macOS Catalina ( 10.15 ) - The MacAdmins Breakdown

Configuration Profile re Update
After download, /Applications/Install macOS Catalina.app auto-launches and prompts for administrator privileges to install
“Defer Software Update” does not stop 10.15 from showing up in System Preferences > Software Update
10.15 update does not show with ‘softwareupdate --list’
Icon in top right corner of menu bar for US input shows by default. This might be annoying for some. To remove it, the following command will work - defaults write com.apple.TextInputMenu visible -bool false
Per https://macadmins.slack.com/archives/CK7SUEH9N/p1570480807492100 , but please test/fill-in...

When requested on	SysPrefs > Software Update offers	AppStore > Updates offers	/usr/bin/softwareupdate offers
10.10	10.13	10.13	10.13
10.11
10.12	Not 10.15	Not 10.15
10.13	Not 10.15	Not 10.15
10.14	10.15	10.15	Nothing

Blocking 10.15

Apple App Store

On macOS 10.14, clicking get for Catalina in the app store will take you to System Preferences Software Update.

Blocking Software Update

softwareupdate (/usr/sbin/softwareupdate)

sudo softwareupdate --ignore "macOS Catalina" will block macOS Catalina update from appearing in System Preferences > Software Update

This will block the update, even if it’s already detected macOS Catalina is available.

Credit to @wegotoeleven on MacAdmins for figuring this out. See also: Rich Trouton has a nice write-up of this.

To re-enable the update, you can use the commands sudo softwareupdate --reset-ignored .

Blocking System Preferences Badges

Software Update badge still displays 1 Update Available

Note: Control Panel Software Update will still display a badge that there is an update available. This shows up inside System Preferences, and also on the dock.

You can hide all System Preferences Badges in 10.14+ by using a custom configuration profile. The profile will disable all badges for System Preferences.

Download com.apple.systempreferences.plist
Upload plist as custom configuration profile in JAMF PRO
Set domain to com.apple.systempreferences save
Scope to Smart Group of macOS 10.14 or greater.

Thanks to @golby

Temporary fix: While you could use a ‘defaults write’ statement to reset the badge counter to 0, be advised that as soon as softwareupdate checks in with Apple, that ‘1’ badge is going to reappear.
defaults write com.apple.systempreferences AttentionPrefBundleIDs 0

May need to reboot and/or sudo killall Dock for change to take effect.

Credit to @andre_db90

NETSUS

If you have a NETSUS in place, do not forget to disable “Auto-Enable” for a production or pilot group if you do not want Catalina to show up.

Blocking macOS Catalina Installer

Jamf Pro

You may* be able to restrict the installer app using restrict process, using the restrict process name ‘Install macOS Catalina.app’.

*The ‘restrict software’ was broken in several versions** of Jamf Pro. You may want to verify the restriction is working. If the ‘restrict software’ policy is not working, you may need to upgrade your installation of Jamf Pro.

If you block ‘InstallAssistant’ it will block all macOS installers (as in 10.14, 10.13, 10.12, extra) ((probably not a good idea.))

Blocking in KeyServer

You can also block the installer using Sassafras Software’s KeyServer.

You’ll have to have downloaded and at least launched the installer on a machine with KeyClient installed, so the server knows about it.
Once it is listed under Programs (listed as “Install mac OS” and variant “15.x”), you can add a Product for it, then a Policy to deny.
You can add an Observe policy for a specific group, if you want to allow a certain subset to be able to run it for testing.

Blocking the macOS Installer Notification

macOS can display a popup notification to upgrade to macOS Catalina

sudo softwareupdate --ignore macOSInstallerNotificatiion_GM

Can re-enable software update with

sudo softwareupdate --reset-ignored

Community research:

Options that you probably don’t want to do

Some people have disabled this notification by removing or renaming /Library/Bundles/OSXNotification.bundle

This might be overdoing it, could cause POSIX , ACL, Owner/Group issues.

You could try blocking process ‘Notification Center’, but that will break all notifications on macOS.
Disable software update notifications by running ‘launchctl unload -w /System/Library/LaunchAgents/com.apple.softwareupdate_notify_agent.plist;’ would have to use every time the computer starts up.
dgreening on jamf nation said ‘softwareupdate --ignore macOSInstallerNotification_GM’ stopped upgrade notifications.

