One way you could do this is to utilize profiling. You can then create a policy that authorizes MACs without forcing them to go against the MAR check.
On the other hand, if your MACs are joined to your domain then you can eliminate MAR and simply perform PEAP (machine) based authentication for both your MACs and Windows machines.
You could also create a special rule for MACs that authenticate via PEAP (User) based authentication
Hope this helps!
Thank you for rating helpful posts!