I'm posting here because support hasn't found any documentation yet for a situation we had that I imagine is fairly common.
MX appliance WAN interfaces need Internet access and DNS resolution for their health checks and if doing Auto VPN, connectivity to the cloud hosted VPN registry service. It's a hosted solution, so it's assumed all WAN interfaces have Internet connectivity. The WAN interfaces don't care how they get Internet connectivity, so if they are using private IP addresses you just need a NAT and route out somewhere to get them Internet access.
We have an MPLS circuit using private IP addressing with no Internet access available. We needed this circuit connected as a WAN interface for SD-WAN. OSPF is also required on the LAN side, so using a LAN interface for the MPLS routing is not an option. The MXs are using Beta code to allow OSPF in NAT mode. Each site has direct Internet access and the MX appliances will be replacing the current firewalls and assuming the NAT responsibilities. The non-MPLS WAN interface is connected to a traditional Internet circuit.
The solution we have tested successfully uses the MX as it's own NAT device and Internet routing. We inserted a layer 3 switch between the MPLS circuit and the MX WAN interface. Then we provided a default route using the MX LAN IP as the next hop on this device with more specific routes for the MPLS networks. The site-to-site VPN tunnel traffic to other MPLS sites follow the MPLS routes while the WAN interface management traffic gets routed back to the LAN interface of the MX. The MX happily provides a NAT for the management traffic with no issue and the WAN interface with the private IP address now has Internet connectivity.