The Windows Mobile targeted policies are for systems that have a higher WAN vs. LAN connected policy, not smartphones. I forget the exact balance (60/40?) and how the WAN\LAN connection determined by Altiris, suffice it to say, I prefer to create my own targeted policy for a specific criteria.
I know the remotely connected process\idea is something kicked around for quite sometime. Currently you could setup a NS\Site Server combo in the DMZ or internet facing areas, but it is a bit cumbersome, and may require you to open more holes than it's worth.
I have been (especially in my previous consulting life) looking forward to the model mmoney has described, and I'm also aware that other products currently do it.
Needless to say, mmoney, not everyone on here, even if they are marked as Symantec employees, are product managers. So, keep it easy on the " ALL CAPS YOU SHOULD BECAUSE..." comments.