A. The Internet-Based Client Management feature of SCCM allows clients that are connected to the Internet without a VPN connection into the corporate network to be managed by SCCM through the use of certificates to protect the communications. There are certain SCCM features that aren't supported when using the Internet-based management features, including Remote Control, OS Deployment, and Network Access Protection.

DirectAccess lets clients connected to the Internet have full connectivity to corporate resources and also allows corporate infrastructure services, including SCCM, to have access to the Internet-based machines. With DirectAccess, clients on the Internet are treated as though they're still on the corporate network, and therefore SCCM can manage them as such. So if all your Internet clients are DirectAccess enabled, you're not required to use SCCM Internet-Based Client Management. Because the clients are treated as if they're on the corporate network, certain features (such as Remote Control) that aren't available for SCCM Internet-Based Client Management computers will be available when you use DirectAccess. Note that OS Deployment still won't function, because DirectAccess relies on certificates and domain membership, and those won't be available on a newly deployed OS.

Here's a great Microsoft blog entry that goes into more detail on DirectAccess and SCCM.