Azure Bastion
Azure Bastion is a fully managed jumpbox service that supports both RDP & SSH over the internet (over port 443)
Similarly to a Firewall Bastion requires a subnet specifically called AzureBastionSubnet which has a mask of /26 or larger
Bastion is usually deployed open to the internet so a PIP of atleast the Standard SKU is required aslong with the IP being static
The above template will deploy the PIP and Bastion host, as well as the required subnet and NSG group to allow RDP into the created VMs (of which x number of VMs can be specified)