Lesson 1: Create and Apply an Off By Default Policy
Applies to: 
SQL Server
Using Policy-Based Management policies, you can administer one or more instances of SQL Server, one or more instance objects, server instances, one or more databases, or one or more database objects. As the database administrator, you want to ensure that certain servers do not have Database Mail enabled. In this lesson, you will create a condition and a policy that sets that server option. You will test the server to see whether it complies with the policy. Then, you will use the policy to reconfigure the server to bring the server into compliance.
Prerequisites
To complete this tutorial, you need SQL Server Management Studio, and access to a server that's running SQL Server.
- Install SQL Server Management Studio.
- Install SQL Server 2017 Developer Edition.
Create the mail-off condition
In Object Explorer, expand Management, expand Policy Management, expand Facets, right-click Surface Area Configuration, and then click New Condition.
In the Create New Condition dialog box, in the Name box, type Mail Off.
- In the Facet box, confirm that Surface Area Configuration facet is selected.
- In the Expression area, in the Field box, select @DatabaseMailEnabled, in the Operator box select =, and in the Value select False.
- On the Description page, type a description of the condition, and then click OK to create the condition.
Create the off-by-default policy
In Object Explorer, right-click Surface Area Configuration, and then click New Policy.
In the Create New Policy dialog box, in the Name box, type Off By Default.
- Leave the Enabled checkbox unchecked. The Enabled checkbox applies to automated policies, and this policy will be executed on demand.
- In the Check condition checkbox, scroll down to the Surface Area Configuration area, and then select Mail Off as the condition to check.
- The Against targets box will be blank because this is a server-scoped policy.
- In the Evaluation Mode checkbox, select On demand as the evaluation mode.
- In the Server restriction checkbox, select None.
- On the Description page, type a description of the policy.
On the description page, you can provide a hyperlink to a Web page for your policies in the Additional help hyperlink area. In the Text to display box, type the text that will appear for the hyperlink.
- In the Address box, type a hyperlink to a Help page, such as the home page for the IT department of your company.
- To confirm the address by opening the Web page, click Test Link.
- Select OK.
Configure server to run off-by-default policy
In Object Explorer, right-click your instance of SQL Server, point to Policies, and then click Evaluate.
In the Evaluate Policies dialog box you can select policies from another instance of SQL Server or from a file. For this step, leave Source set to your instance of the Database Engine.
- In the Policies section, select the Off By Default policy.
- To see whether the server is in compliance with the policy, click Evaluate.
- In the Results area, you will see a green circle with a check mark if the Database Engine complies with the policy. You will see a red circle with an X if the Database Engine does not comply with the policy.
In the Target Details area, you will see additional information in the Message column if an error occurs. In the Message column, click View to see a report that contains the results of the check for each facet property that was checked.
The policy description is displayed at the bottom of the page, and the Additional help section displays the hyperlink that you have configured for the policy. Click the message hyperlink to open the Web page that you specified when you created the policy.
Close the browser, and then close the Results Detailed View dialog box.
If the server is out of compliance and you want to disable Database Mail, click Apply in the Evaluation Results page.
Close both the Results Detailed View and the Evaluate Policies dialog boxes.