Hi Phil,
Outlook will prompt for a new PW when it expires.
Normal ADFS redirection involves the workstation to go to AD FS, grab the token, and then redirect back to O365 once authenitcated.
O365 cannot redirect the Outlook client directly to AD FS. So what happens is, Outlook contacts O365, O365 sees you are federated, contacts your AD FS endpoint, the token is returned to Exchange, which is returned back to the workstation, IIRC.
Normally, when you sign into the portal via a browser, O365 redirects the workstation itself to AD FS to grab the token. Outlook doesnt/cant handle this redirection, so it relies on Exchange Online to obtain the token from AD FS, and then relay it back to Outlook (One of the reasons why Rich Clients require the AD FS infrastructure to be internet contactable, usually through the AD FS proxy, although you could always just publish your AD FS server itself.)
This is why you see the prompt for Office365.outlook.com, instead of your AD FS endpoint.
Regards,
-Victor