Thanks to some great help from NetIQ I have been able to make this work in our test environment. Unfortunately it requires NAM 4.0.1 (we have a beta build) which wont be out for a little while (the next few months I believe). 4.0.1 has a few changes to the way that WS-Trust is implemented.
The working configuration also required us to move from SAML to WS-Fed for passive clients. I have confirmed that Office Activation, OneDrive and a few other things work on a variety of different devices. Yah!
Look out for a TID/Cool Solution from Neil once 4.0.1 has been released.