Onboarding Devices in ThinkShield Firmware Assurance
ThinkShield Firmware Assurance (TSFA) offers advanced firmware integrity monitoring and remediation before the operating system boots, fully integrated with Device Management. To create a Device Management account, you must have a Lenovo ID and receive an email invitation from Lenovo.
ThinkShield Firmware Assurance supports an automated process that simplifies the onboarding of devices into your organization. Any Lenovo Windows device can be automatically claimed on the ThinkShield Firmware Assurance platform by installing the TSFA provisioning package. After the admin account is set up, the Organization Admin can invite additional users and assign roles and permissions.
The setup is unique for the organization and must not be shared.
Automatically Adding Windows Devices
To automatically add a Windows device, select the appropriate onboarding method for your TSFA-enabled device. The installation package includes the TSFA agent and supporting files specific to the device architecture (x64 or ARM).
- Go to Device Management > Devices page.
- Click the ✚ Onboard Device button.
- Select OS type: Windows.
- Choose the onboarding method: Standard or ARM.
- Click Next.
Downloading Provisioning Pack Agent
Download the Lenovo Provisioning Pack for LDO to provision clients and download the agent.
Onboarding Devices
- Select the device(s) you want to onboard.
- Click Onboard Devices. This starts the claiming process, which may take between 5 minutes and 1 hour.
- From the dropdown menus, set the following:
- Installer Expiration: 7 days/30 days/60 days/90 days/365 days.
- Maximum Usage: 5K Devices/10K Devices/50K Devices.
- Select Download Installer.
- UDCSetup.exe will be downloaded. You can:
- Run it on the current device,
- Distribute it to multiple devices, or
- Save it to a USB drive for on-premises installation.
- Navigate to the folder where the installer was downloaded and run UDCSetup.exe as an Administrator.
- After installation is complete, the device will appear in Device Management > Devices within the organization portal.
- Once a TSFA license is assigned to a TSFA-enabled device, Device Management will begin monitoring firmware integrity and displaying TSFA status.
Troubleshooting
One of the most common issues users may encounter is a device remaining in a Pending status. To resolve this, try the following alternative solutions:
- Check network connectivity: Ensure the device is connected to the network.
- Verify license assignment: Confirm that the device has a valid assigned license.
- Check the BIOS version: If the BIOS is outdated, the device may not be able to install the required TSFA agent properly.
Related Articles
Managing Devices within TSFA
To access devices within your organization's portal, navigate to Devices Manager > Devices. Device Table The Device Table provides regular information pertaining to each device, such as Device Name and Type, Serial Number, License, etc. It also ...Supported Devices in ThinkShield Firmware Assurance
The following devices are currently supported in v25.07 2023 ThinkPad X1 Carbon Gen 11 (Type 21HM, 21HN) ThinkPad X1 Yoga Gen 8 (Type 21HQ, 21HR) ThinkPad X1 Nano Gen 3 (Type 21K1, 21K2) ThinkPad X13 Gen 4 & NEC (Type 21EX, 21EY) ThinkPad X13 Yoga ...ThinkShield Firmware Assurance Release Notes v.25.07 (07-29-2025)
Base Requirements for ThinkShield Firmware AssuranceThinkShield Firmware Assurance Release Notes v.25.02 (02-28-2024)
Component Subcomponent Release Version Availability Date · TSFA Cloud · TSFA Client · Optimization for device lookup · Events new definitions & parsing methods Refer to the Knowledge Base for more information 25.02 March 7, 2025 Base Requirements for ...ThinkShield Firmware Assurance Release Notes v.24.12 (12-13-2024)
Component Subcomponent Release Version Availability Date · TSFA Cloud · TSFA Client · On-Demand Measurements Release 24.12 is bringing up On-demand attestation allowing the Application to deliver our promise in terms of Firmware Assurance. This ...