If the device has a valid certificate, it will be able to connect - so the only way to achieve this would be to ensure that only "authorized" devices have the certificate. Regarding restricting exporting of device certificate, this may be something that you can acheive. Here is some information I found while looking this up:
Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!
Remember:
Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.
Want a reminder to come back and check responses? Here is how to subscribe to a notification.