This page will be updated when new 10.15 new information or links come in.

WWDC 2019

WWDC is here again! On Monday, June 3rd, 2019 Apple Released macOS 10.15 Catalina. The first question MacAdmins have is, what changes do I need to know about and how will they affect my macOS deployments? Hopefully, I will help you answer that question with this article. I am following the same format as my previous Notarization Index post. MacAdmins have told me they really liked having all the important information on a topic in one place. MacAdmins like Robert Hammem, Charles Edge and Rich Trouton are already crushing it by gathering information on all the latest changes. In this post, I will keep an updated index of changes and links to keep you informed of the latest public information regarding macOS 10.15 Catalina.

Index – Updated 6/08/20

1. System Requirements

2. How To Download macOS Catalina 10.15

3. How to Block macOS Catalina 10.15

4. How to Manage Catalina’s New App Notifications

4. MacAdmins Catalina Community Notes Document

5. macOS Catalina 10.15.0 Security Content

6. Previous macOS Catalina Releases

4. OS Level Changes

5. Security Changes

6. Apple Links

7. WWDC19 Video Links

8. MacAdmins Links

9. 10.15 Beta 1 Patch Notes

10. 10.15 Beta Known Issues

11. Miscellaneous Links

MacOS Catalina 10.15 Release Date

macOS Catalina 10.15 is Live!! apple.com/macos/catalina/

1. macOS 10.15 system requirements

Below is the list of compatible Macs that can run 10.15. Removed from the list that could install Mojave is the Late 2010 and Mid 2012 Mac Pro 5,1.

macOS 10.15 System Requirements

2. How To Download macOS Catalina 10.15

Direct from Apple

Mac App Store – apps.apple.com/us/app/macos-catalina/id1466841314

New softwareupdate option!!! softwareupdate --fetch-full-installer

From Apple via open source tools.

installinstallmacos.py – github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py

– github.com/munki/macadmin-scripts/blob/master/installinstallmacos.py MDS macOS Download – GUI installinstallmacos.py fork – https://bitbucket.org/twocanoes/macdeploystick/downloads/PreBeta-MDS_Build-20041_Version-2.0.dmg

3. How to Block macOS Catalina 10.15

Block Catalina with Jamf Pro – (Ben Toms) macmule.com/2019/10/07/blocking-macos-catalina-with-jamf-pro/

(Ben Toms) macmule.com/2019/10/07/blocking-macos-catalina-with-jamf-pro/ Block Catalina Upgrade Notification Advertisement – Rich Trouton – derflounder.wordpress.com/2019/10/07/preventing-the-macos-catalina-upgrade-advertisement-from-appearing-in-the-software-update-preference-pane-on-macos-mojave/

Rich Trouton – derflounder.wordpress.com/2019/10/07/preventing-the-macos-catalina-upgrade-advertisement-from-appearing-in-the-software-update-preference-pane-on-macos-mojave/ Block Catalina with SoftwareUpdate –ignore via wegotoeleven & (Robert Hammen) https://twitter.com/hammen/status/1181295216600338432?s=20

via & (Robert Hammen) https://twitter.com/hammen/status/1181295216600338432?s=20 Block Catalina with Jamf Pro – (Robert Hammen) https://twitter.com/hammen/status/1181303814726410240?s=20

4. How to Manage Catalina’s New App Notifications

mrmacintosh.com/how-to-manage-catalinas-new-application-notifications-with-a-profile/

4. MacAdmins Community Catalina Notes Document

docs.google.com/document/d/12llwkGUGqmCAVs40TvigIFyEYVTASpqe5beCjxnEkYA/edit?usp=sharing

5. macOS Catalina 10.15.0 Security Content

support.apple.com/en-gb/HT210634

6. Previous macOS Catalina Releases

4. OS Level Changes

zsh is now the default shell instead of Bash – Starting with the macOS Catalina beta, your Mac uses zsh as the default login shell and interactive shell. You can make zsh the default in earlier versions of macOS as well. https://support.apple.com/en-us/HT208050

Python 2.7 is deprecated.

Scripting language runtimes such as Python, Ruby, and Perl are included in macOS for compatibility with legacy software. Future versions of macOS won’t include scripting

language runtimes by default, and might require you to install additional packages. If your software depends on scripting languages, it’s recommended that you bundle the runtime within the app.

Use of Python 2.7 isn’t recommended as this version is included in macOS for compatibility with legacy software. Future versions of macOS won’t include Python 2.7. Instead, it’s recommended that you run python3 from within Terminal.

