If you’re using Microsoft Office 365 then please refer this solution which includes prescriptive recommendations for discovering, classifying, protecting, and monitoring personal data. This solution uses General Data Protection Regulation (GDPR) as an example, but you can apply the same process to achieve compliance with many other regulations as well.
In short this solution demonstrates how to protect sensitive data that is stored in Office 365 services.
Happy security solutions!!