Installing macOS Catalina (10.15)

Downloading a non-stub macOS Catalina installer

(Without using VPP)

sudo softwareupdate --fetch-full-installer --full-installer-version 10.15
Tested worked on a machine already running Catalina

Creating Bootable Installers for macOS Catalina

Create USB Installer:

sudo /Applications/Install\ macOS\ Catalina.app/Contents/Resources/createinstallmedia --volume /Volumes/targetFlashDriveName

View Commands:

/Applications/Install\ macOS\ Catalina.app/Contents/Resources/createinstallmedia

Reminder about T2 chipped computer and external Booting

https://support.apple.com/en-us/HT208330

Booting to recovery you can set EFI to allow booting from an external device

Installing macOS Catalina from the Command Line

Install:

/Applications/Install\ macOS\ Catalina.app/Contents/Resources/startosinstall --agreetolicense --forcequitapps --rebootdelay 60

Bypass apfs conversion, possibly adding --converttoapfs NO

View Commands:

System Requirements for macOS Catalina (10.15)

Computer

MacBook (Early 2015 or newer)
MacBook Air (Mid 2012 or newer)
MacBook Pro (Mid 2012 or newer)
Mac mini (Late 2012 or newer)
iMac (Late 2012 or newer)
iMac Pro (2017)
Mac Pro (Late 2013 or newer)

15 GB of space
2 GB of RAM

See System Requirements for features that have additional requirements.

Notable Changes in macOS Catalina

Changes

zsh as the default shell

This change is only applies to new accounts created using macOS Catalina
Opening the terminal with an existing account now displays message
The default interactive shell is now zsh.

To update your account to use zsh, please run `chsh -s /bin/zsh`.

For more details, please visit https://support.apple.com/kb/HT208050.

ShellScripts may function differently due to the shell being changed.
Bash in macOS 10.14 was/is /bin/bash
http://scriptingosx.com/zsh/

Great Resource for learning ZSH

32-Bit Applications not supported, requires 64-bit applications

Find existing 32-bit apps

iTunes → split into Music.app , TV.app , Podcasts.app

iDevice now show up in Finder (not in music.app)

In finder, very similar to how iDevices showed up in itunes.

Control Panels with badges now move to the top of system preferences

Can disable badges for all control panels

https://macadmins.slack.com/archives/CK7SUEH9N/p1570565438070600
Custom Configuration Profile to disable badges in System Preferences. This disable ALL badges in system preferences.
Requires killall dock, or logout or reboot for changes to take effect.
Thanks to @golby

Control Panel Apple ID

Now Displays Apple IDs used in different Apps

iDevices showup on sidebar (but not under go computer)
Additional Privacy Preferences added:

Speech Recognition
Input Monitoring
File and Folders

Desktop
Documents
Downloads

Screen Recording

Can not use TCC configuration profile to allow application
Can use TCC configuration profile to block application
User have to approve request for access in order for share screen / screen recording to work.

Initial approval required by admin user?^[a]

Developer Tools

kTCCServiceDeveloperTool

Allow the apps below to run software locally that does not meet the system's security policy.
kTCCServiceDeveloperTool does not allow prompting

After Upgrade AppleSetup may be prompted at first login for

Per Users

Apple Analytics
Screen Time

Can use Pre-Stage in DEP to skip.
Might be
defaults write com.apple.SetupAssistant DidSeeScreenTime 1

Firmware

You can now opt out in/out of firmware password resets by AppleCare

firmwarepassword -enable-reset-capability
firmwarepassword -disable-reset-capability
https://twitter.com/NikolajSchlej/status/1181614586065063937

Managing macOS Catalina (10.15) Notifications with Configuration Profile

https://mrmacintosh.com/how-to-manage-catalinas-new-application-notifications-with-a-profile/

Changes in Device Management in macOS Catalina (10.15)

https://developer.apple.com/videos/play/wwdc2019/303/

Reminders like iOS
New Safari Start Page
Gallery View in Notes
Apple Mail
Dock

Apple ‘TV.app’ is added to the dock
Apple ‘Podcasts.app’ is added to the dock
Apple “News.app’ is added to the dock

Requirements for trusted certificates in iOS 13 and macOS 10.15

Certs after July 1, 2019

SHA-1 not trust, needs to be SHA-2 or greater
Less than 2048 bit TLS not trusted, needs to be 2048 bits or greater
TLS certificate, Subject Alternative Name extension must be DNS of server

