Thanks for reaching us.
A public load balancer maps the public IP and port of incoming traffic to the private IP and port of the VM, When you place the VM which has only private IP and placed behind the LB then it will use the public Ip of the LB for incoming traffic. A load balancer rule is used to define how incoming traffic is distributed to the all the instances within the backend pool. A load-balancing rule maps a given frontend IP configuration and port to multiple backend IP addresses and ports.
When you want to access the VM on port 3389 or 22 then you need to have an LB rule created with right FrontendIp, Frontend port(3389/22), Backend port(3389/22 or custom) , Backend pool and health probe (port 3389/22). If the health probe is successful then the traffic will be sent to the right backend. You can check health probe status under metrics.
Ref:
LB Components : https://learn.microsoft.com/en-us/azure/load-balancer/components
Health Probe : https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-custom-probe-overview
Hope this was helpful. Please let us know in case of any additional questions or concerns.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well