how to lock firefox extension from users being able to change the update settings
How do I lock the Microsoft Purview settings in the attached image using intune, so users cannot change them.
I have been able to make it that they cant disable or remove the extension but cannot figure out how to make it that they cant change the settings. I did try making a json file but it does not seem like Firefox uses it.
All Replies (8)
Sorry, the image didn't come through. Can you repost?
To prevent changing the settings in Purview, they would have to make enterprise policy available to configure purview.
the image looked like this text pasted below. I want to stop user from being able to change the "Allow automatic updates" and the "run in private windows" and "Run on sites with restrictions" settings
Microsoft Purview Extension Protect your organization against sensitive data leaks. Endpoint data loss prevention (endpoint DLP) extends the activity monitoring and protection capabilities of Microsoft Purview data loss prevention (DLP) to sensitive items that are on Windows 10/11 devices. Once devices are onboarded into the Microsoft Purview solutions, the information about what users are doing with sensitive items is made visible in activity explorer and you can enforce protective actions on those items via DLP policies.
Once the Firefox extension is installed on a Windows 10/11 device, organizations can monitor when a user attempts to access or upload a sensitive item to a cloud service using Mozilla Firefox and enforce protective actions via DLP. Allow automatic updates Default On Off Run in Private Windows Allow Don’t Allow When allowed, the extension will have access to your online activities while private browsing. Learn more Run on sites with restrictions Allow Don’t Allow When allowed, the extension will have access to sites restricted by Mozilla. Allow only if you trust this extension. Learn more
Ah, cool. So we do have as policy for private_windows.
What policy are you using to install?
I'm working on policies for the other two.
I have a policy in place that does not allow firefox to run in a private window already set. so I am not sure that particular purview extension setting matters that much. My security teams just wants me to set them and lock them so that the user cannot change them. I am using an imported admx template in intune. I have these two set for the extension: Extensions to Install -Enabled "beta.microsoft.defender.browser_extension.native_message_host@microsoft.com" Prevent extensions from being disabled or removed - Enabled beta.microsoft.defender.browser_extension.native_message_host@microsoft.com Disable Private Browsing - Enabled
Extensions to Install should be the path to the XPI file, not the URL.
That would be
https://addons.mozilla.org/firefox/downloads/latest/microsoft-purview-ext-beta/latest.xpi
You might find the Extensions Management policy easier to use:
https://mozilla.github.io/policy-templates/#extensionsettings
This is what I am using: https://addons.mozilla.org/firefox/downloads/file/4320267/microsoft_purview_ext_beta-1.1.1.229.xpi for Extension to install.
will https://mozilla.github.io/policy-templates/#extensionsettings allow me to lock the settings so the users cannot change them?
> will https://mozilla.github.io/policy-templates/#extensionsettings allow me to lock the settings so the users cannot change them?
It lets you lock private browsing, but not the other two. I have open tickets to fix those.
Thanks, Let me know how I can lock them down once those issues have been addressed.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.