Showing questions tagged: Show all questions
  • Solved
  • Archived

Firefox Intune OMA-URI error

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions"… (read more)

Dear Everyone, Facing issue with deploying Configuration Profile for Extension Settings via Intune. Tried ADMX imported template with adding there "block all extensions" and allow certain ones. Worked perfect in Jamf, for Intune failing all time. We are using Firefox v.121, policies are for v.120, but I am in doubt that this is the issue. Can someone review and let me know if there any issue or may be changes? Using latest instructions https://mozilla.github.io/policy-templates/#extensionsettings Also here is my OMA, very easy.

OMA used ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

Value(string):

<enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": "Security Test",
   "installation_mode": "blocked",
   "allowed_types": ["extension"]
 },
 "{bf855ead-d7c3-4c7b-9f88-9a7e75c0efdf}": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/zoom-new-scheduler/latest.xpi"
 },
   "@react-devtools": {
   "installation_mode": "allowed"
 }

}'/>

Asked by Valery Volos 6 months ago

Answered by Mike Kaply 6 months ago

Folder redirection conflicts synchronization firefox profile

Welcome, We are implementing redirected folders in our company via Widnows Server. We are also redirecting the Appdata folder. We have offline mode enabled which means th… (read more)

Welcome, We are implementing redirected folders in our company via Widnows Server. We are also redirecting the Appdata folder. We have offline mode enabled which means that the folders are synchronised every 5 minutes. The synchronised Appdata folder has a Firefox profile which causes a lot of conflicts. Every time the folder is synced there are conflicts like "Both versions have been updated since the last sync" or "Cannot sync now. Try again". I attach a screen shot of how much of this there is. No other applications cause such errors. Only Firefox blocks us from a large deployment. If the problem cannot be resolved we will be forced to abandon the FireFox browser altogether. Has anyone had a similar problem?

Asked by sebastian.pawlowski 4 months ago

Last reply by Mike Kaply 3 months ago

  • Solved
  • Archived

Intune ExtensionSettings Policy No Longer Working in Firefox

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~fi… (read more)

Hello, in Firefox browser, my organization has always blocked all extensions except for ones we allow through OMA-URI ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings.

About a month ago this stopped working and our end users can now install any extension in the Firefox browser that they choose, without approval, creating a security risk.

When checking in about:policies, there is a policy error: Unable to parse JSON for ExtensionSettings. We have checked with Microsoft Intune support and they verified that the policy looks to be configured and targeted correctly.

Here is a snippet of our JSON, this is a test policy where microsoft support had us remove "about:addons" from the 'install sources'. Both test and production policies are not working.

<enabled/>
<data id="ExtensionSettings" value='
{
    "*": {
        "blocked_install_message": "Contact Service Line",
        "install_sources": ["https://addons.mozilla.org/*"],
        "installation_mode": "blocked",
        "allowed_types": ["extension"]
    },
    "cloudmetering@snowsoftware.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Snow Software/Inventory/Agent/FFCloudmetering.xpi"
    },
    "fpdlpffext2@forcepoint.com": {
        "installation_mode": "force_installed",
        "install_url": "file:///C:/Program Files/Websense/Websense Endpoint/winFFext.xpi"
    },
    "jid1-5AULKXLKGyjuLQ@jetpack": {
        "installation_mode": "allowed"
    },
    "abb@amazon.com": {
        "installation_mode": "allowed"
    },
    "ciscowebexstart1@cisco.com": {
        "installation_mode": "allowed"
    },
    "linkedinConverted@firefox-extension": {
        "installation_mode": "allowed"
    },
    "{7bc53591-5218-45a0-b572-4366979097fd}": {
        "installation_mode": "allowed"
    },
    "queryamoid@kaply.com": {
        "installation_mode": "allowed"
    },
    "jid1-93WyvpgvxzGATw@jetpack": {
        "installation_mode": "allowed"
    },

Is this a bug? Or something wrong with our configuration? Has firefox changed the requirements of the extensionsettings OMA-URI?

Thanks for any help in advance.

Asked by victoria.gray 1 year ago

Answered by victoria.gray 1 year ago

  • Archived

Unable to access application on Mozilla Firefox v112.0.1(64 bit)

Dear Team, Our application is accessible on Firefox v101.0.1. But recently we have upgraded our desktops with Firefox v112.0.1. The same application accessible on Firefox… (read more)

Dear Team, Our application is accessible on Firefox v101.0.1. But recently we have upgraded our desktops with Firefox v112.0.1. The same application accessible on Firefox 101.0.1 is not able to accessible on v112.0.1.

