YES, it will work this way.
This is how Intel vPro is designed - it works at HW level (Out of Band).
You can also use System Defense - HW Firewall filters on Wired Interface to further block any access from/to OS over Wired AMT LAN interface in case end users will be allowed to re-enable Wired LAN in OS.\
(Note - System Defense requires Intel AMT being configured into Admin Control Mode!).
Please note that you may need to solve DNS settings as your OS LAN will interface will not register its IP in DNS, Intel AMT LAN will get its dynamic IP from DHCP and may register it with its configured FQDN in DNS but if AMT will share same FQDN with OS - OS WiFi interface may overwrite this pointer entry with WiFi IP.
You may use hosts file on management console (where VNC viewer runs) to overwrite it.
Note2 - To configure Intel AMT into Admin Control mode you will have to use Intel AMT Wired LAN being enabled for time and purpose of Intel AMT Configuration in OS or use USB Local Configuration.
Note3 - Free Real* VNC Viewer supports only RFB port (TCP 5900) which you have to enable in AMT Configuration and this port by design is not encrypted and is protected by exactly 8 characters strong password.
For production deployment (and better security) it is advised to use AMT Redirection port (TCP 16994/16995) that may be encrypted and uses AMT authentication (Digest or/and Kerberos).
I did quick check for you :
- configured Intel AMT 10 based platform (Intel NUC) using Host Based Configuration (into Client Control Mode)
- Disabled LAN interface in Windows OS and Configured WiFi interface + got it connected to the Internet.
- Connected to Intel AMT using Real* VNC Plus (60 day trial license) KVM Viewer and...
- Captured PC screen - see attached :
is it what you want to achieve?
Intel EMEA Biz Client Solution Architect