DH Group 14 is minimally required for PCI compliance, but the required encryption level by MacOS (AES-256) is not enabled on the MX for client VPN. Upon request, Meraki support can switch client VPN encryption to DH Group 14 with AES-128 and SHA1-96 for PCI-compliant connections. This level of encryption is supported by Windows 10, but not by MacOS.
Since the MX appliance supports AES-256 for site-to-site VPN, it looks like Meraki made a choice not to support this key length for client VPN.
Bottom line: Meraki MX currently does not support PCI-compliant client VPN for MacOS. If you need this, send your wish to Meraki, or find a third-party MacOS VPN client.