Certs before July 1, 2019

TLS server certificates must contain an ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID.
TLS server certificates must have a validity period of 825 days or fewer (as expressed in the NotBefore and NotAfter fields of the certificate).

read-only system volume in macOS Catalina

https://support.apple.com/en-us/HT210650
you can no longer store files or data in the read-only system volume, nor can you write to the "root" directory /

No folder for LDAPv3 config at /Library/Preferences/OpenDirectory/Configurations/LDAPv3
Desktop Backgrounds are now located in /System/Library/Desktop\ Pictures

Any commands or Configuration profiles using hard coded paths to desktop pictures are affected.
You can put custom desktop pictures in /Library/Desktop\ Pictures

Deleting users command line

‘dscl . -delete userName’ does not work
Use ‘sysadminctl -deleteUser userName’

New Features

Sidecar (use your iPad as a 2nd display, including apple pencil)

Compatibility - Mac: According to the ArsTechnica review, “Sidecar support is effectively limited to Macs built after late 2015 and 2016:

MacBook (Early 2016 or newer)
MacBook Air (2018 or newer)
MacBook Pro (2016 or newer)
Mac Mini (2018 or newer)
27-inch iMac (Late 2015 or newer)
21.5-inch iMac (2017 or newer)
iMac Pro (2017)

Compatibility - iPad According to the ArsTechnica review, “On the iPad end, Apple tells me that Apple Pencil support is the limiting factor”

Find My.app (Find my Device for macOS)
Home.App
Control Panel ScreenTime

Which also does the first time a user logins, they’re prompt to setup ScreenTime

Extensible Enterprise SSO

Storage Optimization Tool

Apple Menu → About This Mac → Storage → Manage

Voice Control

https://support.apple.com/en-us/HT210539

Project Catalyst

https://www.digitaltrends.com/computing/what-is-project-catalyst/

Restore from snapshot?

https://bombich.com/ja/kb/ccc5/full-volume-clone-with-asr

DEP Enrollment Customization

https://docs.jamf.com/10.15.0/jamf-pro/administrator-guide/Enrollment_Customization_Settings.html

“EndpointSecurity” - Endpoint Security Framework

https://www.jamf.com/blog/apples-new-endpoint-security-framework/
“With Apple rapidly moving to deprecate third-party kernel extensions (including those created by external security vendors), another solution is needed.”
“Apple has introduced a new user-mode framework named Endpoint Security.”
https://developer.apple.com/documentation/endpointsecurity
https://objective-see.com/blog/blog_0x47.html

Deprecations

32-bit applications do not run
Scripting language runtimes such as Python, Ruby, and Perl are included in macOS for compatibility with legacy software. Future versions of macOS won't include scripting language runtimes by default, and might require you to install additional packages. If your software depends on scripting languages, it's recommended that you bundle the runtime within the app. (49764202)
Use of Python 2.7 isn't recommended as this version is included in macOS for compatibility with legacy software. Future versions of macOS won't include Python 2.7. Instead, it's recommended that you run python3 from within Terminal. (51097165)

Community Questions

**Anyone have a primary/secondary source for which versions of JAMF Pro were broken, and which versions aren’t?

JAMF Pro 10.14 introduced Faster Software Restrictions, which had a bug where the dialog box for software restrictions would pop up even if no message was set. They fixed that bug in 10.15.1. Some admins have said prior to 10.14 restrict software was not working; but that may have just been restricted software being ‘slow’.

The issue before 10.14 might have been:

JAMF Pro 10.14

[PI-006904] Fixed an issue that caused computers in clustered environments to receive and use out-of-date Jamf management framework settings at check-in when administrators make changes to these settings on the server. These settings include, but are not limited to: Security, Check-in, and Restricted Software.

The issue fixed in 10.15.1carbon

JAMF Pro 10.15.1

[PI-007275] Fixed an issue that caused Restricted Software to display a blank error message to users when an error message was not configured.

**Will a system upgraded from 10.13 or 10.14 change an existing user’s shell to zsh or retain the existing setting?

No:
“This change is only for new accounts created on macOS Catalina. When you upgrade to Catalina, a user’s default shell will remain what it was before.”
Source: https://scriptingosx.com/2019/06/moving-to-zsh/
If the user opens the terminal, they will receive a notice that their bash shell is out of date, and a suggestion to upgrade their shell to zsh via terminal command.
To suppress this message:

echo ‘export BASH_SILENCE_DEPRECATION_WARNING=1’ >> ~/.bash_profile

Software

Adobe

https://helpx.adobe.com/x-productkb/global/fix-macos-64-bit-compatibility-errors.html

Not mentioned in the article, but when I scanned for 32-bit apps they came up (can anyone confirm whether they’ve been updated?):

Adobe Application Manager?
adobe_licutil?

