The Dashboard is the main entry point to ThinkShield Firmware Assurance. It provides a centralized view of device fleet data through graphs and visuals, helping users quickly understand trends and key metrics.
Organizations with a ThinkShield Firmware Assurance (TSFA) license see TSFA-specific widgets directly in the Lenovo Device Orchestration Dashboard. There is no separate TSFA dashboard.
TSFA widgets provide visibility into device security posture distribution, trends over time, and detected incidents across devices. They are displayed automatically when a TSFA license
is present.
Secured Device Status
Displays the total count of devices across the organization, along with their status, indicating the onboarding state of each device.
Total Devices: displays the total count of devices in the organization.
- Active - The device is fully onboarded and provisioned.
- Pending - Provisioning is incomplete or has failed. The device is unlicensed or has not reported its provisioning status. This status indicates either the license has not been assigned yet, or there was an issue during onboarding or provisioning, requiring the user to onboard the device again.
- Unsupported - The enhanced embedded controller is not detected. The device lacks the hardware capability to report data for ThinkShield Firmware Assurance and will never report security data.
Fleet Security Health
Displays the total number of devices and their current health status (Security Posture). Uninitialized devices are reported as well.
Healthy - No issues detected.
Unhealthy - The device is reporting events but is not compliant..
Suspect - Potential risk identified based on event evaluation. Check the event log; a recent event might indicate a problem.
Uninitialized - The device is not reporting data.
The following events do NOT contribute to Security Posture status: Shutdown/Reboot event, System Boot event, Power On event.
Prevalence model summary
Displays the most prevalent security incidents across devices.
Incidents are considered prevalent when they exceed defined thresholds within a specified time period. This helps identify frequently occurring issues that may require attention. Click the small arrow to select a period of time.
Security Incident Details
Allows users to drill down into detected incidents across the FWS device fleet.
Table columns:
- Type - Type of incident detected in the fleet.
- Count - Total number of incidents of a specific type since the creation of the organization.
- New Incidents - Number of incidents detected within a selected time range. Default is 7 days. You can change it using the calendar.
Each row can be expanded to view additional details. Selecting a status redirects to the Incidents view.
Security Incident Trend
Displays trends for security incidents and security posture over time.
Users can:
- View data across predefined or custom time ranges
- Switch between incident and posture views
This helps identify patterns and changes in device security over time.
In the Security Posture view, the graph legend is clickable, enabling users to hide or unhide graphs by clicking on individual legend items.