Hi We are setting this up now and it’s in a dmz and a workgroup. I happened to read this via this link. Hoping it’s not the case. It’s Couple years old, and is Configmgr 2012 but I thought recalled something somewhere. I’m guessing Reza would be able to answer this off the top of his head. I’m sure he would have let us know if a workgroup wouldn’t work. Feel free to ignore if this isn’t applicable now. https://www.petervanderwoude.nl/post/five-key-configuration-steps-for-implementing-internet-based-clients-in-configmgr-2012/
“Prerequisites Before going through these steps, there are a few important prerequisites that should be in place: * Site systems for Internet-based client management must have connectivity to the Internet and must be in an Active Directory domain. * A supporting public key infrastructure (PKI) has to be in place, that can deploy and manage the certificates that the clients require and that are managed on the Internet and the Internet-based site system servers. * The Internet fully qualified domain name (FQDN) of site systems that support Internet-based client management must be registered as host entries on public DNS servers.
