EDIT: Use caution on 7.13 and laptops/tablets. Normal runtime on my test machines are 7 hours. With Endpoint 7.13 its down to 1.5 hours due to excessive CPU utilization. This is AMD and Intel platforms with current Win 10 patches.
This is purely from my own point of view from using a larger test fleet. This may not apply to you. This only applies if you use Fleet at all.
Original dev setup. 7.12.2 with Endpoint deployed to 40 test machines. Endpoint is purely detection mode only. Will move to a much larger test fleet in the coming week.
The migration went silky smooth from 7.12.2 to 7.13. This is now been 2 migrations that didn't fail! Thank you dev's for listening to the crys of the poor admin's that already do way to much. A very nice touch was added in that is now pulling kibana away from being the constant source of failures and it starts and will finish the migrations in the background. Please do not ever remove this!
7.13 is a ripe and replace change. The only thing that will survive the update is the policy names. All agents will be disconnected. You will see a warning notice and a link to the changes "very nice". What it does call out in the notes is that the agent's will have been sent the unenroll command. This FAILS and leaves you in a rather nasty spot. Nothing is removed. Now you have agents that are disconnected and buffering logs to send to a server that is actively rejecting them. Disk space = gone on agent side. This really only applies to machines with smaller drives, think point of sale terminals or very low utilization servers. To counter this unenroll all agents PRIOR to upgrading! Please note this still leaves the Elastic Agent installed and running on the machine. You will have to script it's removal.
With the addition of the new fleet service proxy you will need another VM/Container or two at the least in order to see the benefits. You will not need 1 per policy. I only glanced at the notes and didn't read them in detail but that never stood out to me. You can start to see the load balancing of endpoint which has been sorely needed for sometime now.
Another annoyance is if you have any data from 7.10.x agents up to 7.12.2 agents still in your indices you can pretty much count on the SIEM part not showing events. This is partly due to the version changes to the ecs that changed. The alerts will not be in error but you clearly will see nothing appearing. Removing the old index if you don't need the data or waiting for the ILM to remove it and you'll start having events.
On a plus side the ILM policies where not reset to default this time so you wont come back and find your drives are full. Always fun to see 20Tb disappear for logs on only a few machines in a matter of days.
Access Denied when registering the agents is far more common in 7.13 then it has been in the past making scripted deployments more difficult.
Overall this so far has been well worth the upgrade! 7.12.x was a train wreck. 7.13 seems to have corrected over a dozen issues that were starting to pop up. Only time will tell but it's worth the update and extra leg work. As far as event detection I haven't tested anything yet as the release version has only been out for 24 hours.
Thank you Elastic Dev's you guys are awesome!