I was browsing the Communities and saw that your post was never answered. You raise some good questions, so you deserve an answer. Some parts of your assessment are correct, and others are not. Let me try to clarify some.
The long-term vision of Cisco DNA (and Intent Based Networking in general) requires key capabilities like 'host mobility' with 'dynamic authentication & identity' and 'address-independent policy enforcement', and an infrastructure to support that.
For those reasons... you are quite right that DNA (and DNA Center) favors SD-Access fabric overlay with full-blown ISE and CTS for Policy administration. Without those, we will forever be tied to IP subnets, VLANs and IP-based ACLs (circa 1990).
However, SD-Access separates IP subnets & VLANs (called Pools) from group-based policy enforcement (called Scalable Groups). Furthermore, the fabric overlay is routed and does not use "VLAN" to forward traffic. VLANs (and corresponding SVI with Anycast IP) terminate at the first-hop edge device, and are then routed via the fabric to the remote edge device.
Also, as you noted: DNA Center does support both fabric & non-fabric Provision and Assurance workflows. Similarly, the Policy workflow does actually support IP-based ACLs for non-fabric designs. Of course, you also take on the additional complexity.
For example - DNA Center Policy > Policy Administration
We understand that this will be a journey... and it will take time to reach the long-term goal. You may want to start out non-fabric, with IP-based policy... and then move on to fabric and group-based policy later.
The important thing is to decide if that's the direction you will eventually go... and then build the infrastructure to support it!