Can I reroute all traffic to my VM's via my jumpbox?

There are many ways to go about this, there is no direct answer to this without knowing your business needs, I highly recommend reading this and deciding for your self: https://docs.microsoft.com/en-us/azure/best-practices-network-security?toc=%2fazure%2fvirtual-network%2ftoc.json

A jumpbox will not be the most secure design when it comes with Azure, as there are free tools that you can use that is cheaper and more convenient than the jumpbox.

I would avoid having SQL open to the internet at all costs, unless you have a strong business case for that, then use Network Security Group with ACLs to allow access to it only from specific IP addresses.

For your Multitier deployment, I'd recommend the following:

• Create a single Resource Group to host the environment.
• Create a Vnet with three subnets, one for frontend, the second for backend, the third for VPN.
• Create two Network Security Groups (NSG), and associate them to the frontend and backend subnets.
• For the frontend NSG, only allow HTTP/HTTPS.
• For the backend NSG, disable all kind of access from the internet even for RDP and SQL, and allow only access from the frontend subnet.
• Enable VPN on the subnet level and configure a site-to-site connectivity to your work place, or point-to-site and only allow it for specific people whom you trust.

This is a much better deployment scenario, here's a good summary of how it should look like:

References:

Network Security Groups: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-nsg-arm-portal

Azure Site-to-Site VPN: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal?toc=%2fazure%2fvirtual-network%2ftoc.json

Azure Point-to-Site VPN: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal

Access Contro lists: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-acl-powershell

Connect via Remote Desktop to all my VM's, I figured I can simple create a VPN RDP connection to my jumpbox, and when logged into my jumpbox, simply open another RDP window to my other VM's using the internal v-network IP.

Yes, we can deploy a VM work as a jump box.

Access my (loadbalanced w/ availability set) MSSQL 2016 instance directly via SQL Server Management Studio or an application using a connection string. The MSSQL instance lives on my sql-tier VM, not on my jumpbox, can I somehow forward SQL traffic from my jumpbox to my sql-tier VM? I would guess that accessing the sql-tier VM directly goes against the whole idea of having a jumpbox.

We can deploy RRAS(VPN) on jump box, it works as a P2S VPN server, after you can connect to the RRAS server, you will able to connect to Azure VM directly. We can use windows client to connect to the RRAS server, also we can install SSTP-Client on Linux, then we can use Linux to connect to RRAS server.

More information about enable RRAS as a VPN Server, please refer to the link.