MAC addresses can be spoofed (google search 'spoof mac address') so from a security standpoint it is not really the best option. You can either go the client certificate route (but in this case you are authenticating the user, not the device) or the machine certificate route. The Machine Certificate check is available underHost checker > New Policy > Windows: Custom: Machine Certificate. You can restrict access to a subset Machine Certificate issued by a particular CA only (by installing the cert in Trusted client CA) or specific CA DN. Of course you need to issue and manage these certificates on the endpoints (wether they are user certificates or machine certificates). Other options are available too (e.g "hidden" registry check) but they are less secure as registry can be edited, if you know what you need in order to pass the host check.
... View more