In some cases, LMS365 users may encounter an issue (Unauthorized error with a 401 code) where images aren't displayed in quizzes, in the quiz editor, in the LMS365 player, and other areas within LMS365, when Microsoft Cloud App Security is enabled on the tenant.
This article explains the circumstances under which this may happen and how to resolve it.
This issue can occur when both of the following settings are applied to the apps in the Conditional Access App Control apps list of the Microsoft 365 Defender admin center:
- SharePoint is included in the list of apps affected by session controls. This results in the modification of all URLs to the following format: "tenant.sharepoint.com.mcas.ms".
- LMS365 isn't set as the app to use with session controls.
As a result, LMS365 users encounter an Unauthorized error with a 401 code when accessing images from a SharePoint site, from either the LMS365 Admin Center or the LMS365 player. This error occurs because the LMS365 app tries to load images using the original URLs instead of the modified "mcas.ms" URLs.
To resolve this issue, follow these steps:
1. In the Microsoft 365 Defender admin center, navigate to Settings > Cloud apps > Conditional Access App Control apps.
2. From the list of apps on the opened Conditional Access App Control apps panel, find LMS365 and select its vertical ellipses on the right-hand side of the panel.
3. From the list of actions, select Edit app.
4. On the opened panel, select the Use the app with session controls checkbox. By default, this setting should be enabled. When enabled, the "mcas.ms" will be added to the URL of the LMS365 Admin Center.
Clearing this checkbox will cause the issue described in this article.
5. Select Save.
6. Once the previous steps are completed, clear your browser data and start a new session.
7. Check that the URLs of the LMS365 Admin Center and the LMS365 player include the "mcas.ms" part, for example:
Make sure you have at least one active session policy that will be applied to the LMS365 application as well.
To verify this, go to Policies > Policy management > Conditional access.
Here is an example of the template monitor-only policy: