These clients outside of your domain, how are they currently managed by you? Do you have a current RMM or Server management software you’re using like SCCM? In order to avoid exposing those clients directly you’ll need something to run on those machines that either have an existing established connection (through another tool) or a scheduled task that could talk to an API endpoint on powershell universal’s end. From PSU perspective its handling a web request and will return what you want, probably a ps1 file. It could be technically possible, but I don’t think PSU would fit this use case well due to them being outside of your network and no secure way to communicate directly with them.
I would look into a RMM tool, something that installs on the machines you’re managing, most RMM tools will let you setup some basic monitoring and run powershell scripts. That’s what we do for our clients, and I use powershell universal to talk to the RMM’s API if there are commands I want to run or check some info from PSU.