Always Encrypted feature in SQL Server and Azure SQL Database allows to protect sensitive data like credit card numbers, social security numbers etc. It allows client applications to encrypt the data and the SQL Engine won't know anything about the encrypted keys. Like encryption, decryption also happens through the client application.
Always Encrypted supports 2 types of Encryption.
Randomized encryption - Encrypts data in a less predictable manner. More secure than deterministic but prevents using the columns in search, join, indexing and group by parameters. Note: With the release of SQL Server 2019 "Always Encrypted with secure enclaves" feature, now pattern matching, comparison operators and indexing are enabled on columns encrypted with Randomized encryption.
Also with SQL Server 2019 "Always Encrypted with secure enclaves", now you can use T-SQL to encrypt existing data without the need to move the data outside for encryption operations.