One month ago NETIQ support gave us a part of your solution as workaround.
I just want add some information about this step
Edit metdata SLO url to “http(s)://<>/nidp/jsp/namO365Logout.jsp”
is not always possible. The administration console (4.0.1) don’t let you to edit the metadata if you don’t put a signing certificate. The only way to modify it is tampering the original iManager js check about the presence of a Signing certificate. Since Office365 doesn’t sign the requests, this is what we had to do