Search Support

Beware of phishing attacks: Mozilla will never ask you to call a number or visit a non-Mozilla website. Please ignore such requests.

Learn More

Configurer MF with Intune MDM (admx/ OMA-URI)

  • 9 odgovori
  • 3 ima ovaj problem
  • 1387 views
  • Posljednji odgovor poslao Mike Kaply

more options

Hi, In my compagny, we want to configure MF with Intune MDM. Unfortunately, we have some problem to set the homepage. We use the last version of MF and admx file but we get an error when we set up the parameters.

Priloženi snimci ekrana

Izabrano rješenje

I have an answer for you!

OMA URI is:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL

(assuming you used ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/FirefoxAdmx as the OMA-URI when importing the ADMX file)

Set the value to string and enter:

<enabled/>

<data id="HomepageURL" value="https://www.mozilla.org"/> and optionally <data id="HomepageLocked" value="true"/>

Now that I know how all of this works, I'll be working on Intune documentation.

Pročitajte ovaj odgovor sa objašnjenjem 👍 0

All Replies (9)

more options

Any news about this problem ?

more options

What errror specifically? Did you put the protocol in front of the homepage?

http://homepage.com

Is there an error on about:policies?

more options

Hello,

Yes we put the protocol in front of the homepage example : <data id="URL" value="https://domain.com/default.aspx/" />

We have the error "0x87d1fde8" in Intune MDM (it's the common error for bad OMA-URI settings).

We havn't this policies on "about:policies" (because Intune get an error when it tries to apply it).

Izmjenjeno od strane MattD

more options

Just wanted to let you know I'm trying to get an account to test/debug this.

more options

Odabrano rješenje

I have an answer for you!

OMA URI is:

./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Homepage/HomepageURL

(assuming you used ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/FirefoxAdmx as the OMA-URI when importing the ADMX file)

Set the value to string and enter:

<enabled/>

<data id="HomepageURL" value="https://www.mozilla.org"/> and optionally <data id="HomepageLocked" value="true"/>

Now that I know how all of this works, I'll be working on Intune documentation.

more options

Hi Everyone,

I'm trying to configure an addon whitelist for firefox in my organization and having trouble translating from GPO format (json) to the value format (SyncML data).

According to the firefox policy documentation this can be done using the https://github.com/mozilla/policy-templates#extensionsettings policy which specifies an example windows GPO json:

Software\Policies\Mozilla\Firefox\ExtensionSettings (REG_MULTI_SZ) = {

 "*": {
   "blocked_install_message": "Custom error message.",
   "install_sources": ["https://addons.mozilla.org/"],
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"
 }

}

Now looking in the ADMX I find:

<policy name="ExtensionSettings" class="Both" displayName="$(string.ExtensionSettings)" key="Software\Policies\Mozilla\Firefox" explainText="$(string.ExtensionSettings_Explain)" presentation="$(presentation.ExtensionSettings)">">

     <parentCategory ref="Extensions"/>
     <supportedOn ref="SUPPORTED_FF69"/>
     <elements>
       <multiText id="ExtensionSettings" valueName="ExtensionSettings"  maxLength="2048"/>
     </elements>
   </policy>

from which I understand that I need to specify a data element with the id ExtensionSetting in Intune. Something like this:

<data id="ExtensionSettings" value="*cfhdojbkjhnklbpkdaibdccddilifddb2ndjpnladcallmjemlbaebfadecfhkepb"/>

The problem is I have no idea how to specify a dictionary within the value property as described in the dicumentation (https://github.com/mozilla/policy-templates#extensionsettings) "The configuration for each extension is another dictionary that can contain the fields documented below."

How can I transform the GPO json to XML that I can enter as the value for this policy setting?

more options

You should just do a string value and put the JSON in the string value as you indicated.

The dictionary terminology is only referring to the JSON syntax.

I'm in the process of creating Intune documentation for all this and should have something soon.

more options

Mike Kaply said

You should just do a string value and put the JSON in the string value as you indicated. The dictionary terminology is only referring to the JSON syntax. I'm in the process of creating Intune documentation for all this and should have something soon.

That would be awesome. This is what the sring value for ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~extensions/ExtensionSettings looks like now:

<data id="ExtensionSettings" value=""*": {

   "blocked_install_message": "Contact IT for extension installation.",
   "installation_mode": "blocked",
 },
 "ced9def2-2d86-4a1b-a9eb-29e2f3c9eb48": {
   "installation_mode": "allowed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/3465376/adblock_pro-2.0.3-an+fx.xpi"
 }"/>

I'm also trying to set a few policies but all of them are failing. The only thing that Intune is successfully deploying is the ADMX itself ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/MozillaFirefox/Policy/FirefoxADMX

The other plolicies are:

Preventing application updated from being disabled: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/DisableAppUpdate

string value: <disabled/>

Forcing extension updates: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~extensions/ExtensionUpdate

string value: <enabled/>

Not sure why they'd be failing to deploy.

more options

So if you search on intune here:

https://github.com/mozilla/policy-templates/blob/intune/README.md

You'll see a few of the oma values I've started putting together.

I'm betting your extensionSettings problem is related to the double quotes? I'll try to get some testing done on this.