You can list all of the devices and sort out the IOS devices that should be allowed and explicity allow them
You can use the following Powershell commands to do that.
Get-ActiveSyncDevice | ft DeviceOS, DeviceUserAgent, DeviceID, DeviceType, UserDisplayName
This command will list the devices and the information you need to sort them out.
Then you can add a rule to only allow DeviceID's that have been approved by an admin.
Set-CasMailbox username ActiveSyncAllowedDeviceIDs xxxxx1,xxxxx2
You can chose to put the rest of the Devices into Quarantine.
There are 3:rd party software that does this for you automaticly like PointSharp Mobile Gateway.