There is no GUI based option to achieve this however there is a way command line option to achieve this. GUI Option There is no way where Windows 10 can be configured to run only AH mode using IPsec policy configuration tab from firewall settings. At best that you can achieve is send AH Only proposal first followed by the ESP/ AH+ESP. and then server will decide which of this to use. However if any one still wants to configure "AH only" Please use power shell scripting for the same.

Power shell script options

Create a new quick mode proposal for AH only and add this in your quick rule settings as follows:

    $proposal_ah_only = New-NetIPsecQuickModeCryptoProposal -Encapsulation AH -AHHash SHA256 -ESPHash SHA256 -Encryption AES128 -MaxKiloBytes 100000 -MaxMinutes 480 

    Set-NetIPsecQuickModeCryptoSet -Name "{E5A5D32A-4BCE-4e4d-B07F-4AB1BA7E5FE2}" -NewDisplayName "Quick Mode Crypto Set" -PerfectForwardSecrecyGroup DH2 -Proposal $proposal_ah_only -PolicyStore PersistentStore

You need to run above commands in a power shell terminal with administrator rights.

Note : This will set AH only as your quick mode settings an can't be edited using the GUI based IPsec policy tab. With this settings Windows will send/accept only AH mode as valid IPsec protocol.