Document classification and protection is too hard to start?

That's a true fact, if you think of the documents that you already have in your OneDrives and Sharepoint sites, the count is overwhelming. Many companies have hundreds of millions of documents in their repositories.

Classifying all those documents afterward is impossible that is true, but we have a approach for this that can be accomplished. Here it is in a simplified format:

1. First worry about future data, make sure that everything from day X gets classified together with lifecycle management
2. Define roles for services, allow needed exceptions and manage data lifecycle with needed policies
3. Classify only sensitive legacy data after some of it is already deleted by lifecycle activities and possible archive the rest

That is highly simplified, but the most important thing is to start classifying data, but not only with default label, prompt users about sensitive data and correct classification.

There are lot of tools in Microsoft Purview to tackle these problems, you just need to get to know them and align company data classification standards to capabilities of the toolset in use.