OK. Since you asked specifically about endpoints, I would say the biggest issue is user awareness. When you intorduce ISE it changes how user endpoints access the network. If it is not communicated well and thoroughly, it can result in many issues even when all the technical aspects are done correctly. For that reason, Cisco recommends doing a phased implementation starting in monitor-only mode and working through to a clsoed mode implementaiton gradually.

As far as technical issues, the most common ones are the wide variety of endpoints. For your managed endpoints you can control and deploy exactly the software you want. For your mobile endpoints, ISE can integrate with your Enterprose Mobility Management (EMM) solution via API to check for device status (requires Apex license level).

However since you are allowing guest and BYOD, that introduces unmanaged endpoints. You have no control over what OS, software, etc. the users will have there and need to realize that the clients will "misbehave" and sometimes produce unexpected results.

For your guests, a lot depends on what access you will give them. For instance, you can require nothing other than sponsor approval to give guest internet only access. If you are allowing authorized guests internal network access, you may want to check their posture (Apex license required) and ensure that they have a current antivirus product. Or you may want to limit their internal access only to specified resources. Some organizations I have worked with require a valid phone number and enforce that by sending the guest credentials via SMS only. Others do the same with an email. 

There are some good Cisco Live presentations about these topics - definitely review them at www.ciscolive365.com