Firefox CIS baselines deployment with Intune
Hi all,
I'm trying to create configuration profile to deploy CIS baselines using Intune. Configured custom schema and able to deploy certain settings. However, while deploying preferences, I'm getting error and none of the preferences are being deployed. Enclosing the error screenshots. Did anyone configured preference settings. if yes, can you please suggest how to configure.
All Replies (10)
We have a new way of configuring preferences using JSON that should work for many of those:
https://github.com/mozilla/policy-templates/blob/master/README.md#preferences
A lot of those pref names are incorrect (_ instead of .)
You should check about:config for the correct names.
Thank you for your response Mike. I did check JSON file and configured preferences but none of them are working as expected.
Can you post the JSON you used for your preferences?
Tried with different combinations. OMA-URI --> ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences JSON
<enabled/> <data id="JSON" value=' {
"geo.enabled": {
"Value": false,
"Status": "default"
},
"security.mixed_content.block_active_content": {
"Value": false,
}
}'/>
tried with geo_enabled and security_mixed_content_block_active_content with no luck
You have an extra comma after
"Value": false,
and that one is missing the Status type (we don't do a status by default)
I run my JSON through JSONlint.com to verify it is correct.
I'll still do some checking with intune to make sure this is working, my comments are from a first glance.
Did fixing those typos make it work for you?
I have tried with removing the comma but it didn't work.
I just ran a quick test and this is working for me.
Can you post a screenshot of your Configuration settings in intune?
I'm wondering if somehow the old preferences are conflicting with the new preferences?
Hi Mike, since it didn't work through Intune, I have deleted Intune profile and deployed the settings using config file. Can you please share your configuration settings in Intune so that I will also test with the same set of configurations and revert you with the results?
Sure.
I created an entry called Firefox ADMX with the OMA-URI
./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/FirefoxAdmx.
And a type of string and pasted the entirety of:
https://raw.githubusercontent.com/mozilla/policy-templates/master/windows/firefox.admx
Then I created an entry called Preferences with an OMA-URI of:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/Preferences
Data type is string and value is:
<enabled/>
<data id="JSON" value='
{
"geo.enabled": {
"Value": false,
"Status": "default"
},
"security.mixed_content.block_active_content": {
"Value": false
}
}'/>
Then after saving and deploying, the preferences were set in the registry.