I was able to host the RDWeb page behind an AD Application Proxy and use Azure AD authentication before hitting the web page. You can use AD App Proxy with the RD Gateway URL but not with authentication, it just acts as a reverse proxy.
The AD Application Proxy acts as a hosted revers proxy service in Azure. The downside is it requires Azure AD, so if you don’t have that it may not work for you. I published the RD Web page through the Proxy to avoid opening ports on the firewall. Users hit the proxy URL prior to the RDWeb page, forcing them to log in.
If you are looking for one-off VM access, Just in Time is probably the better bet. Microsoft has another product Remote Desktop Modern Infrastructure that will provide most of the RDP infrastructure as a service. That’s still in private preview.