WARNING - Some Microsoft software requires System Integrity Protection (SIP) to be enabled on macOS

Some Microsoft software requires System Integrity Protection (SIP) to be enabled on macOS. Otherwise the program fails to launch or quits prematurely without specific information about the cause.

EXAMPLE 1

dotnet (.NET) SDK 9.0.101:

% dotnet --version
Failed to create CoreCLR, HRESULT: 0x8007000C

Also applies to software compiled in dotnet:

% ./HelloWorld
Failed to create CoreCLR, HRESULT: 0x80004005

EXAMPLE 2

VMware Fusion Professional Version 13.6.2 (24409261):

The error is:

Transport (VMDB) error -14: Pipe connection has been broken.

EXAMPLE 3

Visual Studio for Mac 17.6.13 (build 424) crashes:

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               VisualStudio [2391]
Path:                  /Applications/Visual Studio.app/Contents/MacOS/VisualStudio
Identifier:            com.microsoft.visual-studio
Version:               17.6.13.424 (17.6.13.424)
Code Type:             ARM-64 (Native)
Parent Process:        launchd [1]
User ID:               501

Date/Time:             2024-12-27 10:30:38.8178 +1000
OS Version:            macOS 15.2 (24C101)
Report Version:        12
Anonymous UUID:        347861E0-45A5-8A6E-0104-CC45FF0742E3


Time Awake Since Boot: 1400 seconds

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000

Termination Reason:    Namespace SIGNAL, Code 6 Abort trap: 6
Terminating Process:   VisualStudio [2391]

Application Specific Information:
abort() called

After enabling SIP it works fine and can be upgraded to 17.6.14 (build 413):

# csrutil disable

Other software from Microsoft is not affected:

• Parallels Desktop 18 for Mac 18.3.3 (53627)
• Microsoft Remote Desktop Version 10.9.10 (2327). This app will be renamed to "Windows App" in the future.
• Visual Studio Code 1.96.2 (Universal) launches and updates perfectly, however is not able to run dotnet: ".NET SDK was resolved to /usr/local/share/dotnet/dotnet, but it failed to run. It is possible the installation of the .NET is corrupted, or not properly signed, or has no permission to run."
• Microsoft® Word for Mac Version 16.92 (24120731)
• Microsoft® Outlook for Mac Version 16.92 (24120731)
• OneDrive 26.226.1110.0004

There are many other software that I did not test, some will be a hit and others a miss. This could change over time though, and it's possible that all software requires SIP enabled to work.

It's not clear why Microsoft is doing this, probably they are trying to impose some kind of TPM 2.0 like on Windows 11, but on the MAC platform. Not sure if this is an Apple requirement or enforcement, at least for some of the apps like those using CPU/GPU virtualisation like VMware Fusion, or related to programming and compilation. In any case Microsoft is not being transparent about it: the websites don't mention any of this in any documentation (at least in landing download page), and no software is capable of detecting itself that SIP is disabled before just failing and throwing weird errors.