32-bit no 64-bit app planned

Fuse

Try porting to Adobe Mixamo

Presenter Video Express

Try porting to Adobe Captivate

Speedgrade

Try using Adobe Premiere Pro

Automator

https://www.macosxautomation.com/automator/security.html

Brew

After upgrading to Catalina (10.15), you may need to re-install brew.

Carbon Black Defense

Observed Kernel Panics in macOS 10.15.1

Current workaround remove the kext

rm -rf /Library/Extensions/CbDefenseSensor.kext

Cisco WebEx

https://help.webex.com/en-us/73zvl3/Known-Issues-Limitations-and-Support-for-Cisco-Webex-Meetings-for-macOS-Catalina

Update to WBS39.7.7 or later to get Catalina (10.15) native app support. Or use web browser.

Screen sharing now prompts users: WebEx “would like to record this computer's screen.”
Can not use TCC to whitelist, can only block with TTC.
Users have to approve in order to share screen.

Default selection is “Deny”

CrashPlan

https://macadmins.slack.com/archives/C0DM3GKT7/p1570631512000700

Catalina’s new Privacy Controls may stop CrashPlan from backing up files from locations protected by privacy controls.
See https://support.code42.com/CrashPlan/6/Troubles hooting/macOS_not_backing_up_files_with_personal_data (use TCC configuration profile to grant application access)

GoToAssist

Latest version (1610) of both Customer and Expert are still 32-bit.

https://community.logmein.com/t5/GoToAssist-Remote-Support/GoToAssist-Mac-64bit-application/m-p/194403#M5256

Update: 1673 was released 10/19 and is 64-bit.

Meraki

See Update not found, Error downloading

Microsoft Intune

https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Microsoft-Intune-Support-for-iOS-13-and-iPadOS/ba-p/861998

Intune 1909+ for iOS 13 Support

Native Instruments

https://support.native-instruments.com/hc/en-us/articles/360001890378-macOS-10-15-Catalina-Compatibility-with-Native-Instruments-Products

“Native Instruments software and hardware products are not supported under macOS 10.15.”

Traktor

iTunes was replaced with Music. Tracktor is not yet compatible with Apple Music.

“10.15 Catalina will terminate the operability of NI legacy hardware”

https://support.native-instruments.com/hc/en-us/articles/360000334278

OBS

https://obsproject.com/forum/threads/macos-10-15-catalina-support-status.111343/

OBS does not yet prompt users for permission to record the screen.

Work around is to

open /Applications/OBS.app/Contents/MacOS/OBS --args -picture

Which will display the prompt in terminal.

PPPC-Utility

https://github.com/jamf/PPPC-Utility

‘1.1.2 - Bug Fix’ seems to work with Catalina (10.15).

Rekordbox

Due to iTunes being replaced with Apple Music, Rekordbox can no longer reference iTunes xml files.

Wacom

Wacom Software may prompt for Accessibility Access

Prompts for Accessibility are for:

/Library/Application\ Support/Tablet/WacomTabletDriver
/Library/Application\ Support/Tablet/WacomTouchDriver

Deploy JAMF TCC

Create smart group TCC Configuration Profile is Present

Profile Name HAS “Privacy Preferences Policy Control”

TCPP Profile

Use PPC Utility

Add WacomTabletDriver

Set Accessibility to Allow

Add WacomTouchDriver

Set Accessibility to Allow

Upload to your JAMF PRO

Attach Configuration Profile to Smart Group

Google Drive File Stream - v33.0

Google Drive File Stream Prompts for Privacy Accessibility (10.14+)

JAMF TCC CP

Create Smart Group TCC Configuration Profile is Present

Profile Name HAS “Privacy Preferences Policy Control”

TCC CP

PPPC Utility

Add /Applications/Google\ Drive\ File\ Stream.app

Set Accessibility to allow

Upload to JAMF
Attach Configuration Profile to Smart Group

Issue:

Unable to edit and then save (overwrite existing file) files that live within Google Drive File Stream.

Troubleshooting:

Reinstalled GDFS, Tested with V32.0, check permission of files and folders.

