Exposing internal tools is risky.
Many internal tools don't have built-in authentication, or you simply don't want to expose their auth pages to the public internet where scanners can find them. Usually, this means setting up a cumbersome corporate VPN.