The Mozilla Enterprise Policies for Firefox (and Thunderbird)

This feature is meant to help enterprise admins, who deploy Firefox as software package to computers in their organization.


Policies were first added in Firefox 60, and back then were purely optional.

In Firefox 68 some settings from autoconfig stopped working (for example the option to disable automatic updates), thus it became necessary to at least partially switch to policies.

Thunderbird started to implement policies in version 68, and at the same time also stopped respecting some of the autoconfig options.


The Enterprise Policy feature provides two new ways to configure Firefox (besides the old autoconfig aka mozilla.cfg):

  • Windows Group Policy Objects (GPO)
  • A config file named policies.json


  • If any policies are set with GPO, the json file is ignored.
  • If autoconfig (old) and policies (new) provide conflicting settings, policies win.


  • Firefox version 60 or later.
  • Thunderbird version 68 or later.
  • In Windows some policies work only if you have either Firefox ESR or domain-joined PCs.
    (It is currently unclear how Firefox detects the domain membership, and whether it must be an Active Directory domain)

Howto use the admx templates (for GPO)


  1. Copy firefox.admx to C:\Windows\PolicyDefinitions
  2. Copy firefox.adml to C:\Windows\PolicyDefinitions\en-US
  3. Run gpedit.msc or RSAT (Remote Server Administration Tools), and open Computer Configuration, Administrative Templates, Firefox.


Some of the Firefox policies also work in Thunderbird.

There are official (but non-functioning) admx-templates on They are just a clone of the templates for Firefox, and thus do not have an effect on Thunderbird.

Inofficial templates are on (announced here), and they acually work.

  1. Copy thunderbird.admx to C:\Windows\PolicyDefinitions
  2. Copy thunderbird.adml to C:\Windows\PolicyDefinitions\en-US
  3. Run gpedit.msc or RSAT (Remote Server Administration Tools), and open Computer Configuration, Administrative Templates, Thunderbird.

You can also copy registry keys from Firefox and rename them. For example this one works:


Howto use create the json file (alternative for GPO)

The currently supported policies are listed here. New policies are added with every version, and so far all new policies are available both in the latest RR (Rapid Release), and in the latest ESR (Extended Service Release).

Multiple policies must be separated with commas. Multiple options to one policy must be placed in curly brackets, and separated with commas.

A Generator addon was published (german). More info.

The json file must be placed in a subdirectory named distribution in the program directory. In Windows the path will be something like
C:\Program Files\Mozilla Firefox\distribution\policies.json
This directory does usually not yet exist, you must create it.

Sample file:

 "policies": {
    "DisableAppUpdate": true,
    "DisableBuiltinPDFViewer": true,
    "DisableFirefoxAccounts": true,
    "DisableFirefoxStudies": true,
    "DisablePocket": true,
    "DisableProfileRefresh": true,
    "DisableTelemetry": true,
    "DontCheckDefaultBrowser": true,
    "EnableTrackingProtection": { "Value": true, "Locked": false },
    "Proxy": { "Mode": "none", "Locked": false },
    "SearchBar": "separate"

Errors in the file are reported on the page "about:policies", but this feature needs at least Firefox version 63. This is the typical way how Mozilla develops new feature: publish it long before its ready.

Howto not document a feature

Mozilla has created this labyrinth:

It seems that Github is now the official place for documentation. But even there a lot of info is missing. For example that this is supposed to replace autoconfig. And that in Windows several of these options only work if either the ESR version is used, or the PCs are members of a Windows Domain. Also how do the two methods relate to each other and to autoconfig: which one does take precedence?

Lets hope that eventually Mozilla will write some decent documentation for this new feature.

No, I'm not gonna read the source to extract infos from there.


  • 2018-10-22 Thunderbird
  • 2018-09-17 corrected directory, add interactions, add sample
  • 2018-05-31 cleanup
  • 2018-05-30 add howto use the admx templates, and links to generator and source.
  • 2018-05-25 new