Best option under Azure to provide remote desktop access to an application?
Azure VDI is a better bet for what you're talking about. You deploy your application, and then license user access to it through your Azure subscription. This requires a significant amount of back-end setup, especially given that you've already got a working version of your app, but is really what you want to do. For a deployment that's going to service 500 individual users, you should reach out to your Azure rep for assistance in planning and licensing the solution. The Solarwinds walkthrough on publishing a non-built-in Windows application is very thorough and easy to follow if you speak PowerShell. If you don't speak PowerShell it's all gonna be a slog.
If you want to use RDS, you will need to build an RDS farm to support that many users.
Deploying an RDS farm on Azure can be done through the Azure Marketplace. If you don't want to use the marketplace version, deploying on Azure is essentially the same as deploying on-prem, you need a gateway, some number of session hosts depending on how resource intensive your application is, firewall settings, and of course licensing. You can find more details about how to perform the technical setup here.
With per-user CALs, you need to license every user that will connect, regardless of if they are connecting concurrently or not. You attach each of these CALs to a user in your AD. With per-device CALs, you need to license the device that users are connecting FROM. So depending on how your users are connecting, your licensing options are ~the same, or vastly different. You can find more details here, but it's as clear as anything Microsoft releases about licensing.
Your best bet with any licensing is to talk to Microsoft about how to license things properly; there's a reason they offer certifications in licensing.
You should also plan to migrate off of Server 2012 if your application can support it. 2012 is out of mainstream support, and will be leaving extended support in the next 3 years. If you're running everything in Azure, the price difference is significant only if you're using the hybrid licensing benefit. If you don't have SA, you're probably in breach of licensing if you're using it. If you've got active SA, you should be deploying on Server 2016, or 2019. There are considerable improvements, as well as security enhancements between 2012(r2) and 2016, even more so with 2019.