Many of our employees work remotely. Assuming no VPN is present, would this disqualify them from utilizing the MDBR service, as they would not have an internal DNS server?

Remote users can still utilize the MDBR service. However, since they are not at a “known” location, their requests would not report to a specific member organization’s account. When those users make a malicious domain request, the “Unidentified Location” policy would be applied. The user will be protected from malicious content, but the blocked domain lookups will not be correlated to their member organization’s account for reporting purposes.