How do I configure such Defender so that the DSS listens on both IPs: a public & a private IP addresses or select the interface it listens on? Can a DSS be multi-homed?
Yes, the DSS can listen on multiple IP addresses. To do this, you should create multiple "Security Servers" in ADUC | Defender | Security Servers, one for each IP address the DSS is using. Access nodes should then be applied of these created Security Server objects,