LinkPreviews +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~GenerativeAI/GenerativeAI_TabGroups +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~GenerativeAI/GenerativeAI_Locked +``` + +Value (string): + +```xml + or +``` + +## macOS + +```xml + + GenerativeAI + + Chatbot + | + LinkPreviews + | + TabGroups + | + Locked + | + + +``` + +## policies.json + +```json +{ + "policies": { + "GenerativeAI": { + "Chatbot": true | false, + "LinkPreviews": true | false, + "TabGroups": true | false, + "Locked": true | false + } + } +} +``` From 5be394ab582dd2c0210061c6910e85af77a68869 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 15:42:17 +0100 Subject: [PATCH 05/16] chore: sync with af2dde8 --- .../docs/reference/policies/AutoLaunchProtocolsFromOrigins.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/reference/policies/AutoLaunchProtocolsFromOrigins.mdx b/src/content/docs/reference/policies/AutoLaunchProtocolsFromOrigins.mdx index 1c167ef..13624ca 100644 --- a/src/content/docs/reference/policies/AutoLaunchProtocolsFromOrigins.mdx +++ b/src/content/docs/reference/policies/AutoLaunchProtocolsFromOrigins.mdx @@ -6,7 +6,7 @@ category: "Network security" Define a list of external protocols that can be used from listed origins without prompting the user. The origin is the scheme plus the hostname. -The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://cloud.google.com/docs/chrome-enterprise/policies/?policy=AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). +The syntax of this policy is exactly the same as the [Chrome AutoLaunchProtocolsFromOrigins policy](https://chromeenterprise.google/policies/#AutoLaunchProtocolsFromOrigins) except that you can only use valid origins (not just hostnames). This also means that you cannot specify a wildcard (`*`) for all origins. The schema is: From f4d733e1b702b3753b6a2c7b114ea7d3029d6ace Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 15:45:59 +0100 Subject: [PATCH 06/16] chore: sync with 03f1fd3 --- .../docs/reference/policies/EnableTrackingProtection.mdx | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/content/docs/reference/policies/EnableTrackingProtection.mdx b/src/content/docs/reference/policies/EnableTrackingProtection.mdx index 2e6af83..ed462bc 100644 --- a/src/content/docs/reference/policies/EnableTrackingProtection.mdx +++ b/src/content/docs/reference/policies/EnableTrackingProtection.mdx @@ -10,12 +10,13 @@ If this policy is not configured, tracking protection is not enabled by default **Compatibility:** Firefox 60, Firefox ESR 60 (Cryptomining and Fingerprinting added in 70/68.2, Exceptions added in 73/68.5. Category added in Firefox 142/140.2.)\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled` +**Preferences Affected:** `privacy.trackingprotection.enabled`, `privacy.trackingprotection.pbmode.enabled`, `privacy.trackingprotection.cryptomining.enabled`, `privacy.trackingprotection.fingerprinting.enabled`, `privacy.fingerprintingProtection`, `privacy.trackingprotection.emailtracking.enabled`, `privacy.trackingprotection.emailtracking.pbmode.enabled`, `privacy.trackingprotection.allow_list.baseline.enabled`, `privacy.trackingprotection.allow_list.convenience.enabled` ## Values - If `Value` is set to false, tracking protection is disabled and locked in both the regular browser and private browsing. - If `Value` is set to true, tracking protection is enabled by default in both the regular browser and private browsing and the `Locked` value determines whether or not a user can change it. +- If `Locked` is set to true, users cannot change tracking protection values. - If `Cryptomining` is set to true, cryptomining scripts on websites are blocked. - If `Fingerprinting` is set to true, fingerprinting scripts on websites are blocked. - If `EmailTracking` is set to true, hidden email tracking pixels and scripts on websites are blocked. (Firefox 112) @@ -23,6 +24,11 @@ If this policy is not configured, tracking protection is not enabled by default - `Exceptions` are origins for which tracking protection is not enabled. - `Category` can be either `strict` or `standard`. If category is set, it overrides all other settings except `Exceptions` and the user cannot change the category. (Firefox 142, Firefox ESR 140.2) +- If `BaselineExceptions` is true, Firefox will automatically apply exceptions required to avoid major website breakage. (Firefox 145) +- If `ConvenienceExceptions` is true, Firefox will apply exceptions automatically that are only required to fix minor issues and make convenience features