32 Bit applications are now deprecated

If you still have older software that is 32bit they will NOT load.

Profile installation using the profiles command-line tool will be deprecated in future releases of macOS.

New Activation Lock Option for T2 Macs. – All Mac models with the Apple T2 Security Chip now support Activation Lock — just like your iPhone or iPad. So if your Mac is ever misplaced or lost, the only person who can erase and reactivate it is you. More info: forums.developer.apple.com/message/363374

New Read-Only Filesystem Partition . User data is stored on the 2nd partition “Macintosh HD — Data”. MacOS Catalina runs in a dedicated, read-only system volume — which means it is completely separate from all other data, and nothing can overwrite your critical operating system files.

. User data is stored on the 2nd partition “Macintosh HD — Data”. MacOS Catalina runs in a dedicated, read-only system volume — which means it is completely separate from all other data, and nothing can overwrite your critical operating system files. NOTE: Beta 1 – The Macintosh HD Read Only Partition is writeable

If you want to enable read only you have to place a file in the root of the drive.

sudo touch /.rootro

Then reboot to enable read-only mode.

Verify by trying to create /.rootro2

sudo touch /.rootro2

You should get touch /.rootro2: Read-Only file system

NOTE #2: Beta 2 – The Macintosh HD Read Only Partition is now protected by default

When checking on beta 2 you should get touch /.rootro2: Read-Only file system from running sudo touch /.rootro

TCC now covers the users Desktop & Documents Folder, cloud and external drives. – macOS Catalina checks with you before allowing an app to access your data in your Documents, Desktop, and Downloads folders; iCloud Drive; the folders of third-party cloud storage providers; removable media; and external volumes. In addition, you’re asked before an app can perform key logging or capture a still or video recording of your screen.

User Space System Extensions and SDriverKit. – Previously many hardware peripherals and sophisticated features needed to run their code directly within macOS using kernel extensions, or kexts. Now these programs run separately from the operating system, just like any other app, so they can’t affect macOS if something goes wrong.

Marzipan is now Project Catalyst – Allowing iOS apps to be ported over to macOS using Xcode.

lpadmin: Printer drivers are deprecated and will stop working in a future version of CUPS. CUPS printer drivers and backends are deprecated and will no longer be supported in a future feature release of CUPS. Printers that do not support IPP can be supported using applications such as ippeveprinter.

Enterprise Connect is transforming from an app into a new Apple first-party Single Sign-On macOS extension. This new extension delivers improved Kerberos support on macOS. Developers can now build SSO extensions that integrate with websites or native apps and support identity providers like Microsoft Azure AD, Okta and Ping. 10.14 and under will still support the old application for 1 year.

SecureToken BootStrap or Active Directory BootStrap Tokens will be a new way for Active Directory Accounts to get a SecureToken. This will need to be applied from a UAMDM via profile. This new feature will be for the 2nd 3rd or 4th Active Directory SecureToken User only, NOT the first user to log into the system.

4. Security Changes

Notarization is now enforced for all packages, applications and installers built or after June 1st 2019 EDIT: See Update Below .

for all packages, applications and installers built or after . This includes Kexts, but enforcement was already put into place on macOS Mojave 10.14.5.

developer.apple.com/news/?id=06032019i

Updated Notarization Guidelines Now until January 2020

developer.apple.com/news/?id=09032019a

Gatekeeper Improvements – Gatekeeper will ensure that all new apps you install — from the App Store or the internet — have been checked for known security issues by Apple before you run them the first time and periodically thereafter. This extends the protection from the app’s source to include automated checks for what’s in the app.

UPDATE: 10/03/19 – Apple has changed this and Kexts will NOT require a reboot! – Kernel Extensions (Kexts) now require a reboot to load – Installing third party kernel extensions now requires that you restart your Mac before they’re permitted to load.

Requirements for trusted certificates in macOS 10.15 – Learn about new security requirements for TLS server certificates in iOS 13 and macOS 10.15. support.apple.com/en-us/HT210176

FileVault & fdesetup changes – FileVault FV2 now requires User-Approved MDM Enrollment or UAMDM. You also can’t pass username/password authentication to fdesetup enable. These changes may break existing scripts, workflows or MDM agents. Be sure to check man fdesetup in 10.15 beta to read more about the new Authorization policy. You will need to follow at least one path to use fdesetup to enable FileVault Encryption.

