If this is a WDE only deplyolment, without 2Factor Auth, then SKM would be the best choice.
You can either migrate the existing keys manually or automatically. For the last one the challange is here that all keys that previously created on the different clients must 100% match the Key Settings in your consumer policy.
Also the USer must to to the full enrollment screen (no silent enrollment) where he does to pick his key in case he does have multiple ones.
If the existing Key does not match the policy, a new one will be created instead.
But for WDE only it does not matter because it will not be used for encrypting the disk if you don't use 2Factor-Auth (Smartcards/Token).
I had a similar challange at a WDE cusotmer where, we just created new keys instead using existing (self generated ones) and used silent enrollment.