available. (Firefox 145) + +> [!NOTE] +> Users can change `BaselineExceptions` and `ConvenienceExceptions` even when `Category` is set to `strict` unless `Locked` is set to true. ## Windows (GPO) From 7c4e19b48f51a94250bc81d28408429248a50e03 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 15:48:43 +0100 Subject: [PATCH 07/16] chore: sync with bb25592 --- .../docs/reference/policies/GenerativeAI.mdx | 21 ++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/content/docs/reference/policies/GenerativeAI.mdx b/src/content/docs/reference/policies/GenerativeAI.mdx index 71a107c..a96877c 100644 --- a/src/content/docs/reference/policies/GenerativeAI.mdx +++ b/src/content/docs/reference/policies/GenerativeAI.mdx @@ -8,18 +8,25 @@ Configure generative AI features. **Compatibility:** Firefox 144, Firefox ESR 140.4\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.ml.chat.enabled`, `browser.ml.linkPreview.optin`, `browser.tabs.groups.smart.userEnabled` +**Preferences Affected:** `browser.ml.chat.enabled`, `browser.ml.chat.page`, `browser.ml.linkPreview.optin`, `browser.tabs.groups.smart.userEnabled` ## Values -- `Chatbot` If false, AI chatbots are not available in the sidebar. -- `LinkPreviews` If false, AI is not used to generate link previews (Firefox 144). -- `TabGroups` If false, AI is not used to suggest names and tabs for tab groups (Firefox 144). -- `Locked` prevents the user from changing generative AI preferences. +- `Enabled` Controls whether generative AI features are enabled by default. + If false, all generative AI features are disabled by default. + Individual generative AI policies can override this setting. +- `Chatbot` Controls access to AI chatbots in the sidebar. + If false, AI chatbots are not available in the sidebar. +- `LinkPreviews` (Firefox 144+) Controls whether AI is used to generate link previews. + If false, AI is not used to generate link previews. +- `TabGroups` (Firefox 144+) Controls whether AI is used to suggest names and tabs for tab groups. + If false, AI is not used to suggest names or tabs for tab groups. +- `Locked` Prevents the user from changing generative AI preferences. ## Windows (GPO) ```url +Software\Policies\Mozilla\Firefox\GenerativeAI\Enabled = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\GenerativeAI\Chatbot = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\GenerativeAI\LinkPreviews = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\GenerativeAI\TabGroups = 0x1 | 0x0 @@ -31,6 +38,7 @@ Software\Policies\Mozilla\Firefox\GenerativeAI\Locked = 0x1 | 0x0 OMA-URI: ```url +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~GenerativeAI/GenerativeAI_Enabled ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~GenerativeAI/GenerativeAI_Chatbot ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~GenerativeAI/GenerativeAI_LinkPreviews ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~GenerativeAI/GenerativeAI_TabGroups @@ -49,6 +57,8 @@ Value (string): GenerativeAI + Enabled + | Chatbot | LinkPreviews @@ -67,6 +77,7 @@ Value (string): { "policies": { "GenerativeAI": { + "Enabled": true | false, "Chatbot": true | false, "LinkPreviews": true | false, "TabGroups": true | false, From ea3239ced21bdf68e163672741cd66b29d2e447b Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 15:52:33 +0100 Subject: [PATCH 08/16] chore: sync with ae1786e --- .../policies/EnableTrackingProtection.mdx | 34 ++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/src/content/docs/reference/policies/EnableTrackingProtection.mdx b/src/content/docs/reference/policies/EnableTrackingProtection.mdx index ed462bc..c0d09b6 100644 --- a/src/content/docs/reference/policies/EnableTrackingProtection.mdx +++ b/src/content/docs/reference/policies/EnableTrackingProtection.mdx @@ -41,6 +41,8 @@ Software\Policies\Mozilla\Firefox\EnableTrackingProtection\EmailTracking = 0x1 | Software\Policies\Mozilla\Firefox\EnableTrackingProtection\SuspectedFingerprinting = 0x1 | 0x0 Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Exceptions\1 = "https://example.com" Software\Policies\Mozilla\Firefox\EnableTrackingProtection\Category = "strict" | "standard" +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\BaselineExceptions = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\EnableTrackingProtection\ConvenienceExceptions = 0x1 | 0x0 ``` ## Windows (Intune) @@ -142,6 +144,30 @@ Value (string): or ``` +OMA-URI: + +```url +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/H_TrackingProtection_BaselineExceptions +``` + +Value (string): + +``` + or +``` + +OMA-URI: + +```url +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~TrackingProtection/H_TrackingProtection_ConvenienceExceptions +``` + +Value (string): + +``` + or +``` + ## macOS ```xml @@ -166,6 +192,10 @@ Value (string): https://example.com + BaselineExceptions + | + ConvenienceExceptions + | ``` @@ -183,7 +213,9 @@ Value (string): "EmailTracking": true | false, "SuspectedFingerprinting": true | false, "Category": "strict" | "standard", - "Exceptions": ["https://example.com"] + "Exceptions": ["https://example.com"], + "BaselineExceptions": true | false, + "ConvenienceExceptions": true | false } } } From e100863634fd07069b922ca5d3f0a91f5868c865 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 16:10:53 +0100 Subject: [PATCH 09/16] chore: sync with 9b74a7c --- src/content/docs/reference/policies/FirefoxSuggest.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/content/docs/reference/policies/FirefoxSuggest.mdx b/src/content/docs/reference/policies/FirefoxSuggest.mdx index 6f3bfe5..ebb4a74 100644 --- a/src/content/docs/reference/policies/FirefoxSuggest.mdx +++ b/src/content/docs/reference/policies/FirefoxSuggest.mdx @@ -5,10 +5,11 @@ category: "Search" --- Customize Firefox Suggest (US only). +As of Firefox 146, `WebSuggestions` turns off Suggest completely. **Compatibility:** Firefox 118, Firefox ESR 115.3.\ **CCK2 Equivalent:** N/A\ -**Preferences Affected:** `browser.urlbar.suggest.quicksuggest.nonsponsored`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled` +**Preferences Affected:** `browser.urlbar.suggest.quicksuggest.all`, `browser.urlbar.suggest.quicksuggest.sponsored`, `browser.urlbar.quicksuggest.dataCollection.enabled` ## Windows (GPO) From f1ad59a066e176241dc258e8ebd1e29a5fec0eec Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 16:16:34 +0100 Subject: [PATCH 10/16] chore: sync with eb45c31 --- .../reference/policies/BrowserDataBackup.mdx | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 src/content/docs/reference/policies/BrowserDataBackup.mdx diff --git a/src/content/docs/reference/policies/BrowserDataBackup.mdx b/src/content/docs/reference/policies/BrowserDataBackup.mdx new file mode 100644 index 0000000..6b89c34 --- /dev/null +++ b/src/content/docs/reference/policies/BrowserDataBackup.mdx @@ -0,0 +1,64 @@ +--- +title: "BrowserDataBackup" +description: "Disable backup or restore of profile data." +category: "Security" +--- + +Disable backup or restore of profile data. +Backup and restore can be disabled individually. + +> [!NOTE] +> The policy can be used to disable backup and restore if it would otherwise be enabled, but cannot be used to force backup or restore to be enabled under conditions where it would not otherwise be (such as a platform on which backup or restore are not yet supported). + +**Compatibility:** Firefox 146\ +**CCK2 Equivalent:** N/A\ +**Preferences Affected:** N/A\ + +### Windows (GPO) + +``` +Software\Policies\Mozilla\Firefox\BrowserDataBackup\AllowBackup = 0x1 | 0x0 +Software\Policies\Mozilla\Firefox\BrowserDataBackup\AllowRestore = 0x1 | 0x0 +``` + +## Windows (Intune) + +OMA-URI: + +``` +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Backup/BrowserDataBackup_AllowBackup +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Backup/BrowserDataBackup_AllowRestore +``` + +Value (string): + +``` + or +``` + +## macOS + +```xml + + BrowserDataBackup + + AllowBackup + | + AllowRestore + | + + +``` + +## policies.json + +```json +{ + "policies": { + "BrowserDataBackup": { + "AllowBackup": true | false, + "AllowRestore": true | false + } + } +} +``` From 0cf241f62cc1ff164feea853b665495978e5be9b Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 16:18:38 +0100 Subject: [PATCH 11/16] chore: sync with 029b6b4, eb45c31 --- src/content/docs/reference/policies/DisableProfileImport.mdx | 4 ++-- src/content/docs/reference/policies/UserMessaging.mdx | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/content/docs/reference/policies/DisableProfileImport.mdx b/src/content/docs/reference/policies/DisableProfileImport.mdx index d8135b4..a80202a 100644 --- a/src/content/docs/reference/policies/DisableProfileImport.mdx +++ b/src/content/docs/reference/policies/DisableProfileImport.mdx @@ -1,10 +1,10 @@ --- title: "DisableProfileImport" -description: 'Disables the "Import data from another browser" option in the bookmarks window.' +description: "Remove the ability to import data from other browsers." category: "Bookmarks" --- -Disables the "Import data from another browser" option in the bookmarks window. +Remove the