We do block VPN on our corporate network, yes. A VPN is a tunnel that hides user activity from our monitoring and DLP tools and use of VPN from our network to the outside is against policy. Likewise, sharing your credentials with a third party is against policy.
The attacker is LinkedIn. The employee is the attack vector. LinkedIn is engaging in a phishing attack.
You didn't explicitly answer whether you consider VPN usage to be a man in the middle attack. I understand banning it (as well as this LinkedIn feature) on a corporate network, but not considering either a man in the middle attack.
VPN is a tunnel, not a MITM. It's used to bypass our monitoring and filtering. You're tunneling out of our network into someone else's, which may have more favorable rules.
This is a MITM, because LinkedIn is intercepting and modifying the traffic between the email server and the client machine, traffic which is supposed to only be read by the recipient. A VPN isn't intercepting traffic, it's used to tunnel traffic. LinkedIn is positioning themselves directly between the traffic source and the destination to read and modify the transmission.
The attacker is LinkedIn. The employee is the attack vector. LinkedIn is engaging in a phishing attack.