In some environments, setting up a reverse proxy is preferred over putting a Mobile Management Site Server and SCEP Server in the DMZ, for increased security. There are different programs that can offer this functionality, on multiple operating systems. The general way to do this would be:
If the reverse proxy is also handling other (non-MMS) related traffic, step 2 can be refined down to the specific sub-folders in IIS on the Mobile Management Site Server, such as /MobileEnrollment, /MobileManagement, and so forth.