I have followed all the steps from MS on how to enable LDAPS for Azure AD and was able to create an external IP address for LDAPS access.

However, when connecting to this IP using an LDAP client (e.g. Apache DS) I am getting the error message: LDAP: error code 2 - PROTOCOL_ERROR: The server will disconnect!

I am able to telnet to port 443 (ports 389 and 636 are closed) on that IP and the outcome is the same using the IP or the domain name which has been configured.

I have seen several articles which state that Azure AD does not support LDAP queries but all of them seem to have been written a few months/years ago and I was under the impression that this is a new feature (the MS article is dated 09/2016).

Has anyone seen this issue and knows how to solve this? Is this even possible or have I misunderstood the purpose of these LDAPS connections in Azure AD? Thanks.

Yes, the Azure AD does not support LDAP queries, it only supports the AD Graph API, this will not change because it is just by design.

The article you provided is about how to configure a feature called Secure LDAP for the Azure AD domain Service managed domain. After enabling this feature, you will be able to connect to the managed domain using secure LDAP over Internet from your client computers.

The Azure AD DS managed domain is just like the on-premises AD and can support LDAP/Kerberos/NTLM as well, it's a different concept with Azure AD. Organizations can use Azure AD DS to manage the corporate domain in cloud without deploying site-to-site VPN connecting their on-premises domain or setting up an additional DC in the cloud. The users/groups accounts and credentials are stored in Azure AD, they can either be cloud-only or synced from on-premises domain using Azure AD connect. More info about Azure AD domain service here.