This post has been republished via RSS; it originally appeared at: Intune Customer Success articles.
09-06-2019 Update: Apple has adjusted their notarization prerequisites until January 2020 to ease your transition to notarized macOS apps and to protect your users who continue to use older software versions on macOS Catalina 10.15. For more information about Apple’s relaxed notarization requirements, see Notarizing Your Mac Software for macOS Catalina.
Beginning with macOS Catalina 10.15, Apple requires all Mac software to be notarized by default in order to run properly.
What is notarization?
Notarization helps identify and block malicious software prior to distribution. Notarization gives users more confidence that the software you distribute has been checked by Apple for malicious components. Starting with macOS Catalina 10.15, all Developer ID-signed software must be notarized by the Apple Notary Service in order to run. The Apple Notary Service uses automated security checks to scan Developer ID-signed software for malicious content and returns the notarization result within fifteen minutes.
What should you do?
If you distribute and manage macOS apps in your environment, you will need to notarize the software for it to run properly on macOS 10.15 devices. When macOS 10.15 is released in September, software that is not notarized will not launch as expected or fail to run on macOS 10.15 devices. If you deploy macOS Line of Business (LOB) apps without being notarized, they may will not launch and run properly.
Non-notarized apps prior to macOS 10.15
Non-notarized apps after macOS 10.15
Check your LOB apps to ensure that they are notarized before macOS 10.15 is released around mid-September. Apple recommends that you notarize all the software that you have distributed, even older releases.
- Non-notarized macOS apps distributed to the device prior to an update to macOS 10.15 will continue to launch as before.
- If you have macOS apps that were signed or distributed prior to June 1, 2019, they can be submitted for notarization without change.
- macOS apps that were signed on or after June 1, 2019 will have additional requirements for notarization.
How can I tell if my macOS apps are notarized?
You can manually check if an app is notarized by downloading the app on a macOS 10.15 device and launching it. If you see a new variant of the Gatekeeper dialog such as the one above, then the app has not been notarized.
spctl -a -v exampleapp.app
will return a reliable notarization result.
spctl -a -vv exampleapp.app
will return a reliable notarization result with information about the Developer ID.
How can I find out how to notarize my software?
For steps on how to prepare and submit your software for notarization, follow Apple’s guidance.