ability to import data from other browsers. **Compatibility:** Firefox 60, Firefox ESR 60\ **CCK2 Equivalent:** N/A\ diff --git a/src/content/docs/reference/policies/UserMessaging.mdx b/src/content/docs/reference/policies/UserMessaging.mdx index 39603b9..97a9c9c 100644 --- a/src/content/docs/reference/policies/UserMessaging.mdx +++ b/src/content/docs/reference/policies/UserMessaging.mdx @@ -19,7 +19,6 @@ Prevent Firefox from messaging the user in certain situations. - `SkipOnboarding`: If `true`, don't show onboarding messages on the new tab page. - `MoreFromMozilla`: If `false`, don't show the "More from Mozilla" section in Preferences. (Firefox 98) - `FirefoxLabs`: If `false`, don't show the "Firefox Labs" section in Preferences. (Firefox 130.0.1) - > [!NOTE] Firefox Labs is controlled by Nimbus, our testing platform, so disabling telemetry also disables Firefox Labs. - `Locked`: Prevents the user from changing user messaging preferences. ## Windows (GPO) From 8d78f866e0acd235d1168d915c0a78a71a911f0a Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 16:20:19 +0100 Subject: [PATCH 12/16] chore: sync with f98a067 --- src/content/docs/reference/policies/BrowserDataBackup.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/reference/policies/BrowserDataBackup.mdx b/src/content/docs/reference/policies/BrowserDataBackup.mdx index 6b89c34..f626e02 100644 --- a/src/content/docs/reference/policies/BrowserDataBackup.mdx +++ b/src/content/docs/reference/policies/BrowserDataBackup.mdx @@ -26,8 +26,8 @@ Software\Policies\Mozilla\Firefox\BrowserDataBackup\AllowRestore = 0x1 | 0x0 OMA-URI: ``` -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Backup/BrowserDataBackup_AllowBackup -./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Backup/BrowserDataBackup_AllowRestore +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~BrowserDataBackup/BrowserDataBackup_AllowBackup +./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~BrowserDataBackup/BrowserDataBackup_AllowRestore ``` Value (string): From df775cf5bf2dd6a5a6939f758bca51d22819fba8 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 16:29:46 +0100 Subject: [PATCH 13/16] chore: sync with 2d3e23d --- .../reference/policies/ExtensionSettings.mdx | 66 +++++++++++-------- 1 file changed, 39 insertions(+), 27 deletions(-) diff --git a/src/content/docs/reference/policies/ExtensionSettings.mdx b/src/content/docs/reference/policies/ExtensionSettings.mdx index 70f873d..4e57250 100644 --- a/src/content/docs/reference/policies/ExtensionSettings.mdx +++ b/src/content/docs/reference/policies/ExtensionSettings.mdx @@ -13,7 +13,6 @@ A default configuration can be set for the special ID `*`, which will apply to a To obtain an extension ID, install the extension and go to `about:support`. You will see the ID in the Extensions section. You can [download am extension on AMO](https://github.com/mkaply/queryamoid/releases/tag/v0.1) that makes it easy to find the ID of extensions. -Alternatively, the [Mozilla Addons API](https://mozilla.github.io/addons-server/topics/api/addons.html#detail) returns the ID as `guid`: https://addons.mozilla.org/api/v5/addons/addon/ublock-origin/ > [!NOTE] > If the extension ID is a UUID (e.g., `{12345678-1234-1234-1234-1234567890ab}`), you must include curly braces around the ID. @@ -26,22 +25,42 @@ Alternatively, the [Mozilla Addons API](https://mozilla.github.io/addons-server/ The configuration for each extension is a dictionary that can contain the fields documented below. -| Name | Description | -| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `installation_mode` | Maps to a string indicating the installation mode for the extension. The valid strings are `allowed`,`blocked`,`force_installed`, and `normal_installed`. | -|     `allowed` | Allows the extension to be installed by the user. This is the default behavior. There is no need for an install_url; it will automatically be allowed based on the ID. | -|     `blocked` | Blocks installation of the extension and removes it from the device if already installed. | -|     `force_installed` | The extension is automatically installed and can't be removed by the user. This option is not valid for the default configuration and requires an install_url. | -|     `normal_installed` | The extension is automatically installed but can be disabled by the user. This option is not valid for the default configuration and requires an install_url. | -| `install_url` | Maps to a URL indicating where Firefox can download a force_installed or normal_installed extension. If