The error code we could see on browser is SEC_ERROR+PKCS11_GENERAL_ERROR. We have already raised a case with HTTP support team but they have suggested to check at browser level. We had also collected traces from firefox but unable to upload the same. Kindly help here at the earliest. Thanks, Shruti Fegade

Asked by shfegade 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

Intune OMA-URI extensions

I am trying trying to install the keeper extension via intune but am having trouble with the oma-uri. It looks right to me but I might be missing something. Prior to runn… (read more)

I am trying trying to install the keeper extension via intune but am having trouble with the oma-uri. It looks right to me but I might be missing something. Prior to running this I followed https://mzl.la/3vYAIYT and added the Firefox ADMX. Both run successfully but it does not add the extension. Firefox version 116.0.3

OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings

String: <enabled/> <data id="ExtensionSettings" value=' {

 "*": {
   "blocked_install_message": Opps, this may have been a mistake reach out to IT.",
   "install_sources":["about:addons","https://addons.mozilla.org/"],
   "installation_mode": "allowed",
   "allowed_types": ["extension" ,"theme"]
 },
 "KeeperFFStoreExtension@KeeperSecurityInc": {
   "installation_mode": "normal_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/latest/keeper-password-manager/latest.xpi",

"default_area": "navbar"

 },

}'/>

Asked by ParisTheGreat 10 months ago

Last reply by Mike Kaply 9 months ago

  • Archived

GPO, Reg Key, Nothing works to force add/install an extension.

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable f… (read more)

I am writing from an enterprise environment and I have been directed to the community page by Mozilla support to seek answers. This approach seems somewhat unreasonable for an enterprise setting and it has led me to consider discontinuing their product within our organization. I had requested support to send me a copy of my previous correspondence as I had forgotten some details, but this request was ignored, which is disappointing.

I am skeptical about receiving the help or answers I need here. If there is a more direct line to Mozilla support, I would greatly appreciate being redirected there.

We are currently using Firefox 121.0 and are attempting to implement the Applied Epic extension. I have updated the ADMX policy.

Originally, the reg key flip I created did work but something has changed since then. See screenshot of this. I followed the guide provided at https://github.com/mozilla/policy-templates/blob/v5.5/docs/index.md, which instructed me to place the registry key in Software\Policies\Mozilla\Firefox\Extensions\Install\1. However, the guide did not specify whether this should be in HKLM or HKCU. I tried this instead, and it did not work.

I also attempted to implement the extension via GPO, but this was unsuccessful. I tried the new Extension Management system as well, but to no avail.

Here is the JSON configuration I used: {

 "AppliedEpicExtension@gmail.com": {
   "installation_mode": "force_installed",
   "install_url": "https://addons.mozilla.org/firefox/downloads/file/4143256/applied_epic_extension-3.16.3.xpi"
 }

}

Despite following the guide and trying multiple methods, none of the options seem to work. I would appreciate any guidance on what I might be doing wrong.

Asked by BM 6 months ago

Last reply by Mike Kaply 5 months ago

  • Archived

Proxy not working

Hello, from Terminal Servers, it is not possible to browse the Internet via FortiGate's explicit proxy from the Firefox browser, while there is no problem with Chrome or … (read more)

Hello, from Terminal Servers, it is not possible to browse the Internet via FortiGate's explicit proxy from the Firefox browser, while there is no problem with Chrome or Edge. When the user tries to browse external sites, the proxy sends the error page "You need to authenticate to use this service". It seems that Firefox does not pass user authentication to FortiGate. The proxy authenticates users per session via Kerberos tickets.

Firefox version: 115.5.0esr

I also performed the following settings to pass the Kerberos ticket to the proxy without success: https://people.redhat.com/mikeb/negotiate/

I also noticed that it is not possible to change the "network.negotiate-auth.allow-proxies" setting from "false" to "true." Is this my problem? Is it normal that it cannot be changed?

Attached are the settings.

Thank you in advance.

Asked by akas89 7 months ago

Last reply by Mike Kaply 5 months ago

  • Archived

Does Firefox ESR still supports NTLM v1 ?

This might be a simple question. Does Firefox ESR still supports NTLM v1 ? Can we still add the value "network.negotiate-auth.delegation-uris" in preference. Does th… (read more)

This might be a simple question. Does Firefox ESR still supports NTLM v1 ? Can we still add the value "network.negotiate-auth.delegation-uris" in preference. Does that enabled NTLM v1. Is there any document or release notes that states Firefox is disabling this setting from Firefox 78 and later. Some how I am not able to find it in release notes.

Asked by raam.bc 1 year ago

Last reply by Mike Kaply 1 year ago

  • Solved
  • Archived

Extensions policy allowed not working (Intune ADMX)

Hi! Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings Currently looks like this: { "*": { "blocked_ins… (read more)

Hi!

