In our recent implementation of APM, we discovered that if a user starts their username with a capital letter, it will fail AD authentication. This was typically happening with phones, as those keyboards have a tendency to auto capitalize the first letter of a line. Here is the session variable macro I used to transparently solve this problem.
How to use this snippet:
Create a 'variable assignment' macro before your AD authentication step in the policy editor for APM, with the corresponding 'Custom Variables' and 'Custom Expressions'.