5. Apple Links

macOS 10.15 Catalina – apple.com/macos/catalina-preview

macOS 10.15 Catalina Features – apple.com/macos/catalina-preview/features

10.15 Public Beta Release Notes – developer.apple.com/documentation/macos_release_notes/macos_10_15_beta_release_notes

Xcode 11 Beta Release Notes – developer.apple.com/documentation/xcode_release_notes/xcode_11_beta_release_notes

macOS Server 5.9 Beta Release Notes (Developer Account Required) – download.developer.apple.com/Documentation/macOS_Server_5.9_beta_Notes/macOS_Server_5.9_beta_Release_Notes.pdf

BugReporter is now deprecated and has been replaced with FeedBack Assistant. developer.apple.com/bug-reporting/ – feedbackassistant.apple.com/welcome

Device Management -Remotely manage devices within your organization. developer.apple.com/documentation/devicemanagement

Endpoint Security – Develop system extensions that enhance user security. developer.apple.com/documentation/endpointsecurity

Device Management Command – AccountConfigurationCommand.Command developer.apple.com/documentation/devicemanagement/accountconfigurationcommand/command?changes=latest_minor

Device Management Profile – New TCC PrivacyPreferencesPolicyControl Services profile options. developer.apple.com/documentation/devicemanagement/privacypreferencespolicycontrol/services?changes=latest_minor&language=objc

What’s New for Enterprise and Education WWDC June 2019 v1.1 (AppleSeed Account Required) – appleseed.apple.com/sp/downloads/projects/1001200/downloads/1011874

6. WWDC19 Video Links

WWDC 2019 Keynote – apple.com/apple-events/june-2019/

Platforms State of the Union – WWDC 2019 iOS, macOS, ipadOS, & tvOS Platforms State of the Union developer.apple.com/videos/play/wwdc2019/103/

Advances in macOS Security – We are on a journey to continuously improve macOS security, with a particular focus on preventing malware and protecting user data. developer.apple.com/videos/play/wwdc2019/701/

Network Extensions for the Modern Mac – Learn about powerful new APIs in macOS that you can use to create apps that extend and customize the networking capabilities of macOS without using kernel extensions. developer.apple.com/videos/play/wwdc2019/714

What’s New in Apple File Systems – Learn about what’s new in file system technology, including changes to file system layout and imaging technologies. developer.apple.com/videos/play/wwdc2019/710/

What’s New in Managing Apple Devices – Learn about the latest management enhancements for iOS, macOS, and tvOS and the evolution of management tools over the past year. developer.apple.com/videos/play/wwdc2019/303

App Distribution – From Ad-hoc to Enterprise – Whether you want to share your app with a few colleagues, deliver it to employees within an organization, or release it to the world, there’s a distribution mechanism designed to fit your needs. developer.apple.com/videos/play/wwdc2019/304

Advances in Networking – Part 1 – Keep up with new and evolving networking protocols and standards by leveraging the modern networking frameworks on all Apple platforms and following best practices for efficiency and performance. developer.apple.com/videos/play/wwdc2019/712/

Advances in Networking – Part 2 – Take your networking apps to the next level with advances in Bonjour, custom message framing handlers, and the latest in security. developer.apple.com/videos/play/wwdc2019/713/

Introducing Sign In with Apple – Sign In with Apple is the fast, easy way for people to sign in to apps using the Apple IDs they already have. developer.apple.com/videos/play/wwdc2019/706/

System Extensions and DriverKit – One of the next steps in modernizing and improving the security and reliability of macOS is to provide a better architecture for kernel extensions and drivers. developer.apple.com/videos/play/wwdc2019/702

All About Notarization – Notarization is all about identifying and blocking malicious Mac software prior to distribution, without requiring App Review or the Mac App Store. developer.apple.com/videos/play/wwdc2019/703

7. MacAdmins Blog Links

This list is specifically for MacAdmins. This will be an ongoing list of articles and posts that will help you learn the latest 10.15 changes.

Armin Briegel – scriptingosx.com – @ scriptingosx

– scriptingosx.com – @ Bash Scripting Expert and Author wrote about moving to zsh.

scriptingosx.com/2019/06/moving-to-zsh-part-2-configuration-files/

scriptingosx.com/2019/06/moving-to-zsh/

scriptingosx.com/2019/06/imaging-is-still-dead/

Tom Bridge – tombridge.com – @tbridge77

– tombridge.com – @tbridge77 Tom, who runs the MacAdmins Podcast had a live broadcast during WWDC19

tombridge.com/2019/06/04/waving-the-green-flag/

Rich Trouton – derflounder.wordpress.com – @ rtrouton

– derflounder.wordpress.com – @ Rich is attending WWDC and has a running a list questions from MacAdmins. He is also keeping detailed notes in the Apple Dev forums.