Using Intune, we are setting some settings in Firefox. One that is a bit troublesome is the ExtensionSettings

Currently looks like this:

{

 "*": {
   "blocked_install_message": "Blocked.",
   "installation_mode": "blocked"
 },
 "uBlock0@raymondhill.net": {
   "installation_mode": "allowed"
 },
 "addon@darkreader.org": {
   "installation_mode": "allowed"
 },
 "@react-devtools": {
   "installation_mode": "allowed"
 }

}

I get the Blocked message if I try any of the allowed extentions like uBlock, Dark Reader or React Dev Tools.

I can add that uBlock had "force_installed" (With URL since that is required for force) and that worked fine.

Asked by janfredrik 8 months ago

Answered by janfredrik 8 months ago

Assistance Needed with Firefox Browser and Group Policy Settings

Hi there, We are currently utilizing Windows Server 2019 as our development server. To maintain security protocols, we have implemented a Group Policy to block internet … (read more)

Hi there,

We are currently utilizing Windows Server 2019 as our development server. To maintain security protocols, we have implemented a Group Policy to block internet access on this server. Initially, this configuration successfully restricted internet access on all browsers, including Firefox. However, recently we encountered an issue where internet access became available solely through the Firefox browser, posing a significant data security risk.

Upon investigation, we discovered that Firefox allows users to modify proxy settings, effectively bypassing our Group Policy restrictions. Unlike other browsers, Firefox permits users to adjust proxy settings without sufficient rights, thus overriding our established restrictions.

To mitigate this issue, we require guidance on enforcing Group Policy settings within Firefox to prevent unauthorized alterations to proxy settings and ensure internet access remains restricted. It's important to note that Firefox is exclusively utilized for development purposes on our server.

Your assistance in resolving this matter would be greatly appreciated.

Regards, Hiten

Asked by hitenj.trivedi 3 months ago

Last reply by Mike Kaply 3 months ago

  • Solved
  • Archived

Can I set Multi Account Containers default containers with endpoint deployment?

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https:/… (read more)

I am installing Firefox via microsoft endpoint, and deploying multi account containers with the OMA-URI policy for extensions. (this blog page is super helpful! https://securitygeneralist.blogspot.com/2019/08/auto-installing-extensions-on-firefox.html )

The extension by default has containers for Personal, Work, Banking, Shopping.

Is there a way to automatically remove that default container list as part of the install?

Even better, is there a way to create a different default containers list through Endpoint?

Thanks

Asked by Chris 1 year ago

Answered by Mike Kaply 1 year ago

Deploying Firefox Developer Edition with Intune

I'm having trouble find clear directions online on how to import Firefox Developer Edition into my Intune App Catalog to deploy it to users. I was able to convert the .ex… (read more)

I'm having trouble find clear directions online on how to import Firefox Developer Edition into my Intune App Catalog to deploy it to users. I was able to convert the .exe installer into a .intunewin file but Intune won't import it for some reason. All the other directions i keep finding just direct me to creating a custom configuration policy around FireFox but it looks like it is just the basic Firefox for Enterprise.

I'm hoping to either get directed to actual directions for this or even a .msi installer for the developer edition. Does that exist?

Asked by sstroup970 1 week ago

Last reply by James 1 week ago

  • Solved

Subscriptions for security advisory alerts for Firefox enterprise

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please … (read more)

I'm a security analyst. I would like to get email notifications on security advisories, alerts and vulnerability information regarding Firefox to stay up to date. Please help on how I can get the subscription?

Asked by nandini.vempati 5 months ago

Answered by Mike Kaply 5 months ago

  • Archived

Issue with managing GPO default pdf handler settings

Hi, I'm blocked because for my company i have to make a GPO that will setup the default handler for pdf files. I picked up different codes on internet but it went the sa… (read more)

Hi,

I'm blocked because for my company i have to make a GPO that will setup the default handler for pdf files. I picked up different codes on internet but it went the same way for all of them, it didn't work. Im pretty sure that's not a GPO application issue because actually all the others setings are working perfectly.

The json code was paste on the Handlers settings as u can see in the attachement.

Hopefully that i will find help there.

Cordially.

Asked by anthony.gautiericn 1 year ago

Last reply by Mike Kaply 1 year ago

  • Archived

Firefox - Intune Bookmarks - Firefox can not parse JSON file.

I am pushing out bookmarks company-wide through Intune on users Laptops. I spoke with Microsoft support and the configuration policy is created correctly and I followed F… (read more)

I am pushing out bookmarks company-wide through Intune on users Laptops. I spoke with Microsoft support and the configuration policy is created correctly and I followed Firefox's support page in creating them. It seems that the new JSON script that tells Firefox what bookmarks is unable to parse.

