For models that include Management Engine (ME) / Active Management Technologies (AMT); e.g. pro models such as i7-1185G7. By default this is enabled with the default password.
Boot to AMT
You must press F10 during boot to get to AMT screen. If this doesn’t work, it’s likely that Function lock (Fn+Esc) is not on. Turn it on or use Fn+F10.
Login
The default password is admin. Regardless of whether you use AMT or not, this must be changed or you face active real-world exploits.
AMT will immediately prompt for a new password; what it doesn’t tell you are the password requirements. Any password failing to meet these requirements will cause the password change to fail, with no additional information. You will not be able to disable AMT without setting a new password.
Constraints:
Minimum 8 characters
One uppercase character
One lowercase character
One number (0-9)
One symbol (!@#$% … etc)
Disable
Once logged in, I recommend disabling AMT unless you have an explicit need. Set AMT to disabled from the main menu, save and restart.
In Windows there is a way to disable AMT as well running a script. I saw it from Rob Braxman. As Windows is able to address AMT, it would be wise to disable it there as well.
Is the title of this post accurate? Disabling AMT is separate from fully neutralising the Intel ME backdoor. As this article says and the comments to it corroborate, ME continues to run after disabling AMT.