Main Index of all Developer Links – derflounder.wordpress.com/2019/06/04/wwdc-2019-notes/

Apple Security Lab Questions – forums.developer.apple.com/message/362750

Notes from System Extensions and DriverKit – forums.developer.apple.com/message/362746

Notes from Advances in macOS Security – forums.developer.apple.com/message/362745

All about Notarization Notes – forums.developer.apple.com/message/362907

Notarization lab questions – forums.developer.apple.com/message/362910

Device management lab questions Part One – forums.developer.apple.com/thread/117417

Device management lab questions Part Two –forums.developer.apple.com/message/363283

Installer lab questions – forums.developer.apple.com/message/363336

Health and Fitness Technologies lab notes – forums.developer.apple.com/message/363431

Notes from What’s New in Apple File Systems – forums.developer.apple.com/message/363443

Questions for the Filesystems lab – forums.developer.apple.com/message/363444

Notes from Advances in Networking Part 1 – forums.developer.apple.com/message/363701

Questions for Security lab – forums.developer.apple.com/message/363638

Notes from Network Extensions for the Modern Mac – forums.developer.apple.com/message/363912

Networking Labs questions – forums.developer.apple.com/message/363913

Notes from What’s New in Apple Device Management – forums.developer.apple.com/message/363935

Questions for Device Management lab – forums.developer.apple.com/message/363874

8. macOS Catalina 10.15 Beta 1 Release Notes

NOTE: I posted 10.15 Beta 2 notes HERE.

New Features

The macOS 10.15 SDK provides support for developing apps for Macs running macOS Catalina 10.15. The SDK comes bundled with Xcode 11 beta available from Beta Software Downloads. For information on the compatibility requirements for Xcode 11, see Xcode 11 Beta Release Notes.

Installing third party kernel extensions now requires that you restart your Mac before they’re permitted to load.

Deprecations

macOS frameworks are now thinned for the x86-64 architecture. Apps that execute i386 code now fail with the EBADARCH error code. The remaining stub frameworks are nonfunctional and exist only for compatibility purposes.

9. macOS Catalina 10.15 Beta 1 Known Issues

Migration Assistant is currently unable to correctly migrate data from a Mac running macOS 10.15 to another Mac running macOS 10.15.

WarningYour Secure Token might be lost if FileVault is enabled on a non-APFS formatted volume while upgrading to macOS 10.15. You might be able to work around this by disabling FileVault before upgrading to macOS 10.15, then reenabling FileVault once the upgrade has completed.

During installation of macOS 10.15 you might be prompted to enter your administrator password multiple times to allow installation to proceed.

macOS 10.15 cannot be installed onto an encrypted volume unless it is already in the APFS format.

During upgrades to macOS 10.15, files and folders stored at the root-level of a volume are moved aside to /Library/SystemMigration/History/Migration- UUID /QuarantineRoot/ .

UUID . If your Mac currently has macOS 10.10 or earlier installed, you must first upgrade to macOS Mojave 10.14 before upgrading to macOS 10.15.

The Install macOS 10.15 app might quit unexpectedly when run on macOS 10.9.

On Macs with the Apple T2 Security Chip, if you’ve used Startup Security Utility to lower Secure Boot to Medium Security or No Security, you’re currently unable to modify Secure Boot settings after upgrading to macOS 10.15.

Workaround: Set Secure Boot to Full Security before upgrading to macOS 10.15. Alternatively, disabling and reenabling FileVault might resolve the issue.

Set Secure Boot to Full Security before upgrading to macOS 10.15. Alternatively, disabling and reenabling FileVault might resolve the issue. Some apps might not automatically relaunch after installation or updating and must be manually relaunched.

On Macs with the Apple T2 Security Chip, VoiceOver is currently unavailable while in macOS Recovery.

When using the SecureEnclave API with access control set on keys, users might not be prompted to authenticate. This might cause subsequent operations requiring authentication to fail.

API with access control set on keys, users might not be prompted to authenticate. This might cause subsequent operations requiring authentication to fail. Volume replication shouldn’t be used with Fusion volumes, either as a source or destination.

10. Miscellaneous 10.15 Links