Anyone know if Firefox had an update that prevents intune from sending the JSON file?

Error message given through firefox.

"Unable to parse JSON for ManagedBookmarks"

Asked by aclawson 1 year ago

Last reply by Mike Kaply 1 year ago

  • Solved
  • Archived

Firefox Extension Management

Hi All, I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions… (read more)

Hi All,

I have recently been enhaciing our security posture and have started sorting out our browser extensions, however I seem to be having errors allowing 2 extensions

  • 1Password; and
  • Firefox Multi Containers.

This is my json:

{ "*": { "blocked_install_message": "version 0.4 - Addon or Extension is not approved. Please submit a ticket to Help Desk if you need access to this extension.", "install_sources": ["https://addons.mozilla.org/"], "installation_mode": "blocked" }, "{bc8367b6-d946-484e-8da6-37691f23ee64}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi" }, "{2a28e7e4-64c9-4e7f-81fb-0475af840c0f}": { "installation_mode": "allowed", "install_url": "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi" } }

I have tried the obvious and removed the {} from both extensions, however still having troubles.

Is someone able to point me in the right direction?

Asked by andrew219 11 months ago

Answered by andrew219 11 months ago

  • Solved
  • Archived

Fully disable Pocket to alleviate DNS requests

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket … (read more)

We are working on implementing Firefox for Enterprise and rolling it out through Intune/Company Portal, one challenge we are encountering is that we have disabled Pocket as thoroughly as we can (followed the guide from Mozilla https://support.mozilla.org/en-US/kb/disable-or-re-enable-pocket-for-firefox) and we are still seeing requests go out to "img-getpocket.cdn.mozilla.net" we do not want Pocket available at all, we do not want queries made to those domains, is it not possible to completely eradicate Pocket?

It wouldn't be a problem but our AV solution (MDE) has a popup every time the URL is queried and blocked.

Attached image of our configuration profile for Pocket.

Asked by null_panda 7 months ago

Answered by cor-el 7 months ago

  • Archived

Background update task

Hello everyone, being annoyed of a huge amount of Qualys tickets in my enterprise environment, i have decided to use the ability of firefox to update itself on its own i… (read more)

Hello everyone,

being annoyed of a huge amount of Qualys tickets in my enterprise environment, i have decided to use the ability of firefox to update itself on its own instead of deploying a new version each time.

Requirement: Firefox has to stay up-to-date even on devices where it is not used. That´s what the scheduled background update task and Mozilla Maintenance Service are for, right?

Problem: The background update task will only be created if a logged on user will run firefox at least one time. Since Firefox is used as the secondary browser here, it is installed on all clients, but not even half of the clients/users are running it.

I didn´t find any option to create that task manually. So - at least in my environment - the autoupdate mechanism is useless.

Is there any hope for an autoupdate mechanism which can be run independent of logged on users? Or does anyone have an idea how i could achieve my goal?

Thank you in advance!

Asked by alexander.propp 11 months ago

Last reply by Mike Kaply 6 months ago

  • Solved
  • Archived

Unable to set multiple ExtensionSettings through imported admx

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the inject… (read more)

I am using the intune preview feature which allows you to import admx/adml instead of using the custom injection method. Everything works far better then with the injection method, except for one settings:

ExtensionSettings this setting is working when I have only one setting set (ex):

{"someplugin@test.com": { "installation_mode" : "allowed" }}

If I add a second line to the entry:

{"someotherplugin@test.com":{ "installation_mode" : "allowed"}}

I understand this is a new feature, but if I had the correct format that would work for HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Mozilla\Firefox\ExtensionSettings to allow two plugins to work I belive I shouldn't have any issue getting the admx feature to do this, I even tried manually editing the registry setting and it breaks whenever I add the second line to it.

Asked by robert.deed 11 months ago

Answered by robert.deed 10 months ago

  • Solved
  • Archived

Configure Firefox to always show menu bar, for all users

We are looking to mass deploy Firefox x64 for Windows to all staff in our organization, using SCCM. I know you can set a default home page in mozilla.cfg for all users, i… (read more)

We are looking to mass deploy Firefox x64 for Windows to all staff in our organization, using SCCM. I know you can set a default home page in mozilla.cfg for all users, including future users who don't yet have a profile on the computer Firefox is installed on. Is there a similar option so I can configure Firefox to always show the menu bar for all users? Preferably, another line I can add to mozilla.cfg so that I can easily copy that to all our machines? Thanks.

Asked by rick.sparrow 1 year ago

Answered by cor-el 1 year ago