So I have tentatively found a workaround. We also utilize SW IPAM, so we created a private supernet that is not being used onsite, 172.17.0.0/16, and broke that up into 4 /18 subnets, and labeled them "External_Node_Block1-4". This subnet is NOT integrated with DNS and only exists within the IPAM environment.
Upon PaaS node creation, we set it up as an external node, name it the FQDN of the PaaS instance. This will create the record with the resolved DNS IP of the instance. From here, I then log into my IPAM IP reservation request service, reserve one of the IPs, and put in the FQDN of the PaaS instance as the host name. After the IP is reserved, I then go back into the external node and change the IP to one of those that were reserved through IPAM. NOTE: any IPAM will do, we just happen to be using SW's.
From there, I can create a variety of different checks, most of them parameterized powershell scripts. I can pass the PaaS instance DNS name just the same, and it still resolves to the publicly available IP.