You can’t reduce IME, but you can disable it with the HAP bit, which seems to be confirmed working up to and including 11th gen intel.
Most people don’t buy CPUs with the vPro features, and without vPro IEM doesn’t include AMT. As fare as I know, all RCE exploits against IME have been in the AMT extension. If you have a CPU without ATM, I don’t think you need to reduce IEM, but I could be wrong on this.
This thread has a lot of info from the work dt-zero has done after corna stopped working on the project, but I also think real life work has forced dt-zero to stop working on the project.