There is no point to having Public IPs on VMs that are protected / routing traffic using Azure firewall, as return traffic will be dropped by the firewall. You can have Public IPs on VMs that are in subnets that are not routing traffic to the firewall / protected by Azure Firewall.
You can also have the VMs accessible via Azure Load Balancers, or the Azure Firewall's Public IPs. You can even detach your existing IP addresses (with DNS names) and add them to the Azure Firewall, then create a DNAT rule to your VM. If you have a large number of VMs this might get quite tedious though.