diff --git a/.pipelines/templates/mac.yml b/.pipelines/templates/mac.yml
index cd492994617..2231d668b48 100644
--- a/.pipelines/templates/mac.yml
+++ b/.pipelines/templates/mac.yml
@@ -184,4 +184,23 @@ jobs:
       Expand-Archive -Path $zipFile -DestinationPath $signedDir -Force -Verbose
     displayName: Expand Apple-signed Mach-O binaries into signed output
 
+  - pwsh: |
+      $signedDir = "$(ob_outputDirectory)/Signed-$(Runtime)"
+      $expected = 'Developer ID Application: Microsoft Corporation'
+      $missing = @()
+      Get-ChildItem $signedDir -Recurse -Include 'pwsh', '*.dylib' | ForEach-Object {
+        $bytes = [System.IO.File]::ReadAllBytes($_.FullName)
+        $text = [System.Text.Encoding]::Latin1.GetString($bytes)
+        if (-not $text.Contains($expected)) {
+          $missing += $_.FullName
+          Write-Host "##[error]Missing '$expected' signature in $($_.FullName)"
+        } else {
+          Write-Host "OK: $($_.FullName)"
+        }
+      }
+      if ($missing.Count -gt 0) {
+        throw "ESRP did not apply a Developer ID signature to $($missing.Count) file(s): $($missing -join ', ')"
+      }
+    displayName: 'Verify Developer ID signature on Mach-O binaries'
+
   - template: /.pipelines/templates/step/finalize.yml@self