installing from the local file system, use a [`file:///` URL](https://en.wikipedia.org/wiki/File_URI_scheme). If installing from the addons.mozilla.org, use the following URL (substituting ID with the extension ID or with the short name from the URL on AMO), https://addons.mozilla.org/firefox/downloads/latest/ID/latest.xpi. Languages packs are available from https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi. If you need to update the extension, you can change the name of the extension and it will be automatically updated. Extensions installed from file URLs will additional be updated when their internal version changes. | -| `install_sources` | A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the \*.xpi file and the page where the download is started from (i.e. the referrer) must be allowed by these patterns. This setting can be used only for the default configuration. | -| `allowed_types` | This setting whitelists the allowed types of extension/apps that can be installed in Firefox. The value is a list of strings, each of which should be one of the following: "extension", "theme", "dictionary", "locale" This setting can be used only for the default configuration. | -| `blocked_install_message` | This maps to a string specifying the error message to display to users if they're blocked from installing an extension. This setting allows you to append text to the generic error message displayed when the extension is blocked. This could be be used to direct users to your help desk, explain why a particular extension is blocked, or something else. This setting can be used only for the default configuration. | -| `restricted_domains` | An array of domains on which content scripts can't be run. This setting can be used only for the default configuration. | -| `updates_disabled` | (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether or not to disable automatic updates for an individual extension. | -| `default_area` | (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`. | -| `temporarily_allow_weak_signatures` | (Firefox 127) A boolean that indicates whether to allow installing extensions signed using deprecated signature algorithms. | -| `private_browsing` | (Firefox 136, Firefox ESR 128.8) A boolean that indicates whether or not this extension should be enabled in private browsing. | +- `installation_mode`: Maps to a string indicating the installation mode for the extension. + Valid values: + - `allowed`: Allows the extension to be installed by the user. This is the default behavior. There is no need for an `install_url`; it will automatically be allowed based on the ID. + - `blocked`: Blocks installation of the extension and removes it from the device if already installed. If used in the default (`"*"`) configuration, it blocks all extensions that do not have an explicit configuration with a different `installation_mode`. + - `force_installed`: Automatically installs the extension and prevents it from being removed by the user. This option is not valid for the default configuration and requires an `install_url`. + - `normal_installed`: Automatically installs the extension but allows it to be disabled by the user. This option is not valid for the default configuration and requires an `install_url`. +- `install_url`: The URL from which Firefox can download a `force_installed` or `normal_installed` extension. Firefox automatically installs, updates, or re-installs the extension when the XPI file's internal [`version`](https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/version) changes. + - If installing from `addons.mozilla.org`, use `https://addons.mozilla.org/firefox/downloads/latest/ADDON_ID/latest.xpi` and substitute **ADDON_ID** with the extension's ID (for example, `uBlock0@raymondhill.net` or `{446900e4-71c2-419f-a6a7-df9c091e268b}`). + Using the AMO ID ensures Firefox always downloads the latest version that matches the user's platform. + - If installing from the local file system, use a [`file:///` URL](https://en.wikipedia.org/wiki/File_URI_scheme). Firefox will update or re-install the extension whenever the XPI file at that path changes. You can also manually trigger an update by changing the file name or path. + - Language packs are available from + `https://releases.mozilla.org/pub/firefox/releases/VERSION/PLATFORM/xpi/LANGUAGE.xpi` + (for example, `https://releases.mozilla.org/pub/firefox/releases/111.0.1/win64/xpi/en-US.xpi`). These URLs can be used as `install_url` values for managing language pack installation. +- `install_sources`: