Bitlocker vs File Encryption for Cloud Files

To make sure your encrypted files are actually synchronized to the cloud, you need to place them inside your OneDrive* folder (or within any external folders that you’ve explicitly configured OneDrive* to sync).
- OneDrive* only uploads and synchronizes files that are located in its managed directories.
- If you encrypt a folder with EFS but keep it outside of OneDrive’s sync scope, those files will remain local and won’t be copied to the cloud.
- By moving the encrypted folder (or the files inside it) into your OneDrive folder, or by adding that folder to OneDrive’s “Manage backup” / “Sync external folders” settings, OneDrive will then synchronize the encrypted versions to the cloud.
- Remember: the files will stay encrypted, but to open them on another device you’ll still need to import the same EFS certificate.

So, make sure the folder is inside OneDrive’s sync scope — either directly in the OneDrive folder or added through the external folder sync option — otherwise it won’t be uploaded.

* I’m referring to OneDrive, but the same principle applies if you use NextCloud, Google Drive, Dropbox, and similar services.

Regards

JADM

**Hi!**  
These are two different protection systems, and their scopes are also distinct:

### BitLocker
- BitLocker encrypts the physical disk or local volume.  
- Its protection applies while the data is stored on that disk.  
- If someone steals the disk or boots the machine without the key, they cannot read the files.  

☁️ Files synchronized with OneDrive
- When a file is synchronized with OneDrive, it is copied to cloud storage.  
- That copy no longer depends on local disk encryption: it is stored on Microsoft servers under their own security mechanisms.  
- When accessing from another device, OneDrive delivers the file decrypted (because BitLocker encryption only applies to the original disk, not to the cloud copy).  
- Protection in this case depends on:  
  - Microsoft/Office 365 account credentials.  
  - Multi-factor authentication (MFA) if enabled.  
  - Encryption in transit and at rest applied automatically by OneDrive.  

### Properties > General > Advanced > Encrypt Contents (EFS)
- EFS encrypts individual files and folders on an NTFS volume.  
- The encryption is based on a certificate and private key associated with the Windows user who performed the encryption.  
- Only that user (or anyone with the exported/imported certificate) can open the file on that machine.  

### ☁️ What happens when synchronizing with the cloud (e.g., OneDrive, Google Drive, Nextcloud)
- When a file encrypted with EFS is synchronized or copied to the cloud, it is uploaded already encrypted.  
- On another device, when downloaded, the file remains encrypted.  
- To open it, that other device must have the same EFS certificate imported into the user profile.  
- Without the associated private key, the file will appear unreadable or inaccessible.  

Hope this was helpful.

JADM