for-mac "Docker is damaged and can't be opened" error and Gatekeeper blocking Docker.app

Description

I am trying to deploy currently latest version of Docker Desktop 4.32.0 (for Apple Silicon) DMG-file via Microsoft Intune to managed Mac-devices and I am also facing same issues than reported on issue #7046. When Docker Desktop have been installed from Company Portal, users will get this:

After that, users need to manually delete the app so Intune will re-install it again when checking device settings. For some users, that works and Docker.app will open normally from Launchpad. For some other users, it does not.

We have also identified this from Gatekeeper, which also prevent some users to open Docker.app from Launchpad: Screenshot 2024-08-06 at 12 14 47

Anyone else still facing these issues? This version is not ready for Intune-deployment due to these problems.

Reproduce

Deploy Docker DMG-installer from Intune to test device to be available.
Install Docker from Company Portal to test device.
Try to open Docker.app from Launchpad after installation.

Expected behavior

Docker.app should open normally and be allowed from Gatekeeper.

docker version

Client:
 Version:           27.0.3
 API version:       1.46
 Go version:        go1.21.11
 Git commit:        7d4bcd8
 Built:             Fri Jun 28 23:59:41 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.32.0 (157355)
 Engine:
  Version:          27.0.3
  API version:      1.46 (minimum version 1.24)
  Go version:       go1.21.11
  Git commit:       662f78c
  Built:            Sat Jun 29 00:02:44 2024
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.18
  GitCommit:        ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
 runc:
  Version:          1.7.18
  GitCommit:        v1.1.13-0-g58aa920
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker info

Client:
 Version:    27.0.3
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.15.1-desktop.1
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.28.1-desktop.1
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-compose
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.32
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-debug
  desktop: Docker Desktop commands (Alpha) (Docker Inc.)
    Version:  v0.0.14
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-desktop
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-dev
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.25
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-extension
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-feedback
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.3.0
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-init
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-sbom
  scout: Docker Scout (Docker Inc.)
    Version:  v1.10.0
    Path:     /Users/janparttimaa/.docker/cli-plugins/docker-scout

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 27.0.3
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: ae71819c4f5e67bb4d5ae76a6b735f29cc25774e
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
  cgroupns
 Kernel Version: 6.6.32-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: aarch64
 CPUs: 11
 Total Memory: 7.657GiB
 Name: docker-desktop
 ID: 59a88e3c-540f-4cab-bdd0-4462e9a91a8c
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=unix:///Users/janparttimaa/Library/Containers/com.docker.docker/Data/docker-cli.sock
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Diagnostics ID

E722C64F-C843-4A7C-A704-5B7903D2A2F8/20240809111229

Additional Info

We are using Mac-devices with Apple Silicon only. This can be tested with any Mobile Device Management-solution, not just Intune.

Aug 09 '24 11:08 janparttimaa

I'm facing the same issue with my company Mosyle Self Service

Aug 23 '24 14:08 tas88-sys

I had the same issue, no MDM on my Mac (Apple Silicon, no Rosetta) around the same time as your report.

I tried again this week, and now that I tried again i have a different issue: #7405

Sep 08 '24 18:09 danielthedifficult

Hi.

This issue seems to persist even for newer Docker versions on MacOS Apple Silicon (Docker Desktop 4.43.2 for Mac).

For now, we disable the Docker Desktop auto update feature to avoid future damaged installations. And make sure to allow Docker via MacOS Settings Privacy & Security → set to Open Anyway if visible.

No solution/workaround were found in the release notes: https://docs.docker.com/desktop/release-notes/

Thank you.

Aug 01 '25 11:08 SupportQover