Thumbs Up to Brian, that's exactly the way to do it
On a related note though, if you're just trying to get SEP to determine if it's on the corporate network or not, then I'd suggest using a different rule than the "Connected to Management Server" one. The reason being that I've found this to be fairly volatile, causing clients to switch locations for a simple network blip sometimes.
I'd personally suggest using the DNS Lookup rule, as I've found it far more reliable.