Symptoms
Worklist.sdk Unauthorized entries reported by the app insight when the worklist Item refreshes.
Diagnoses
The handshake happening during the load of the worklist is being reported as a failed instance from the App. This is by design.
Resolution
This is a normal behavior of the challenge-response authentication mechanism described here :
https://blogs.msdn.microsoft.com/ieinternals/2010/11/21/challenge-response-authentication-and-zero-length-posts/
Here is the first two paragraphs from this post:
"From time-to-time, web developers contact the IE team reporting that they’ve encountered a problem whereby Internet Explorer submits a POST but fails to transmit the content body. This bodyless POST indicates via the Content-Length header that the POST is zero-bytes long, regardless of how much data was supposed to be uploaded.
This behavior occurs on servers that use challenge-response authentication protocols like NTLM or Kerberos/Negotiate. For performance reasons, Internet Explorer does not immediately transmit a POST body if it expects to immediately receive a HTTP/401 response with a challenge for credentials. Without this optimization, IE would be forced to reupload the (potentially large) POST body multiple times, wasting bandwidth."
You will notice the content length of the initial POST is zero bytes so this corresponds to challenge-response.