Fóram Tacaíochta Firefox for Enterprise

I'm setting up addon installation through `policy.json`. Below is an example. I am wondering howto configure addons thus installed using the same file. Is it possible? If yes: where to find addon-specific keys/options? As an example: when providing below `policy.json`, starting any fresh firefox profile/installation produces the dialog "Startpage.com - Private Search Engine would like to change your default search engine from Google to Startpage.com - English. Is that OK?", followed by yes/no buttons. I would like to be able to just make the addon do so forgoing the dialog.

Thanks for any pointers.

{

 "policies": {
   "ExtensionSettings": {
     "*": {
       "blocked_install_message": "Installation of extensions only allowed from 'policy.json'.",
       "installation_mode": "blocked"
     },
     "{20fc2e06-e3e4-4b2b-812b-ab431220cada}": {
       "installation_mode": "force_installed",
       "install_url": "https://addons.mozilla.org/firefox/downloads/latest/startpage-private-search/latest.xpi"
     }
   },
   "ExtensionUpdate": true
 }

}

Mozilla's website states:

"Numerous features of the kiosk mode are configurable through policy or command line parameters when launching the browser."

However, other than a single example to run kiosk mode as a private window, it doesn't seem to provide any information on how to access such configuration. I couldn't seem to find the information anywhere else either.

How can I configure kiosk mode? Preferably via the CLI, but I'd be interested also to learn what is meant by "configurable through policy".

We use firefox in our company and we want to prevent firefox to open a download dialog during saving files. we want to prevent users change the name of files or rewriting an existing file during download. for this purpose, chrome has a pit is very crucial for me.olicy called "AllowFileSelectionDialogs".but firefox doesn't yet. Is there any way or trick to apply the same functionality to firefox? is there any library in firefox to be deleted and disable "save file as" functionality?

Dear community,

we are an international Non-for profit organization with mostly small offices of about 2-10 staff on 3 continents. The majority of those offices does not have IT staff/knowledge, and infrastructure is often sketchy. We use mostly Windows, but have some offices with Linux. We currently use local users, and after an initial configuration of e.g. Firefox/Thunderbird, we don't have any way to intervene automatically.

So we are looking for an efficient way to control software configurations after deployment without the need for manual intervention. The scope would initially not be a lot, mostly installing/uninstalling addons. E.g. if a malicious addon is found, we want to have a way to uninstall it on all devices. Right now, we have to ask all staff to do this, and evidently this doesn't work out all the time.

Firefox and Thunderbird are 2 key programs installed on all devices, although evidently we use other software as well. I think that with TB78 the policies.json implementation might not be yet finished completely, but for now, Firefox would be more critical (also some staff tend to install addons we do not want on the device).

As far as I know, when it comes ways how to centrally manage Firefox/Thunderbird without a domain controller/GPO, there are some options:

1) Azure AD: Identity management, and maybe also ways to configure Thunderbird/Firefox (although Azure AD does not seem to have GPO, but maybe scripts could be executed at the endpoint?). Won't work for Linux I guess. Also Azure could be based in a US datacenter, and as an European NGO we have much less data protection for US-based data.

2) third party management tool (e.g. like Teamviewer remote management, or chocolately) which allows remote execution of scripts. We could update the policies.json file in the firefox profile via a chocolately/Teamviewer script to uninstall/install addons, etc. Not sure if chocolately works on Linux.

3) GPOs with Domain Controller after all via a pre-auth VPN. Won't work for Linux I guess, but maybe script to deploy policies.json. Also there would be yet another thing to potentially fail (VPN connection), and we would need 2 different deployment methods (GPO for Windows, scripts for Linux).

4) write an Firefox/Thunderbird addon which simply downloads a policies.json file from a central location, and places it in the users FF/TB profile folder. upon restart of FF/TB it should deploy the changes based on the new policies.json file. A bit cumbersome, and doesn't cover other software.

5) a simple bat/sh script which is executed upon start.

To me, it seems a third party tool (teamviewer, chocolately) seems the best option, as it could cover FF/TB, but also other software which is installed.

Before we proceed I would like to know of experiences, and best practices: could anybody provide some information how this was achieved?

kind regards,