DataExchange and File Encryption on USB memory sticks/iPods

If you don't want files that a particular application write to a USB device to be encrypted, you can add that application to the "unhandled applications" list.

To do this, you have to create a new Device Protection policy that targets local storage devices, and from there you can set the "unhandled applications" field of the policy.  Try adding iTunes.exe, iTunesHelper.exe, iPodService.exe, and AppleMobileDeviceService.exe to the unhandled applications and see if that stops music copied to the iPod with iTunes from being encrypted.

I'm guessing that you will have to do something similar with Blackberry devices, although in my organization we have quite a few Blackberry devices, and I haven't heard any complaints about not being able to synchronize.

Many thanks for the heads-up on "Unhandled Applications".

As you've mentioned, it has to be Local Storage Devices policy, but we're targeting "Local Storage Devices/Removeable Media" and as such you can't add any applications as the option is greyed-out.

If I use a global Local Storage Device policy, then all drives inc. local and removable will be affected, no? (which is not something we want).

Create a policy targeting Local Storage Devices, and set encryption to "No Encryption".  When you create a policy group (or apply the policies to an OU), make sure that your Removable Media and Hard Disk encryption policies have higher priority, so it will override the "no encryption" in the unhandled applications.

You can double check the policy setup with the Resulting tab on the management console.  You should see both a "Local Storage Devices" tab and "Removable Media" tab, and in the "Removable Media" tab, the default value of the unhandled applications field should have gone from being "not configured" to "iTunes.exe, ..."