A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** + Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the `.xpi` file and the page where the download is started (the referrer) must be allowed by these patterns. This setting can be used only for the default configuration. +- `allowed_types`: Restricts which types of add-ons can be installed. This setting only applies when installation is otherwise allowed. If `"installation_mode": "blocked"` is set (either for a specific ID or for `"*"`), extensions remain blocked regardless of `allowed_types`. This setting can be used only for the default configuration. + Accepts one or more of: + - `"extension"` + - `"theme"` + - `"dictionary"` + - `"locale"` + **Note:** +- `blocked_install_message`: Maps to a string specifying the error message to display to users if they're blocked from installing an extension. This allows you to append text to the generic error message, for example to direct users to a help desk or explain why an extension is blocked. This setting can be used only for the default configuration. +- `restricted_domains`: An array of domains on which content scripts can't be run. This setting can be used only for the default configuration. +- `updates_disabled`: (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether to disable automatic updates for an individual extension. +- `default_area`: (Firefox 113) String that indicates where to place the extension icon by default. Possible values are `navbar` and `menupanel`. +- `temporarily_allow_weak_signatures`: (Firefox 127) Boolean that indicates whether to allow installing extensions signed using deprecated signature algorithms. +- `private_browsing`: (Firefox 136, Firefox ESR 128.8) Boolean that indicates whether this extension should be enabled in private browsing. + +## Interaction notes + +- `"installation_mode": "blocked"` takes precedence over all other settings. + When set, extensions cannot be installed regardless of `allowed_types` or `install_sources`. + A configuration for a specific extension ID still overrides the `"*"` configuration. +- To block all extensions except a few, use `"installation_mode": "blocked"` for `"*"` and explicitly override it for allowed or force-installed extensions. +- To block extensions but allow themes, dictionaries, and language packs, use `"allowed_types": ["theme", "dictionary", "locale"]` in the default (`"*"` ) configuration. (`"locale"` corresponds to Firefox language packs.) ## Windows (GPO) @@ -52,8 +71,7 @@ The configuration for each extension is a dictionary that can contain the fields "*": { "blocked_install_message": "Custom error message.", "install_sources": ["https://yourwebsite.com/*"], - "installation_mode": "blocked", - "allowed_types": ["extension"] + "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", @@ -87,8 +105,7 @@ Value (string): "*": { "blocked_install_message": "Custom error message.", "install_sources": ["https://yourwebsite.com/*"], - "installation_mode": "blocked", - "allowed_types": ["extension"] + "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", @@ -137,10 +154,6 @@ Value (string): installation_mode blocked - allowed_types - - extension - uBlock0@raymondhill.net @@ -176,8 +189,7 @@ Value (string): "*": { "blocked_install_message": "Custom error message.", "install_sources": ["https://yourwebsite.com/*"], - "installation_mode": "blocked", - "allowed_types": ["extension"] + "installation_mode": "blocked" }, "uBlock0@raymondhill.net": { "installation_mode": "force_installed", From 2de9619001558724464a1fdaf197bb980ea14bf3 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 16:30:53 +0100 Subject: [PATCH 14/16] chore: sync with 347c860 --- src/content/docs/reference/policies/ExtensionSettings.mdx | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/content/docs/reference/policies/ExtensionSettings.mdx b/src/content/docs/reference/policies/ExtensionSettings.mdx index 4e57250..f381231 100644 --- a/src/content/docs/reference/policies/ExtensionSettings.mdx +++ b/src/content/docs/reference/policies/ExtensionSettings.mdx @@ -60,7 +60,8 @@ The configuration for each extension is a dictionary that can contain the fields When set, extensions cannot be installed regardless of `allowed_types` or `install_sources`. A configuration for a specific extension ID still overrides the `"*"` configuration. - To block all extensions except a few, use `"installation_mode": "blocked"` for `"*"` and explicitly override it for allowed or force-installed extensions. -- To block extensions but allow