yes I agree it's easier with the MR than the MX because you can route to a landing page. Since the authentication happens first, you can assign the group to get a specific dhcp scope, provided you have windows server providing dhcp option 252. Then you can assign that subnet to a vlan in the MX. That is the long way but it is possible to use the MX and use the proxy, but not use the MX TO route to proxy if that makes sense.
Have you tried connecting to the setup.meraki.com or wired.meraki.com local config page? There is an option in many MX I have seen from MX64 and up for a proxy on this page. The install guide says this:
Web proxy settings
These settings take effect if the MX device has to fall back to using HTTP to contact the Cloud Controller. By default, web proxy is disabled. To enable web proxy, do the following:
When the WAN connection is fully enabled, Internet LED 1 will turn green.
Please note that all these settings below are accessible only via the local management console.
• Choose Web proxy > Yes.
• Enter values as appropriate for Hostname or IP and Port.
• If you require authentication, choose Authentication > Use authentication, and enter appropriate values for Username and Password
I also recommend you call Meraki support desk and if they don't have what you need then please submit a feature request as those are looked into.
Here is a guide to force proxy for MR wireless clients.
https://documentation.meraki.com/MR/Firewall_and_Traffic_Shaping/HTTP_Force_Proxy_on_MR_Access_Point...
You can also try a free proxy like squid which is much easier.
