What is Asp.net Core 2.1 Identity's LockoutEnabled property actually for?

It is used to enable a user lockout for a specific period of time.
If you set LockoutEnabled to true and add a LockoutEnd date, you'll prevent that user from logging in again until after the LockoutEnd date is reached.
If only the LockoutEnabled flag is set to true, with no LockoutEnd date set, it just means that the user can be locked out, but is not locked out.

Once LockoutEnd has a future date then the user is considered locked out whether LockoutEnabled is true or false. LockoutEnabled is used when determining if the current user should be locked out such as when entering too many incorrect passwords. In other words, if LockoutEnd has a date in the future then the user is locked out, even if LockoutEnabled is false, .