What encryption technique involves storing only encrypted data in SQL Server?

The choice of Always Encrypted is accurate because this encryption technique specifically focuses on protecting sensitive data stored within SQL Server by encrypting the data at the application level. With Always Encrypted, the data is encrypted on the client-side before it is sent to the SQL Server database. This means that SQL Server never sees the unencrypted data, enhancing security and helping to mitigate risks associated with unauthorized database access or breaches.

Always Encrypted is particularly useful for protecting sensitive information, such as credit card numbers or Social Security numbers, ensuring that only applications with the appropriate keys can access and view the unencrypted data. The keys used for encryption and decryption are managed outside of SQL Server, ensuring that database administrators cannot access the sensitive data directly, which is crucial for compliance with regulations like GDPR and HIPAA.

While other encryption techniques might involve encrypting data stored at various granularities, such as entire rows or specific columns, Always Encrypted stands out as it ensures that data is always stored in an encrypted format, only revealing it to authorized applications upon proper authentication.