If your Windows devices are getting stuck in a “Pending” state while onboarding to Intune using Hybrid Entra ID Join, you’re not alone. Many admins run into this issue when devices show as “Entra Registered” but never progress to “Hybrid Joined.”
Why Devices Get Stuck in Pending
When devices appear as Entra Registered but don’t complete the Hybrid Join process, it usually means the device registration on the local machine hasn’t finished or failed silently.
Common causes include:
- Network or proxy issues blocking Microsoft registration endpoints.
- Automatic Device Join scheduled task not running or failing.
- Stale Workplace Join artifacts preventing new registration.
- OU sync misconfigurations in Entra Connect.
- Group Policy errors in MDM auto-enrollment settings.
1. Check Device Registration Status
On the affected device, open Command Prompt as Administrator and run:
dsregcmd /statusLook for these values:
| Parameter | Expected |
|---|---|
| DomainJoined | YES |
| AzureAdJoined | NO |
| WorkplaceJoined | YES (means partial registration) |
If the device shows “YES” for DomainJoined but not AzureAdJoined, it’s likely stuck during registration.
2. Confirm Network Access to Microsoft Endpoints
Ensure the device can reach these URLs:
https://enterpriseregistration.windows.net
https://login.microsoftonline.comTip: Some corporate networks or SSL-inspection proxies may block device tokens. Allow direct HTTPS access or add these endpoints to your firewall’s allowlist.
3. Manually Re-register the Device
If the device is stuck, unregister and re-join it manually:
dsregcmd /leave
dsregcmd /joinThen reboot the system and check again using:
dsregcmd /statusThe device should now show as Hybrid Joined.
4. Verify the Automatic-Device-Join Task
Open Task Scheduler →Microsoft → Windows → Workplace Join
Confirm the Automatic-Device-Join task runs without errors.
If needed, right-click → Run to execute it manually.
Note: This scheduled task triggers the actual hybrid registration. If it never runs, the device will stay in “Pending.”
5. Review Group Policy for Auto-Enrollment
Check your Group Policy settings under:
Computer Configuration >
Administrative Templates >
Windows Components >
MDM >
Enable automatic MDM enrollment using default Azure AD credentialsMake sure it’s Enabled and applies to the correct OU that contains your devices.
6. Confirm OU Sync Scope in Entra Connect
Devices located in OUs that aren’t included in the Entra Connect sync scope won’t complete registration.
Open Microsoft Entra Connect, review Organizational Unit filtering, and ensure the affected device’s OU is included.
7. Check Event Logs for Registration Errors
Go to:
Event Viewer >
Applications and Services Logs >
Microsoft >
Windows >
User Device Registration >
AdminLook for Event IDs 304, 307, or 404 — these often reveal why registration failed (e.g., token expired, connection blocked, or sync delay).
8. Validate System Clock and Certificates
A time mismatch of over 5 minutes can invalidate device tokens.
Ensure system time matches domain time and that device certificates (under certmgr.msc > Personal > Certificates) are valid.
9. Final Verification
After all checks:
- Run
dsregcmd /statusagain. - Confirm:
- DomainJoined: YES
- AzureAdJoined: YES
- Device State: Hybrid Joined
- Verify the device appears under Microsoft Entra ID → Devices with Join Type = Hybrid Azure AD joined.
If your Hybrid Entra ID devices are stuck in a Pending state, it’s almost always due to local registration issues — not cloud sync. A quick manual re-registration and verification of network, GPO, and sync scope usually resolves it.
Read More:
- How to Fix “Connection to Server Not Supporting” in Windows 11
- Fix: Can’t Turn On Network Discovery in Windows 11? Here’s How
- Fix “Something Happened to Your PIN” Windows Sign-In Error
- Fix Azure Login Error AADSTS5000225: “Sorry, We’re Having Trouble Verifying Your Account”
- Fix Netflix Stuck at 540p – Play Netflix in High Resolution
- Fix: Installation Failed in the SAFE_OS Phase Error (0xC1900101)
- Fix: Intel Extension 2.1.10105.19 update keeps reinstalling
- How to Fix Windows 11 25H2 Search Not Working After Update
- Fix: Enter Old PC Name in Windows Backup During File Transfer
