The PocketPC Phone Edition does indeed have VPN built into the OS. No third party application is required. But as with most PocketPC applications, not ALL of the functionality is there so some prefer to use third party solutions because they're easier to work with and have all of the features right up front. You should be able to connect to your firm's network no problem over GPRS. Of course you can still dial-out using GSM, if the carrier allows data over GSM. That could be a backup incase you run out of your alotted data on the GPRS connection or if you're in an area without GPRS.
You should check with your IS department, first, too. If they help you set up your currente PocketPC/cellphone link then they should be familiar enough with the PocketPC to get it to work over GPRS.