If you want to deploy Linux in an enterprise scenario properly, the only real option is using RHEL. Red Hat has a product called Satellite which allows for centralized managing of RHEL installs. This includes patch management, security policy monitoring and provisioning. You can also use something like Red Hat IdM to do user management like in AD. It is also basically your only choice if you have to comply with something like HIPAA. For AV you can use something like Sophos if you absolutely need it https://support.sophos.com/support/s/article/KB-000038296?language=en_US .

Have a look at manage engine software

There's Zscaler for Linux. We're using it in our corpo.

You have to run your software mirror no matter what. Even if it's a proxy mirror where you don't actually store most of the packages.

SELinux/AppArmor for more granular access policies.

SSSD connects local auth with AD.

You should look into what your vendor has on offer, e.g. Landscape if you're on Ubuntu.

As others have said config-as-code would probably be part of the equation too.

If you want to control users, don't give them admin privileges.

Most of things you enumerated solve windows specific problems and therefore have no analogs in other OSes.

There's a lot of universities using Linux on their pc labs, I guess you can look up how they admin their systems to compare. When I was in college, I had a programming class (R language for actuarial sciences) and the computer had some restrictions, like we couldn't save anything locally so we had to plug a pendrive to save our scripts and we couldn't install any library not installed by default.

That list makes me wanna get a job on a small company of up to 10-20 people, where none of these things are usually needed...

In no particular order;

• Detecting "installed" software is iffy. Linux can have all kinds of things running on it that aren't "installed" as-such (same as Windows with portable EXEs, Linux has AppImage/etc). Excepting things like that, you can detect installed apps through the package managers (apt/pkg/yum/snap/etc).
• OS updates in Debian-likes and Redhat-likes are controllable out of the box, but I'm not familiar with a way to prevent a user from doing them (other than denying them root access, which might make it hard for them to use the system, depending on what they need to do).
• I've had a lot of good results with OpenVPN.
• lol antivirus. Not saying Linux doesn't get viruses, or that there arent antiviruses for Linux, but the best way to avoid getting them is still to just avoiding stupid shit. Best thing I can offer is that if you have some kind of centralized storage, check that for compromised files frequently, and keep excellent backups. And make sure your firewalls and ACLs don't suck.

Linux noob here... But aren't there user types? Like admin with install permissions and user type without ? Doesn't that take care of most of your questions?

FreeIPA?

Edit: You can use Fleet comander https://fedoramagazine.org/join-fedora-linux-enterprise-domain/

Antivirus would probably be clamav.

As for policy, selinux would be my first Google.

Software allow lists I’m only going to mention system wide since stopping user space installs or chroots would be your software detection tool that I would be clueless on. System wide I’d look at sudo where you can control exactly what root level commands different users/groups can run.

policy control

It's not exactly the same, but you could use puppet to enforce configuration

Software Center with software allow lists

You can setup a custom repository with only approved software and then set that as the only one that the system is configured to retrieve packages from. This can also be controlled via puppet.

controlled OS updates

Same as the previous point. Upgrades are installed from the repos.

zscaler

I don't know what that is/does, and their website isn't helping.

software detection tool to detect what's been installed and determine if any unallowed software is present

I'm pretty sure carbon black app control has a linux version.

antivirus

There are a number of different antivirus solutions for linux. A quick search will give you a bunch of lists. I'm not personally familiar with any of the options, but I don't imagine it will be difficult to find one that will work for your use case.

BlueBuild and deploy your customized image to the devices

A lot of points you mention can be achieved with Univention (a debian based central management environment) and a few extra steps. Should be possible, imho.

All in all, i guess something like Fedora Silverblue (immutable) with some remote management software?

There are plenty of RMM tools/companies that support Linux platforms.

One thing to take a look at for central account control, sudo rules and a few other things. Is freeipa/rhel idm.

I was looking for what you said a few years ago out of curiosity before and remember looking into something called Shibboleth. I didn't looked into it in details but it seems to cover identity and policy management. Not sure about the rest of the features you need though.