I have the Intel Management Engine software on my computers. The user version does not do much. It has been on my Intel computers for well over a decade.
I keep IME Software and Firmware updated via Lenovo Updates and it does not cause any issues at all. If you are perceiving issues with it, try updating it and BIOS also. IME on my computer here.
IME Software: 2112.15.0.2221
IME Firmware: 11.8.83.3874
Here is a very interesting and informative background article the Intel Management Engine Software. The article goes into some explanation of how it is implemented and why it is not part of BIOS.
I think you would need the company software to manage users. I have not see company use of it in my small business consulting (up to 75 users) in the past 2 decades.
It would take some energy and skill to implement the company side. It is not a user tool to control the use of people's computers; it is designed to provide some control over company computer assets if it has been implemented.
Intel Management Engine
The Intel Management Engine (ME), also known as the Intel
Manageability Engine,[1][2] is an autonomous subsystem that has been
incorporated in virtually all of Intel's processor chipsets since
2008.[1][3][4] It is located in the Platform Controller Hub of modern Intel motherboards.
The Intel Management Engine always runs as long as the motherboard is
receiving power, even when the computer is turned off. This issue can
be mitigated with deployment of a hardware device, which is able to
disconnect mains power.
The Intel ME is an attractive target for hackers, since it has top
level access to all devices and completely bypasses the operating
system. The Electronic Frontier Foundation has voiced concern about
Intel ME and some security researchers have voiced concern that it is
a backdoor.
Intel's main competitor AMD has incorporated the equivalent AMD Secure
Technology (formally called Platform Security Processor) in virtually
all of its post-2013 CPUs.
The subsystem primarily consists of proprietary firmware running on a
separate microprocessor that performs tasks during boot-up, while the
computer is running, and while it is asleep.[7] As long as the chipset
or SoC is connected to current (via battery or power supply), it
continues to run even when the system is turned off.[8] Intel claims
the ME is required to provide full performance.[9] Its exact
workings[10] are largely undocumented[11] and its code is obfuscated
using confidential Huffman tables stored directly in hardware, so the
firmware does not contain the information necessary to decode its
contents
Several weaknesses have been found in the ME. On May 1, 2017, Intel
confirmed a Remote Elevation of Privilege bug (SA-00075) in its
Management Technology.[37] Every Intel platform with provisioned Intel
Standard Manageability, Active Management Technology, or Small
Business Technology, from Nehalem in 2008 to Kaby Lake in 2017 has a
remotely exploitable security hole in the ME.[38][39] Several ways to
disable the ME without authorization that could allow ME's functions
to be sabotaged have been found.[40][41][42] Additional major security
flaws in the ME affecting a very large number of computers
incorporating ME, Trusted Execution Engine (TXE), and Server Platform
Services (SPS) firmware, from Skylake in 2015 to Coffee Lake in 2017,
were confirmed by Intel on 20 November 2017 (SA-00086).[43][44] Unlike
SA-00075, this bug is even present if AMT is absent, not provisioned
or if the ME was "disabled" by any of the known unofficial
methods.[45] In July 2018 another set of vulnerabilities was disclosed
(SA-00112).[46] In September 2018, yet another vulnerability was
published (SA-00125).
