Have devices that have certs generated and loaded. I want to add to my policy to make sure the endpoint id matches the mac address that's embedded in the cert subject name. Also the format is different as the id presented from the controller is in xx:xx:xx:xx:xx:xx format. the subject name ends with xxxxxxxxxxxx. I'm certain this can be done but not sure the best way to go about this from efficiency standpoint.