(185) Microsoft Intune - Mozilla Firefox blocking all extensions except for Lastpass

Mr B SOE way
3 hours ago
1 min read

I have been helping this customer who want to block all extensions on Firefox to be installed, except allowing 'Lastpass' to be installed.

You can view the relevant settings that Mozilla Firefox has https://mozilla.github.io/policy-templates/#extensions, mainly what you are looking for is: https://mozilla.github.io/policy-templates/#extensionsettings.

Generally you can use the ADMX/ADML templates to import into Intune, this customer already has an existing policy that ties to an old Firefox ADMX/ADML. Instead I decided to use Custom OMA-URI policy to do the job.

1st row:

Name: FirefoxAdmx

OMA-URI: ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/FirefoxAdmx

Data type: String

Value: Download and extract, then open Firefox.admx

2nd row:

Name: ExtensionSettings OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox~Extensions/ExtensionSettings Data type: String Value:

<enabled/>
<data id="ExtensionSettings" value='
{
  "*": {
    "installation_mode": "blocked",
    "blocked_install_message": "Only LastPass is allowed on this device."
  },
  "support@lastpass.com": {
    "installation_mode": "allowed",
    "install_url": "https://addons.mozilla.org/firefox/downloads/latest/lastpass-password-manager/latest.xpi"
  }
}'/>

End result it should look like this:

Once the devices have received the policy, it's time to test.

When trying to install AI Grammar Check, you get blocked:

As we have whitelisted Lastpass to work, you will get this

(185) Microsoft Intune - Mozilla Firefox blocking all extensions except for Lastpass

Recent Posts

Comments