Provide a Reverse Proxy for Virtual Machines
Providing a reverse proxy function within Azure would go a long way to help secure Virtual Machines. Instead of opening ports to every VM, a reverse proxy would allow users to open ports to an Azure service. The proxy service would then differentiate incoming traffic based on DNS name.
The security functions requested in this idea can be achieved today using the Azure Web Application Firewall: https://docs.microsoft.com/en-us/azure/application-gateway/waf-overview
You should check Azure Active Directory Application Proxy for reverse proxy as a service in the cloud. It offers a reverse proxy with pre-authentication using Azure AD. It is offered as a service.
Michael J. Ryan commented
For the near term, you could use Application Request Routing with IIS, or a number of Linux options from nginx, ha proxy, and varnish. A couple extra small instances in a service cluster would do it... Nginx is particularly good in this role.
Though a SaaS option would also be nice.
Bartek Moczulski commented
Jared, you can do it using 3rd party appliance (check Azure Gallery Certified section). BTW, proxy itself doesn't help much regarding security. WAF acting as a proxy - that's a different story :)