What's the difference between BitLocker Drive Encryption and Encrypting File System?

There are several differences between BitLocker Drive Encryption and the Encrypting File System. BitLocker is designed to help protect all of the personal and systems files on the drive Windows is installed on if your computer is stolen, or if unauthorized users try to access the computer. EFS is used to help protect individual files on any drive on a per-user basis. The table below shows the main differences between BitLocker Drive Encryption and EFS.

Encrypting File System (EFS)

BitLocker encrypts all personal and system files on the drive where Windows is installed, or on data drives on the same computer.

EFS encrypts individual files on any drive.

BitLocker does not depend on the individual user accounts associated with files. BitLocker is either on or off, for all users or groups.

EFS encrypts files based on the user account associated with it. If a computer has multiple users or groups, each can encrypt their own files independently.

BitLocker uses the Trusted Platform Module (TPM), a special microchip in some newer computers that supports advanced security features.

EFS does not require or use any special hardware.

You must be an administrator to turn BitLocker encryption on or off once it's enabled.

You do not have to be an administrator to use EFS.

You can use BitLocker Drive Encryption and the Encrypting File System together to get the protection offered by both features. When using EFS, encryption keys are stored with the computer's operating system. While these are encrypted, that level of security could potentially be compromised if a hacker is able to boot or access the system drive. Using BitLocker to encrypt the system drive can help protect these keys by preventing the system drive from booting or being accessed if it is installed into another computer.