You would need to install an agenthandler in your DMZ reaching the internet. Some ports need to be configured on your firewall allowing your agenhandler to communicate with your epo and databaseserver (if installed seperately).
You then will have to create a rule how and wich agenthandlers to use for wich systems you.
For example you have your epo-server being the only agenthandler right now, you would make it an epo-wide policy to use the new agenthandler in the DMZ as second option. Now when your "outside of the office" notebook can´t reach your normal epo it tries the second option (your agenthandler ind the DMZ) and gets all the updatestuff and reports to epo and so on...
yes an agent handler in DMZ will help to achieve your requirement
The only down side to this implementation is you have to expose your SQL server to the Agent Handler in your DMZ through your internal firewall, which could be used to compromise your SQL server if the Agent Handler was compromised. Just be mindful of what other SQL Databases you are running on the same SQL server as your ePO Database.
McAfee Certified Product Specialist - ePO