What's the difference between BitLocker Drive Encryption and Encrypting File System?

There are several differences between BitLocker Drive Encryption and Encrypting File System (EFS). BitLocker is designed to help protect all of the personal and system files on the drive Windows is installed on (the operating system drive) if your computer is stolen, or if unauthorized users try to access the computer. You can also use BitLocker to encrypt all files on fixed data drives (such as internal hard drives) and use BitLocker To Go to encrypt files on removable data drives (such as external hard drives or USB flash drives). EFS is used to help protect individual files on any drive on a per-user basis. The table below shows the main differences between BitLocker and EFS.

BitLocker
Encrypting File System (EFS)

BitLocker encrypts all personal and system files on the operating system drive, fixed data drives, and removable data drives.

EFS encrypts personal files and folders one-by-one and doesn't encrypt the entire contents of a drive.

BitLocker does not depend on the individual user accounts associated with files. BitLocker is either on or off, for all users or groups.

EFS encrypts files based on the user account associated with it. If a computer has multiple users or groups, each of them can encrypt their own files independently.

BitLocker uses the Trusted Platform Module (TPM), a special microchip in many computers that supports advanced security features to encrypt the operating system drive.

EFS does not require or use any special hardware.

You must be an administrator to turn BitLocker encryption on or off on the drive that Windows is installed on and on fixed data drives.

You do not have to be an administrator to use EFS.

You can use BitLocker Drive Encryption and EFS together to get the protection offered by both features. When using EFS, encryption keys are stored with the computer's operating system. Although the keys used with EFS are encrypted, their security still could be compromised if a hacker is able to access the operating system drive. Using BitLocker to encrypt the operating system drive can help protect these keys by preventing the operating system drive from booting or being accessed if it is installed in another computer.

For more information about EFS, see What is Encrypting File System (EFS)?