If you have your Windows client configured to do both User and Computer authentication, then the Windows client will always do both Machine and User authentication when the comptuer is rebooted.
Machine authentication will always come first. This usually occurs while you are sitting on the CTRL + ALT + DEL screen.
The machine authentication caching I believe is primarily used to avoid the issue of when users put their device to sleep. When the device of woken up, if the user is still signed in, then machine authentication does not take place. That is why the machine authenication is cached.
You can write an attribute back to the Endpoints database after a computer has successfully authenticated and use this attribute in your role mappings. This would mean though that each computer would need to perform machine authentication at least once.
I am sure there are more reasons why machine authentication is cached, I am just not entirely sure what they are.