I'm not sure if you can do this via policy managment. IMO access to a database should be a part of a well thought out security configuration, and I don't think that fully falls under policy managment, but I guess it's a grey area.

Ideally though only application service accounts and a select few users (if any) should have access to the database server. This way the majority of users don't have direct access and your problem of users connecting to the database by other applications becomes moot.