Fix:

Ensure Google Drive File Stream has Full Disk Access within Privacy settings.

Google Software Update

Google Software Update may prompt for access to System Events

QuickTime 7

32-bit no longer supported.

Quicktime Player will try to convert old .mov files when opening them.

If Quicktime Player locks up on trying to convert old .mov files (like iDVD rendered mov, old iMovie rendered mov), programs like Aiseesoft MP4 Converter for Mac might be able to converting method.

Symantec

https://support.symantec.com/us/en/article.TECH256581.html
“macOS 10.15 Catalina support will be provided in SEP 14.2 RU2. Current estimate for this release is mid-November 2019.”

VMWare

https://communities.vmware.com/thread/611961

Zoom

Zoom.us.app

Latest version of Zoom 4.5.4 doesn’t seem to crash with built-in camera on T2-chipped computers running macOS 10.14 & 10.15
Screen sharing may now prompt users for “zoom.us would like to record this computer's screen.”

Trying to share screen to zoom room fails to prompt for “zoom.us would like to record this computer’s screen”.

Workaround is to start a meeting using zoom, then share your screen, will get prompt.

Can not use TCC to whitelist, can only block with TTC. User have to approve in order to share screen.

Zoom Room.app

May now prompt for keyboard access

Community Observed Issues

Mail Data loss after macOS upgrade

From https://mjtsai.com/blog/2019/10/11/mail-data-loss-in-macos-10-15/

What I’m hearing:

Updating Mail’s data store from Mojave to Catalina sometimes says that it succeeded, but large numbers of messages turn out to be missing or incomplete.
Moving messages between mailboxes, both via drag-and-drop and AppleScript, can result in a blank message (only headers) on the Mac. If the message was moved to a server mailbox, other devices see the message as deleted. And eventually this syncs back to the first Mac, where the message disappears as well.

I don’t know whether these are due to Mail bugs or to other factors such as problems on the Mac or with the mail server. But my advice is to hold off on updating to Catalina for now. These sorts of issues are pernicious because:

You may not notice that anything is wrong unless you are looking at the particular mailbox or messages that are affected.
Because the data is synced to the server, problems can propagate to other Macs and iOS devices.
Making a backup is difficult because, even if you set the preference, Mail no longer automatically fully downloads all messages. So the backup of the local data will necessarily be incomplete. (See EagleFiler’s Importing Attachments instructions for more about this. I’m happy to have most of my mail archived outside of Mail.)
Restoring a backup is difficult because Mail data is constantly changing. There is no straightforward way to merge restored data in with messages received since the last backup, and also with the live data on the server.

Interrupting T2 Mojave 2019-001 Security Updates might cause drive corruption

https://mrmacintosh.com/mojave-2019-001-security-update-causing-data-loss-if-interrupted/

Macintosh HD icon changes after macOS upgrade

Some users have reported seeing their Macintosh HD icon change after upgrading to Catalina (10.15). Examples (with links back to their posting in Slack):

App Store lists “No Purchases” after clean install

Several reports of the App Store not showing purchase history after a clean installation. Does not appear to affect upgrade installs. No known workaround.

https://forums.macrumors.com/threads/catalina-all-purchases-not-available-bug.2204347/

DJ Software

Software that read data from iTunes Library may have problems in Catalina (10.15), due to iTunes being replaced with Apple Music. (no more iTunes music library, instead apple music library)

Xcode

Xcode may fail to update. You may Need to delete and re-download Xcode after upgrading

Freeze on Reboot After Installing Catalina

Try moving extensions out of /Library/Extensions/

Spotlight does not work in 10.14 when a 10.15 volume is present

Spotlight may not work, work around is

Boot to macOS 10.14
sudo touch /.metadata_never_index_unless_rootfs
Then reboot into macOS 10.15
sudo touch /System/Volumes/Data/.metadata_never_index_unless_rootfs
Reboot to 10.14
sudo mdutil -E /

UpdateSystemLanguages prompts for administrator access after upgrading to macOS Catalina (10.15)

Screenshot from MacMini

Looks like there are two processes on the computer named UpdateSystemLanguages

/System/Library/PrivateFrameworks/IntlPreferences.framework/Support/UpdateSystemLanguages

/System/Volumes/Data/System/Library/PrivateFrameworks/IntlPreferences.framework/Support/UpdateSystemLanguages

Running

/System/Library/PrivateFrameworks/IntlPreferences.framework/Support/UpdateSystemLanguages

from terminal causes prompt for administrator as well

?This may have to do with having more than one preferred language set in Languages & Region?