themes, dictionaries, and language packs, use `"allowed_types": ["theme", "dictionary", "locale"]` in the default (`"*"` ) configuration. (`"locale"` corresponds to Firefox language packs.) +- To block extensions but allow themes, dictionaries, and language packs, leave the default (`"*"` ) `installation_mode` as `"allowed"` and set `"allowed_types": ["theme", "dictionary", "locale"]`. (`"locale"` corresponds to Firefox language packs.) + **Do not set `"installation_mode": "blocked"` in this scenario**, because `allowed_types` is ignored when installation is blocked. ## Windows (GPO) From 8bed85b12aae41b493ec579a21c4f06a419cf264 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 16:35:25 +0100 Subject: [PATCH 15/16] chore: make CI happy --- src/content/docs/reference/policies/Extensions.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/reference/policies/Extensions.mdx b/src/content/docs/reference/policies/Extensions.mdx index 61b04e1..450400b 100644 --- a/src/content/docs/reference/policies/Extensions.mdx +++ b/src/content/docs/reference/policies/Extensions.mdx @@ -7,7 +7,7 @@ category: "Extensions" Control the installation, uninstallation and locking of extensions. > [!WARNING] -> The **[`ExtensionSettings`](#extensionsettings)** policy was added in Firefox 69. +> The **[`ExtensionSettings`](/enterprise-admin-reference/reference/policies/extensionsettings)** policy was added in Firefox 69. > It provides additional functionality to `Extensions` and is closer in compatibility to Chrome and Edge. > It does not support native paths, so you'll have to use `file://` URLs. > Before using `Extensions`, it's recommended to use `ExtensionSettings` as all future improvements will be applied to that policy instead. From 7603ee915980294faf41e21c102ae050c24aafdc Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Fri, 9 Jan 2026 16:41:15 +0100 Subject: [PATCH 16/16] chore: quick tidy --- src/content/docs/reference/policies/ExtensionSettings.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/content/docs/reference/policies/ExtensionSettings.mdx b/src/content/docs/reference/policies/ExtensionSettings.mdx index f381231..2bf0f68 100644 --- a/src/content/docs/reference/policies/ExtensionSettings.mdx +++ b/src/content/docs/reference/policies/ExtensionSettings.mdx @@ -40,13 +40,14 @@ The configuration for each extension is a dictionary that can contain the fields (for example, `https://releases.mozilla.org/pub/firefox/releases/111.0.1/win64/xpi/en-US.xpi`). These URLs can be used as `install_url` values for managing language pack installation. - `install_sources`: A list of sources from which installing extensions is allowed using URL match patterns. **This is unnecessary if you are only allowing the installation of certain extensions by ID.** Each item in this list is an extension-style match pattern. Users will be able to easily install items from any URL that matches an item in this list. Both the location of the `.xpi` file and the page where the download is started (the referrer) must be allowed by these patterns. This setting can be used only for the default configuration. -- `allowed_types`: Restricts which types of add-ons can be installed. This setting only applies when installation is otherwise allowed. If `"installation_mode": "blocked"` is set (either for a specific ID or for `"*"`), extensions remain blocked regardless of `allowed_types`. This setting can be used only for the default configuration. +- `allowed_types`: Restricts which types of add-ons can be installed. Note that this setting only applies when installation is otherwise allowed. + If `"installation_mode": "blocked"` is set (either for a specific ID or for `"*"`), extensions remain blocked regardless of `allowed_types`. + This setting can be used only for the default configuration. Accepts one or more of: - `"extension"` - `"theme"` - `"dictionary"` - - `"locale"` - **Note:** + - `"locale"` - `blocked_install_message`: Maps to a string specifying the error message to display to users if they're blocked from installing an extension. This allows you to append text to the generic error message, for example to direct users to a help desk or explain why an extension is blocked. This setting can be used only for the default configuration. - `restricted_domains`: An array of domains on which content scripts can't be run. This setting can be used only for the default configuration. - `updates_disabled`: (Firefox 89, Firefox ESR 78.11) Boolean that indicates whether to disable automatic updates for an individual extension.