When you log on to Outlook from a workgroup, or untrusted domain, the outlook client sends the local credentials to the Exchange server, up to twelve times, even if the user enters the domain credentials when the logon box is presented.
If the current name matches a domain user name, and it is NOT the same name that is used to access a Microsoft Exchange server's domain, the account is locked out when the password policy is set to allow twelve bad password attempts.
If the user enters credentials that match a different user in the domain, but not the account that is used to access the exchange server, that account is credited with 3 bad password attempts. When that account logs on, it may be locked out.
The preferred workaround is to logon to the Exchange domain or to a trusted domain.
You could also make the password policy less restrictive, but I wouldn't.