There are several ways you could look at achieving this.
To do it based on MAC address, change the default layer 3 firewall rule to deny all access. Then create a group policy to override this, and allow access. Then apply the group policy against the MAC addresses allowed access.
You could use iPSK per device instead (simpler, I think).
https://documentation.meraki.com/MR/Encryption_and_Authentication/IPSK_Authentication_without_RADIUS