"upgrade flow" ?
Are you following the steps in the MDE documentation?
From what I have read on the forum/product guide I need to upgrade EEPC 6.1.3 to EEPC 7.0. Then it will be possible to upgrade to MDE 7.1.
During tests I did transfer systems from the old ePO (with EEPC 6.1.3) server to the new ePO server (With MDE 7.1.1).
I configured the deployment task to install MDE 7.1 agent and software immediately.
During testing this upgrade was successful.
We updated some systems to the new server with very different results.
Some users were able to logon with the old EEPC UserID and password, Some users are not known to MDE and could not logon and on some systems even the user was not known.
I tested with some other migration scenarios but none of these improved the user experience. The worst user experience I had when the system was moved to the new epo server without any upgrade at all. During a test this was successful but this proved wrong during a real update. On these systems I had to perform a machine recovery, no user was known on these systems, not even the helpdesk users.
Is it better to upgrade the systems on the old epo server as described in the product guide and then move the systems to the new epo server?
In that scenario, is it possible to keep the EEPC/MDE password of the user or will this be seen as a new user with the default password?
Whichever way, remember that though machines can be moved between epo servers, users can not.
So you should expect all the users to be refreshed with new passwords etc on the new server.
I want to share my migration with you. According to the documentation it should not be possible.
Old situation: ePO 4.6.7 with EEPC 6.2
New situation: ePO 5.1.0 with MDE 7.1.1. The upgrade task to install MDE 7.1.1 (agent and software) is active
Migration: Transfer systems in the old epo server to the new epo server. When the systems report to the new epo server the migration of EEPC to MDE starts. During the upgrade the user needs to ignore the reboot message
When the user reboots (after at least 3 hours) the user is able to login with his/her old EEPC password and according to mcafee this should not be possible when the system gets migrated to a new ePO server.
When the user reboots too soon, the user is not able to login with the old EEPC password. The user will be able to login with the default MDE password.
When we turn off the migration, the user is not able to login (I assume because EEPC is not supported with EPO 5.1.0.
The only explination I have is that during the migration process of EEPC to MDE the password of the user will be stored in memory that will be recognized and saved in this specific situation.
I think what you are seeing, is that MDE has not updated its policy store with the new EPO information - for a time, the old user definitions will persist (until they get flushed by the new EPO server) - while they are still there, the user can still use them.