All of the current batch of exploits requires connecting to the server via port 443 to initiate the attach. Based off what was released by Microsoft, if the server can't accept untrusted connections via port 443, then it's safe.
Access portal (and by extension, reverse proxy) requires the user(s) to authenticate. So long as their authentication means aren't compromised and there was no other way to access the server on port 443, reverse proxy and access portal would in theory protect a server.
It's important to keep in mind that an overall strict security posture is important in protecting from attacks. For example, a bot'ed computer won't be able to access something protected in a way like access portal. However, a customer's PC at home that VPNs in and is also infected now has unfettered access to the network if the VPN policy is wide open to allow access to anything.
The best course of action (aside from protecting your server via strict access rules) is to patch the server per Microsoft's guidance.
You can read more about the exploit here: