Is there a way to do inventory / deploy without having SMB ports open on the remote workstation?

We block SMB on all servers / workstations and have had to make a FW exception on the PDQ server. If this server is ever exploited (since techs have to also be administrators on this box to use the console that leaves the risk that the server could be exploited) it could push out attacks to all remote servers and desktops.

If connections could be made to the inventory agent (please bring this back) the inventory agent could do the deploy and not need to have its c$ open to anything else other then locally.