I was looking everywhere for this info so hopefully this will help some of you too:
With the new v70 of Firefox, DNS over HTTPS is turned on by default.
Our Network and InfoSec dept do NOT like that and asked us to disable and block this.
After some research I have found that a policies.json file with the following text will disable and grey out the DoH setting in Firefox.
{
"policies": {
"DNSOverHTTPS": {
"Enabled": false,
"Locked": true
}
}
}
Tested in ESR and normal FF, v 68 and up.
This file has to be in Applications/Firefox.app/Contents/Resources/distribution to work and it is global not user based, which is a good thing. The distribution folder is not there so you will have to make it and add the json file
It does require a restart to FF after the push
There are a number of ways to deploy this: use a script to mkdir and write the file, create an ongoing policy to deliver the file from a dmg with smart group or Extension Attribute to scope, and I'm sure there are more.
You can also bake this file into your installers with AutoPKG or whatever deployment you use.
Hope it helps someone.
