Share via

Hybrid Entra ID devices stuck in “Pending” state

Eden 0 Reputation points
2025-11-10T05:46:32.79+00:00

I’m onboarding multiple Windows devices to Intune using Hybrid Entra ID Join. I created a group for automatic enrollment, and the first few test devices worked fine, but now most of the new ones are stuck in a “Pending” state.

They show as “Entra Registered” but never move to “Hybrid Joined.” It’s been a few days, and the status hasn’t changed. I’ve already verified that the devices are syncing through Entra Connect.

What could be causing the devices to get stuck in pending?

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Answer accepted by question author
  1. VEMULA SRISAI 1,970 Reputation points Microsoft External Staff Moderator
    2025-11-10T06:19:26.9633333+00:00

    Hello Eden,

    When devices show as “Entra Registered” but remain in “Pending” for Hybrid Join, it usually means the registration process hasn’t completed on the device side. Common causes include:

    • Device can’t reach Microsoft endpoints for registration (network/firewall/proxy issues).
    • Scheduled tasks like Automatic-Device-Join didn’t run.
    • Stale Workplace Join artifacts blocking re-registration.
    • OU sync scope or Intune auto-enrollment configuration issues.

    Next steps to check:

    1. On an affected device, run: dsregcmd /status
    2. Confirm DomainJoined : YES and whether AzureAdJoined is NO.
    3. Ensure the device can access:
      • https://enterpriseregistration.windows.net
      • https://login.microsoftonline.com

    If needed, trigger registration manually:

    dsregcmd /leave

    dsregcmd /join

    For detailed troubleshooting, see:

    Pending devices in Microsoft Entra ID

    Troubleshoot Hybrid Join

    You found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-10T05:46:47.6866667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Devices can get stuck in a "Pending" state during the Hybrid Entra ID Join process for a couple of reasons:

    1. Device Registration Process: A new on-premises device may be unable to complete the device registration process, which can happen if the device cannot connect to the registration service. This is often related to network connectivity issues or misconfigurations.
    2. Organizational Unit (OU) Changes: If the device object is moved to another OU that isn't included in the sync scope of Microsoft Entra Connect Sync, it may be recognized as deleted in the on-premises Active Directory. When the device is moved back to the correct OU, Microsoft Entra Connect Sync creates a pending device object, but the device fails to complete the registration process because it was previously registered.

    To resolve the issue, you can try the following steps:

    • Unregister the device by running dsregcmd /leave in an elevated command prompt and then restart the device. This will allow the device to reinitiate the registration process.
    • Ensure that the devices are correctly configured to connect to the registration service and that there are no network issues preventing this connection.

    If the problem persists, further troubleshooting may be required to identify specific connectivity or configuration issues.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.