The LogonEsm ESM module verifies user credentials by contacting the Event Monitor service and asking it to invoke the configured Logon Provider. The default Logon Provider does a Windows LogonUser, usually against the domain. See the product documentation for more information about Logon Providers:
LogonEsm is also capable of obtaining Windows security tokens, which are distributed to SEP instances by the Event Monitors. This is required for the Enterprise Server for .NET user impersonation feature.
The LogonEsm ESM module has no required configuration. None of the optional configuration settings affect its behavior.
LogonEsm is an ESF interface to the Logon Provider mechanism which was added to Enterprise Server for .NET before ESF was available. Consequently, it has some optional configuration settings in machine.config. Some of these are processed by LogonEsm itself; others are used by the Event Monitor service or the Logon Provider. See the descriptions of these settings in the product documentation.