Extensions Settings Policy

Trying to create a policy that says all extensions are blacklisted except for ones on the whitelist, but I do not want the extensions to auto install for users. From the documentation, it seems I can just add this to ExtensionsSettings. However, when I do, it seems that the allow statement overrides the default entry and allows install of any extension.

Example:
{
“*”: {
“blocked_install_message”: “Custom error message.”,
“install_sources”: [“https://addons.mozilla.org/”],
“installation_mode”: “blocked”,
“allowed_types”: [“extension”]
},
uBlock0@raymondhill.net”: {
“installation_mode”: “allowed”,
“install_url”: “https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi
}
“d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d”: {
“installation_mode”: “allowed”,
“install_url”: “https://addons.mozilla.org/firefox/downloads/latest/adblock-plus/latest.xpi
}
}

Are you saying that if you remove allowed_types, it works?

Also, you don’t need install_urls if you are just allowing certain extensions, we’ll check the IDs when they are installed to make sure it’s the right extension.

Maybe its my syntax, I am not use to working with Json files in a GPO. Basically, I am looking for an example that blacklists all extensions unless I put the extension on the whitelist and that seems to not be working correctly when I try to change the “installation_mode”: line in the policy. I am not looking for a forced install of the extensions, just the ability for the end user to do this. If this was chrome, this is what I would be doing:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallBlacklist]
“1”="*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist]
“1”=“cjpalhdlnbpafiamejdnhcphjbkeiagm”
“2”=“cfhdojbkjhnklbpkdaibdccddilifddb”