It constantly scans the domain controllers event log for login and logout events. Yes, the more users the more resources required. Now you know why Meraki publish a guide suggesting boxes based on the number of users. The more users the more RAM and CPU are required.
If you are worried about users changing their MAC and IP addresses then you are not going to be protected with either way. You probably need to deploy additional measures such as 802.1x, IP Source guard and dynamic ARP inspection at the switching layer (I'm not sure the Meraki line up have IP Source Guard and Dynamic ARP inspection available yet).