I do understand why all these steps are required. And they are good. But how should zero-trust architecture solve that? You‘re still authenticated what the core problem is.
Zero-trust architecture just can work without a VPN, unless the network is blocked. Otherwise everything should be similar.