You can create accounts from within the Office 365 administrative interface, which use the 'tenantname.onmicrosoft.com' domain, and have a status of 'In cloud'. Any user synchronized from AD has a status of 'Synced with Active Directory'.
The only potential issue I can think of is that at present, our SSO is only available internally. However, given that the mobile device is connected to an internal wireless network, I wouldn't expect this to be an issue (it can authenticate via the SSO web interface with no problem).
I will check the APM logs later and report back.