Skip to content

Reporting on Update Status, BIOS Level, CVEs, and More

Azure Workbooks Icon

This post will walk through deploying a Remediation script that will collect data from specific Lenovo WMI classes using the HTTP Data Collector API. As a result, the data will be sent to a Log Analytics Workspace in Azure Monitor.

Warning

The HTTP Data Collector API will be deprecated on 2026/09/14

We can then create an Azure Monitor Workbook to report on the following data from your Lenovo devices.

This solution is not supported on ThinkBook

Update Installation Status

Lists all updates by package ID and title with their respective install statuses

UpdateStatus

UpdateStatus

UpdateStatus

BIOS Level and CVEs

Displays BIOS level information for each model and if the model is affected by any CVEs.

BIOS

BIOS

Battery Health Status

Lists all endpoints and health of their battery.

BatteryHealth

Warranty End Date

Lists the warranty end dates of all endpoints

WarrantyEnd

Prerequisites

The data gathered relies on Lenovo Commercial Vantage being installed on your endpoints.

For a step by step guide on how to deploy Commercial Vantage through Intune, refer to this blog article.

The following policies need to be enabled in order to create the WMI namespaces that will be inventoried, along with their respective classes

  • Configure System Update
  • Write warranty information to WMI table
  • Write battery information to WMI table

If these polices aren't enabled, the status will return as "Unavailable" in the workbook.

Required Files

  • Get-LenovoDeviceStatus.ps1

  • LenovoDeviceHealth.json

Download both files from our GitHub here.

Log Analytics Workspace

Assuming a Log Analytics Workspace has been created, you'll need the Workspace ID and Primary Key. This can be found under Agents management of your workspace.

LA-Workspace

Deploying the Remediation

Once you have Commercial Vantage installed and the necessary policies enabled on your endpoints, it's time to deploy the Remediation script to collect inventory. The script will install the Lenovo Device Management Module on the endpoint to help gather certain data, such as Available BIOS versions and CVEs.

Replace the $customerID and $sharedKey variables in the Get-LenovoDeviceStatus.ps1 script

  • Login to the Microsoft Endpoint Manager admin center
  • Navigate to Devices > Scripts and remediations
  • Click Create
  • Enter a name for the script and click Next
  • Browse to Get-LenovoDeviceStatus.ps1 for the Detection script file
  • Select Yes to Run script in 64-bit PowerShell and click Next
  • Assign to a group and set the schedule for the script package to run.
  • Create

As devices receive the policy, review the Device status blade to verify if devices don't have Commercial Vantage installed or the necessary policies enabled. You can review this by adding the Pre-remediation detection output column.

Reporting

You can check what data is being collected by looking at the Custom fields tab in Custom logs in your Workspace

CustomFields

Everything being inventoried here can be found on the device in the root/Lenovo WMI namespace under one of the following classes

  • Lenovo_Updates
  • Lenovo_Battery
  • Lenovo_Warranty

Adding the Workbook

Add the sample Workbook to your Log Analytics Workspace

  • Login to the Azure Portal
  • Go to Log Analytics Workspace > Workbooks
  • Click +New
  • Click the Advanced Editor button

LA-Workspace

  • Clear the contents and copy/paste the contents from Lenovo-DeviceStatus.json here
  • Click Apply

Happy reporting!