It can, along with a bunch of other GPOs in an admx template.

But how many companies are running Workspace + Windows with on-prem AD? I suspect that number is shrinking pretty rapidly. You can do it with InTune as well, but it starts to get real messy if your users aren't on Windows or you have non-windows endpoints.

If you're a mac shop, on google workspace, and using something like JamF (or even Intune+EntraID), you are stuck deploying .plist files to each endpoint, you don't get compliance reporting back, and you lose a ton of visibility.

These are all things that don't matter to each individual user, but are hugely important to IT/security in the company, and Firefox unfortunately just doesn't have any centralized management platform for it.

Sure. But there's generally no standardized function ensuring they're actually only using that specifically configured browser when logging in. What happens when they try to log in from some other device? What happens when they manage to load a browser on to that machine?

This feature supposedly ensures (or at least pushes users to) only the approved browsers running approved configurations are allowed to log in to the company's instances of Workspace.