Relocated Items shows up as alias on desktop after upgrading to macOS Catalina (10.15)

Can boot to recovery, and then use terminal to delete

https://support.apple.com/guide/mac-help/a-relocated-items-folder-upgrading-macos-x-mchl8ae423a3/mac

(says Relocated Items is normal after upgrading)

Update not found, Error downloading

If your running Meraki,

Try disabling AMP or try upgrading to 15.19.+

Apple cannot check it for malicious software

macOS Sierra, High Sierra, Mojave

sudo spctl --master-disable
Can undo with sudo spctl --master-enable
OR
sudo codesign --sign - --force --deep <app-path>

Warning less secure

macOS Catalina

xattr -d com.apple.quarantine <app-path>

From https://apple.stackexchange.com/questions/366542/install-spotify-cant-be-opened-because-apple-cannot-check-it-for-malicious-so

SSH

https://www.jamf.com/jamf-nation/discussions/33575/jamf-%2B-pppc-%2B-catalina

Keychain Deletes insecure items.

When there is an insecure keychain item, meaning every app is able to access, the keychain item may be removed. ?Possibly at logout?

This copy of Install macOS Mojave.app application is damaged and can't be used to install macOS.

https://medium.com/@a.m./solved-this-copy-of-the-install-macos-high-sierra-app-application-is-damaged-4d7688b6f427

?May be needing date & time correct, or date/time format in correct format?

Orphaned APFS

If you’re wiping a Mac, you want to repartition the storage device, in order to avoid orphaned synthesized APFS “containers” and APFS “Volumes”

MDM Configuration Profiles no longer removable by end user

https://twitter.com/Contains_ENG/status/1187434092285087744

“undocumented change to MDM profiles. You can no longer mark them as "removable". The only way to remove MDM profiles now is by unenrolling from MDM or the MDM sending a removal command.”

When asked why “to match iOS behavior”

10.15.1

Fresh install of 10.15.1 (19B88), ?may? result in /var/log/system.log requiring administrator access to view.
bridgeOS and the intel display driver are causing the panic in 10.15.1..

Finder Locks up While using iCloud Drive

Disabling iCloud Drive and re-enabling can resolve issue

Time Machine Backup fails to complete after upgrading to macOS Catalina (10.15)

https://www.cerebralgardens.com/blog/entry/2019/11/25/solved-my-time-machine-and-catalina-issues

10.15.1 may break update keychain password

https://mrmacintosh.com/10-15-1-update-breaks-update-keychain-password-again-workaround/

Manually add devices to the Device Enrollment Program

ADP: ASM, ABM, DEP

Use Apple Configurator 2 to enroll into DEP “ASM”

Can enroll iOS, ipadOS, tvOS devices.

Requires

iOS 11+
tvOS 11+
iPadOS

30 day provisional period

During the first 30 days

Lock screen displays 30 day probationary period
During the 30 days, the device can opt out of ASM

After 30 days

the probationary warning is removed from the lock screen.
the device can not opt out of ASM

Reference

Questions:

Is there any way for a user after 30 days to opt out of DEP after manual enrollment into DEP / ASM?

To manually enroll a device

…

Cache 2 Servers

Remember to upgrade your Cache 2 servers to macOS Catalina (10.15)

Will they not stop working if we do not update them? ~ Buck C.

VPP / DEP / ASM / ABM

Check your instant for new TOS to agree to

Preparing for Catalina (10.15)

Finding 32-bit applications

Use a google doc to collect a list of all 32-bit applications in your device fleet

https://github.com/AllWorkAndNoPlay/jss-scripts/blob/master/32-bitCollector.sh

About finding 32-bit Applications

https://www.jamf.com/blog/how-to-find-remaining-32-bit-applications-on-macos/

Application with Path

/usr/bin/mdfind "kMDItemExecutableArchitectures == 'i386' && kMDItemExecutableArchitectures != 'x86_64' && kMDItemKind == 'Application'"

Application without Path

/usr/bin/mdfind "kMDItemExecutableArchitectures == 'i386' && kMDItemExecutableArchitectures != 'x86_64' && kMDItemKind == 'Application'" | grep -v "/System/" | sed 's:.*/::'