How exactly are you performing the migration? Are you keeping the same hostname on the machine?
What is likely occurring is that the machine object (LeafNode) in ePO is being removed. Users are typically assigned directly to the machine object and when the object is removed, the associations to that object are also removed. This includes Tags, policies assigned directly to the machine, and encryption users. If the user is not assigned to any other machine, the user is removed from the ePO database.
So to solve it, you will need to prevent the user from being removed from the database. The easiest way to do this is the create a machine in the system tree as a place holder and assign the domain users group to the machine. This may not be the best approach and really we would need know more about the environment and process to give a more targeted suggestion.
The users receive a new pc with a new computername, so the old w7 pc still exists in the EPO.
The W8 pc's do end up in a new OU in AD, but since we don't use the OU structure in EPO I'm puzzled as to how this could have any influence.
Both W7 and W8 pc's receive the same set of policies from the EPO.
Our helpdesk users are also affected, while their account exists on all our systems.