1) Make sure that Network Security Groups (NSGs) allow inbound traffic from your VPN's client address pool (the IP Address that the RDP connection will be coming from). NSGs will sit on the NIC of the VM, or on the Subnet that the VM is in. the 'Networking' tab of the VM will show you active NSGs and their rules.
If that doesn't work, make sure that the remote computer is accepting RDP connections.