Getting Started with TSFA

Getting Started with TSFA

ThinkShield Firmware Assurance (TSFA) evaluates device security posture based on events generated by devices.

TSFA can be used independently. A TSFA license is required to use TSFA functionality, whether it is used on its own or together with Lenovo Device Orchestration (LDO).

Before you begin:
  1. Onboard devices using the standard LDO process.
  2. Assign a TSFA license to each device.

Onboarding Devices

Device onboarding is the process of registering a device in the system so it can be managed and receive additional functionality. The onboarding process is the same as for LDO devices and is described in LDO > Device Management > Onboarding articles. 

After successful onboarding:
  1. The device appears in Device Management > Devices.
  2. The device is ready for license assignment.

Assigning Licenses to Devices

Assigning a TSFA license enables TSFA functionality on a device. Licenses are assigned and managed in Organization Settings > Organization Account.
Purchasing a TSFA license at the organization level does not activate TSFA automatically. You must assign the license to individual devices. For more information, see Assigning and Managing Licenses.

After assignment:
  1. The TSFA plugin is installed on the device.
  2. TSFA data becomes available, and the device status changes to Active.
  3. The device starts reporting firmware events from the BIOS and the embedded controller.

How TSFA Collects and Surfaces Device Data

Security events appear on the Issues and Errors tab on the Device Details page. To access these events, go to:  

Device Management > Devices > select a device > Device Details > Issues and Errors, and then select Security Events from the search box.

These events are processed using predefined rules to determine the device’s security posture. The system updates the posture automatically as new events are received. For more information, see Device Status and Security Posture.

TSFA device data is available in:
  1. The Dashboard, through TSFA-specific widgets.
  2. Device Management > Devices list, where you can view device-level TSFA information. To view detailed information, select a device to open the Device Details page.
For more information, see:




    • Related Articles

    • Troubleshooting TSFA

      TSFA device issues are typically related to compatibility, provisioning, or communication between the device and the system. Use the device status and security posture values to identify and troubleshoot these conditions. Device Status Issues BIOS ...

    • Getting Started with LDO

      Overview As the demand for more devices increases and the shift to the cloud accelerates, LDO offers a flexible, scalable solution for managing endpoints and applications across Lenovo Windows, Linux, and Android devices. Organizations can easily ...

    • Security Event Log Reference

      This document provides a structured overview of key security-related incidents logged by ThinkShield Firmware Assurance. Events are categorized based on their nature, severity, and potential impact. Each event includes a brief description, its ...

    • Using the Dashboard in TSFA

      The Dashboard is the main entry point to ThinkShield Firmware Assurance. It provides a centralized view of device fleet data through graphs and visuals, helping users quickly understand trends and key metrics. Organizations with a ThinkShield ...

    • Onboarding Linux (Ubuntu) Devices

      Device Management allows organization admins to Add Linux (Ubuntu) Edge or PC devices easily. Users can download the provisioning pack with the necessary files and apply to the devices. Any Lenovo Linux (Ubuntu) device can be automatically added to ...