Zero Trust is as simple as setting up your network so there are no arbitrary services added to the network that are discoverable or visible that are not known in advance, vetted and trusted. For end users it looks like a wifi hotspot where you cannot see other machines connected to the hotspot, and they cannot see you. Most modern services work fine in this environment, but older less secure, let's host a server on my desktop type software will not work. It also means getting rid of a lot of shared services where Bob in sales can click on an attachment and bitlocker all the contents of shared drives.
Zero Trust unlocks a couple very desirable things: simpler LANs with less stuff to break, it's harder for trojans to spread, and better access control. Zero Trust is also really hard to do in places where you have a huge, managed LAN and a bunch of thick client software that relies on direct network connections, or direct connections to database servers and the like.
To put it more succinctly, in the zero-trust mindset it isn't ever _your_ network.
It's a network you happen to be connected to. Your only trust the network at the physical layer that it won't destroy your hardware. Beyond that you don't trust anything you receive over the network that you can't independently verify.
Zero Trust unlocks a couple very desirable things: simpler LANs with less stuff to break, it's harder for trojans to spread, and better access control. Zero Trust is also really hard to do in places where you have a huge, managed LAN and a bunch of thick client software that relies on direct network connections, or direct connections to database servers and the like.