We are looking to add Mac clients to our current ConfigMgr 2012 R2 infrastructure.  I currently have one HTTP Intranet only MP on the internal network, and one HTTPS Intranet/Internet MP in the DMZ (separate AD forest, and only accessible by DMZ/Internet clients).  Since I don't have my internal MP configured for HTTPS or have it configured with an Internet FQDN:

1) Would it be advisable to just stand up an additional internal MP and configure it for HTTPS intranet/internet for the Macs?  Would the intranet clients that have a certificate use that as well instead of the HTTP MP?

2) Would I need to use the same Internet FQDN on the internal MP that I have defined on the DMZ MP, or can they be different?

1. Unless you want to deploy certificates to all of your managed Windows systems, you don't have a choice here, you must deploy an additional HTTPS MP. Yes, Intranet clients with a cert will use it.

2. No, that doesn't make sense. It's not an Internet MP so you would just specify the server's own name as the FQDN.

My concern is this - We have users with Windows laptops that connect both intranet and internet.  Right now, they have the DMZ MP's public DNS FQDN as their "Internet-based management point (FQDN)".  My fear is that if I set the "Internet-based management point (FQDN)" on a new MP to be its internal FQDN, clients will try to use that DNS name to try to connect to when they are on the internet.  

EX:

PC1 is connected to MP2 on the inside network, and gets MP2.contoso-internal.net as it the Internet-based MP.  PC1 then connects to the internet, and tries to connect to MP2.contoso-internal.net, instead of cmmp.contoso.com (which is the DMZ based MP).

Sorry if I've made this more confusing than it should be.  :-)