There are two type of Apple devices we account for: 1) iOS (iPhone, iPad, iPod Touch, etc), 2) non-iOS (traditional iPod's).
non-iOS apple devices are essentially Removable Storage, and that is how windows sees the device. We use a Removable Storage Device Rule to block writing to ALL Removable Storage devices (iPod, USB stick, memory card, etc).
We use a specific PnP Device Rule to block access to iOS Devices (can only block iOS, can not set to read-only), this doesn't effect traditional iPod's (the Removable Storage Rule controls those):
USB Class Code = 06h Image
VID = 05AC
Apple devices can be seen by Windows differently depending on if iTunes is installed or not installed, worth playing around with this and documenting your observations.