>A client wants to do encryption on database level (Transparent Data Encryption (TDE)).
>
>One question that comes up is, if we need to do any changes in our client application, or that is done only on the database without any need of adaptions on the queries or database connection?
>
>we are using SQLSTRINGCONNECT and SQLEXEC in VFP with the Standard SQL ODBC driver.

TDE is a pain to set up: it depends on a key that must be available at server bootup. Read through the setup procedure.

Always Encrypted is just that: it is encrypted always, even in sql server memory (I have no idea how they do that) right up to the ODBC driver, which does the decryption in your app. It is the safest and the easiest encryption procedure.

Hank