As Patch Manager hosts the third party content on the WSUS server, the client machines will need access to a WSUS server. In most configurations you wouldn't be able to use Update Management or the Update Management Wizard to handle updates with remote clients as Patch Manager would need WMI access to the remote clients.
The easiest way to handle remote patching via Patch Manager is going to be using a VPN so they are tunneled into your network.
If that's not an option you could theoretically point them to a WSUS server out in the DMZ and they would likely need to phone home during a scheduled check in (such as via Group Policy), but that seems like it would be inconsistent at best.
This posting should help you with considerations, the main issue is that the third party content isn't going to be available from Microsoft Update: