You are evaluating the possibility for the Languard patching system to patch machines that are not on the LAN and instead send the updates across the internet because you have more and more people with laptops. So patching, when they are offsite, would be helpful.
While there are no problems with LanGuard operations with on-premise servers and computers, you are having issues with getting accurate scan results and pushing out patches to the remote devices.
While GFI LanGuard is primarily designed as an on-premise solution to patch vulnerabilities for machines connected to the local network, it can perform scanning and patching of any remote machines, even those not attached to the local network, as long as connectivity between the LanGuard server and the machines is ensured and the required settings and permissions are present (this would be a task of the local networking team to ensure).
For example, if a remote machine name can be resolved to a reachable IP on the internet, all the required ports are open, and security permissions are met, LanGuard will be able to scan and patch it. However, for security purposes, it's highly recommended to use a VPN in such cases. If no VPN is used, you might need to Add the Machines to GFI LanGuard Console by IP Range to ensure LanGuard scans and patches them.
Also, to address the work from home model demands, our product team is working on a cloud-based management server project.
You can find related information, join the conversation, and add any thoughts on the Align LanGuard with the new WFH reality forum thread.