Final answer:
To enable Windows Defender EG on Windows 10 devices via Microsoft Endpoint Manager, use a Device restrictions profile. This allows configuration of Windows Defender EG features including Exploit Protection and Attack Surface Reduction Rules.
Step-by-step explanation:
The type of device configuration profile you should use in Microsoft Endpoint Manager to enable Windows Defender Exploit Guard (Windows Defender EG) on Windows 10 devices is a Device restrictions profile. This type of profile allows you to configure security features on Windows 10 devices, including settings for Windows Defender EG, which is a set of host intrusion prevention capabilities such as Exploit Protection, Attack Surface Reduction Rules, and Controlled Folder Access.
To configure these settings, you would navigate to the Endpoint Manager admin center, select Devices > Configuration profiles, and then create a new profile by selecting Windows 10 and later as the platform and Device restrictions as the profile type. Within the profile settings, you can enable and configure the components of Windows Defender EG as required for your organization's security.