Managing Devices within TSFA

Managing Devices within TSFA

To access devices within your organization's portal, navigate to Devices Manager > Devices.

Device Table

The Device Table provides regular information pertaining to each device, such as Device Name and Type, Serial Number, License, etc. It also provides some relevant information about its status and security.


Status
  1. Active: the device has been installed and provisioned with success, the device is licensed, and it is working and communicating correctly. 
  2. Pending: in many instances, this indicates that the device is unlicensed. More commonly, it indicates that the device hasn't completed the provisioning process. 
  3. Unsupported: the device embedded controller is not detected; this issue may arise if the device is older of from a different year or release.
Security Posture
Provides an overview of the device's security status.
  1. Healthy: indicates that no issues were detected during the boot process.
  2. Unhealthy: indicates that one of the subcomponents reported a problem or failure.
  3. Suspect: this status is triggered when there is uncertainty about a BIOS configuration update or a detected security issue, such as tampering with the machine. For example, tampering may occur when a device is sent for support and a component change is made, which can be expected. However, if a component is missing, indicating potential malicious intent, it would be unexpected and trigger the Suspect status.
  4. Uninitialized: indicates that communication between the UDC and the client is still ongoing.

Device Tray

The data shown in the table is also available in the Device Tray for each specific device. To access the Device Tray, click on the desired device. 


Device Details

This tab provides more detailed information, and other information such as device labels, BIOS details, name of the disk drives installed on the machine with firmware version. 
Please note that the device name is provided by Windows and reported by the UDC system; it cannot be modified.

Security Details

Provides details that can also be accessed through Windows, such as TPM status, antivirus status, encryption status, etc.



  1. BIOS Mode: Refers to whether the system is using Legacy BIOS or UEFI. UEFI provides enhanced security features and a modern interface compared to Legacy BIOS.
  2. Secure Boot Status: Indicates whether Secure Boot is enabled or disabled. Secure Boot ensures that the system boots using only trusted software, preventing malicious code from running during the boot process.
  3. Secured Core-PC Status: Shows whether the device meets Microsoft's enhanced security requirements, which include features like secure boot, virtualization-based security, and Trusted Platform Module (TPM).
TPM Status
  1. TPM Present: Indicates if a TPM chip is available in the system. TPM chips provide hardware-based security functions.
  2. TPM Ready: Shows whether the TPM is fully configured and ready to use.
  1. TPM Enabled: Indicates if the TPM is turned on and active.
  2. TPM Activated: Confirms that the TPM is activated and functioning.
  3. TPM Owned: Indicates if the TPM ownership has been established, allowing the system to use the TPM for security functions.
  4. Restart Pending: Shows if a system restart is needed for TPM changes to take effect.
  5. Locked Out: Indicates if the TPM is locked due to too many failed attempts to access it.
  6. Lockout Count: Shows the number of failed attempts before the TPM locks out.
Antivirus Status
  1. Name: The name of the antivirus software installed on the system.
  2. Status: Indicates if the antivirus software is currently enabled and active.
  3. Version: Shows the version of the antivirus definitions, ensuring they are up to date for effective protection against malware.
Drive Encryption
  1. Encryption Status: Indicates if the system's drives are encrypted, providing protection for data at rest. This can include details like the type of encryption used and whether all drives are fully encrypted.

Activity History

Displays information regarding what happened to the device and when. To export this information, click on Export. A .CSV file will be downloaded to your computer.
 

Device Lookup

To access this feature, you have two options:
  1. Click on the three-dot menu in the top right corner of the Device Tray and select Inspect.
  2. Navigate to Devices Manager > Device Lookup
Device Lookup provides similar information to the Device Tray but in a different format. Additionally, it includes extra details such as the UDC Agent Version and relevant operating system information, including Edition, Architecture, and IP Address.
Please refer to article Using Device Lookup for more information.

Creating and Managing Device Labels 

Labeling is a feature designed to streamline device management by applying customized tags. It facilitates organized device management by allowing users to categorize and group devices according to specific criteria. 

Labels can be easily created and assigned to devices, facilitating easy identification and grouping. For instance, in an organization with many devices spread across various locations or teams, labels such as 'Office 1', 'Office 2', etc., can be used for better organization.

Labeling offers several benefits, including the ability to manage devices in bulk, bookmark multiple devices using one or more labels, and categorize devices effectively.
This feature is available for LCP Admins, TSFA Admins (solution admin), Org admins and IT Admins. Any TSFA user can perform actions with labels created by other users.

