I can't confirm that this works but you could try and add a condition to the top of your Guest MAC Cache enforcement policy with:
Type: Authorization:[Insight Repository]
Name: Days-Since-Auth
Operator: GREATER_THAN_OR_EQUALS
Value: 20
and then assign the appropriate enforcement profile for that condition to have them re-register.