So I know this fork of the thread derailed it quite a bit...I a curious, what is a single advantage to just encrypting a folder or three, versus FDE? What does it gain either the IT guy, and/or the end user? I can guess at one answer: For unmanaged, undocumented...residential users, who might lose their encryption key/ or never know it, if something needs repair, you can get to the whole drive (minus the encrypted vaults) since the entire drive isn't encrypted. But for a business, where things are managed, modern full disk encryption is not an issue, it's all documented, so we can always unlock things if needed.
I will say, years ago...pre SSD days, in the days of spindles, software full disk encryption wasn't fun, had a performance impact, and...spinner drives got beat on and easily corrupted...and encryption put so much load/stress on them they failed at higher rates. Back then we often used a centrally managed encryption product based on Checkpoint.
But these days, with Bitlocker being a VERY light load on drives, and with SSDs being all we do, with rock solid reliability, I've not had corruption increases from encryption. Just...no problems. And of course...we manage storing the encryption keys, so nothing is lost "if" needed.