I would like to allow external users and road warriors which do not have VPN and access to the Endpoint Security Management to connect and download policy from a Policy Server. Since I don't want to expose my Endpoint Mgmt to the internet, I thought about putting a policy server which will deliver the policy to such users.
As far as I understand, all I have to do is to configure the policy server with External IP address and export the MSI package to the users.
Will the users be able to connect for the first time directly to the policy server to pull the package after installation?
Does anybody try it before and can point if it is working?
Are there any best practices for deploying policy server in the DMZ?
Are there any pros and cons for such a configuration?
What about Security Considerations?