Add publishing guidance for macOS applications (#49417)

* Initial plan

* Add Mac OS publishing documentation

Co-authored-by: agocke <[email protected]>

* Update warning message about unsigned apps

Co-authored-by: agocke <[email protected]>

* Fix macOS branding and add debugging entitlements

Co-authored-by: agocke <[email protected]>

* Add links to publishing overview and Apple notarization docs

Co-authored-by: agocke <[email protected]>

* Clarify Native AOT terminology and add links

Co-authored-by: jkotas <[email protected]>

* Reorganize signing section structure

Co-authored-by: jkotas <[email protected]>

* Apply suggestions from code review

* Update docs/core/deploying/macos.md

* Update docs/core/deploying/macos.md

* Update docs/core/deploying/macos.md

* Update docs/core/deploying/macos.md

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: agocke <[email protected]>
Co-authored-by: jkotas <[email protected]>
Co-authored-by: Jan Kotas <[email protected]>

Author: 3 people

docs/core/deploying/macos.md

@@ -0,0 +1,47 @@
+---
+title: Publish .NET apps for macOS
+description: Learn how to publish .NET applications for macOS, including signing, notarization, and app entitlements.
+author: agocke
+ms.author: angocke
+ms.date: 10/22/2025
+ms.topic: how-to
+ai-usage: ai-assisted
+---
+
+# Publish .NET apps for macOS
+
+Publishing .NET applications for macOS requires several additional steps compared to other platforms, due to Apple's security requirements.
+
+## Prerequisites
+
+Before you publish your .NET application for macOS, ensure you have the following:
+
+- **Apple Developer Account**: Needed for code signing and notarization.
+- **Xcode Command Line Tools**: Provides `codesign`, `altool`, and other utilities.
+- **.NET SDK**: Ensure you have the latest .NET SDK installed.
+
+## Produce your app using .NET SDK
+
+Use one of the methods described in the [.NET application publishing overview](/dotnet/core/deploying/) to produce an application. You can create either a framework-dependent or self-contained application.
+
+## Sign and notarize your app
+
+Use [Apple's developer documentation](https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution) to sign and notarize the app native binaries. .NET creates a native *apphost* executable as the entry point for your app. This apphost must be signed and, if your app uses special capabilities, it must be assigned the appropriate **entitlements**.
+
+### Entitlements for apps not published as Native AOT
+
+For apps not published as [Native AOT](native-aot/index.md), the `com.apple.security.cs.allow-jit` entitlement is required.
+
+### Entitlements for apps published as Native AOT
+
+For apps published as [Native AOT](native-aot/index.md), no entitlements are required.
+
+### Optional entitlements for debugging and diagnostics
+
+The following entitlements enable additional debugging and diagnostic capabilities:
+
+- **`com.apple.security.get-task-allow`**: Needed for dump collection with `createdump` and `dotnet dump`.
+- **`com.apple.security.cs.debugger`**: Needed to attach a debugger to the process.
+
+> [!WARNING]
+> Failing to sign and notarize your app might result in the application crashing while executing a restricted operation.