There's a flaw at the heart of most Zero Trust methodologies.
Zero Trust brokers can't check the health of user endpoints. But these endpoints are being trusted to access enterprise resources that the broker is supposed to be protecting!
Most endpoints are running an OS like Windows with their own vulnerabilities - not to mention legacy apps installed on each device.