Adding labels to a device from the Device List 

  1. Navigate to Devices Manager > Devices.
  2. Mark the check box of the device and press Label.
  3. Press the input field. The list of existing labels is displayed.
    1. Select labels from the list and add them to inpunt field, or.
    2. Simply write the name of a new label into the input field and press Create New.
    3. You can also delete existing labels
  4. Click Apply. The table displays the changes for the selected device.

Adding labels in bulk from the Device List

  1. Navigate to Devices Manager > Devices.
  2. Mark the check boxes of the devices and press Label.
  3. Press the input field. The list of existing labels is displayed.
  4. Select labels from the list and add them to input field, or 
  5. Simply write the name of a new label into the input field and press Create New.
  6. Select one of these options from the left drop down list:
    1. Add to existing: adds the new label without removing existing labels.
    2. Clear field: removes all the labels from the selected devices.
    3. Replace all: replaces all labels on the selected devices with a newly created/added label.
    4. Find and remove: click on the input field; a list of existing labels is displayed. You can select the labels to remove from the group of devices. 

Adding labels to a Device (or removing) from the Device Tray

The same action can be made through the Device Tray:
  1. Navigate to Devices Manager > Devices.
  2. Select the device. The Device Tray is displayed.
  3. Click the three-point menu on the top right corner.
  4. Select Edit.
  5. You can add labels to the input field, delete existing labels or simply write the name of a new label into the input field.
  6. Click Save. The table and the Device Tray display the changes for the selected device.

Adding (or removing) Labels from Device Lookup

  1. Navigate to Devices Manager > Devices.
  2. Select the device. The Device Tray is displayed.
  3. Click the three-points menu on the top right corner.
  4. Select Inspect. The Device Lookup window displays.
  5. Repeat steps 3 and 4 from ¨Adding (or removing) labels to a device from the Device List¨.
Only numbers, letters, dash, or underscore are allowed in label names.

Editing Labels

  1. Navigate to Devices Manager > Devices.
  2. Click on the three-point menu.
  3. Select Edit Labels.
  4. You can perform these actions:
    1. Rename label: mark the check box next to the label and rename it into the input field.
    2. Remove a label: mark the check box next to the label and click Remove Label.
    3. Remove more than one label: mark the check boxes next to the labels and click Remove.
    4. Merge labels: mark the check boxes next to the labels and click Merge. Enter a name into the input field. A successful message will be displayed.

Filtering information

You can filter devices using the Filter or the Search box. To use the Filter:
  1. Click Filter.
  2. Select a filter criteria from the left pane and mark the checkboxes corresponding to the criteria you wish to use for sorting.
  3. Click Apply.
To use the search box:  enter any parameter.

Exporting Devices

FirmwareShield enables the creation and export of a list of devices. 
  1. Navigate to Device Manager > Devices.
  2. Filter the devices according to any parameter.
  3. Click on the three-dot menu, then select Export Device List
  4. A .csv report is created and downloaded to your computer.

Onboarding Devices

You can onboard one or more devices to TSFA platform through the Device Management > Devices page > + , which will redirect you to the Onboarding menu. Please refer to Onboarding Devices in ThinkShield Firmware Assurance.


    • Related Articles

    • Using Device Lookup

      The Device Lookup page serves as a comprehensive information source, consolidating all data related to an individual device within the TSFA system. Designed to provide detailed insights, it facilitates the management and troubleshooting of devices. ...

    • Managing Licenses within TSFA

      ThinkShield Firmware Assurance (TSFA) operates on a device-based SaaS model. Licenses for TSFA can be purchased through standard Lenovo channels and applied to UDS / TSFA. Within the TSFA portal, administrators can view the organization's purchased ...

    • Creating and Managing User Groups

      Grouping users is helpful for managing a large number of users - typically by geography, department, or role. Creating User Groups Navigate to User Management > User Groups. Click ✚ Create Group button. In the Add group screen, fill in the group ...

    • Onboarding Devices in ThinkShield Firmware Assurance

      About ThinkShield Firmware Assurance ThinkShield Firmware Assurance (TSFA) detects and remediates firmware tampering and other security issues that could impact the security of your devices before the operating system boots. The ThinkShield Firmware ...

    • Adding and Managing Users in an Organization

      Before onboarding the devices, the Org Admin proceeds to add users to the organization. Adding Users to an Organization From the left navigation menu, go to User Management > Users > ✚ (Invite a User). You can invite users individually or in bulk by ...