What platforms does DeviceView support?

DeviceView supports Android, iOS, macOS, Windows, and Linux from a single platform. All platforms are included at no extra cost, including full unattended remote control for Android Enterprise corporate-owned devices.

How does DeviceView compare to TeamViewer?

DeviceView includes mobile support, SSO (SAML 2.0 and OIDC), and SCIM provisioning as standard features. TeamViewer charges extra for mobile device support, locks SSO behind its most expensive Tensor tier, and does not support Android Enterprise corporate-owned devices even through Intune integration.

Does DeviceView include SSO and enterprise identity?

Yes. SAML 2.0, OIDC, and SCIM provisioning are included in every DeviceView plan. There is no separate enterprise tier required for SSO or directory sync.

Is DeviceView HIPAA-ready?

DeviceView is designed for HIPAA-regulated environments. Privacy Mode blacks out patient-facing screens during remote sessions, preventing PHI exposure. Optional session recording with full audit logs including operator, device, and timestamp is available and exportable for compliance audits.

Does DeviceView support unattended Android remote control?

Yes. DeviceView provides full unattended remote control for Android devices, including Android Enterprise corporate-owned (COPE and fully managed) devices. No end-user interaction is required to start a session.

What MDM and EMM integrations does DeviceView offer?

DeviceView integrates natively with Microsoft Intune, VMware Workspace ONE, SOTI MobiControl, Jamf Pro, and Samsung Knox. Remote view and control launch directly from your existing MDM console.

How does DeviceView handle session security?

DeviceView uses WebRTC peer-to-peer connections so sessions never route through DeviceView servers. Multi-tenant data is separated with cryptographic isolation. Every session is recorded with exportable audit logs.

Is DeviceView built for MSPs?

Yes. DeviceView supports multi-tenant environments with cryptographic isolation between tenants, making it suitable for managed service providers supporting multiple client organizations from a single platform.

Why does my remote control tool stop working after switching to Wayland?

Wayland prevents arbitrary applications from reading the framebuffer, capturing keystrokes, and injecting input, capabilities most X11-era remote tools depended on. On Wayland, those capabilities are mediated by the compositor through xdg-desktop-portal, typically with user consent. Tools that have not adapted to the portal model, or that require a logged-in user session for unattended scenarios, will appear to "stop working" on Wayland endpoints.

Can you remote into a Linux device running Wayland without a user logged in?

Yes, with the right tool. The two production paths in 2026 are (1) gnome-remote-desktop integrated with GDM for headless remote login, available on GNOME 46 and later; and (2) commercial enterprise platforms with system-level integration that provides the same operational shape with fleet management, SSO, MFA, and audit. Tools that depend on a logged-in user session cannot do this.

How do you remote control a Linux machine at the GDM login screen?

Using a tool that integrates with GDM at the system level. gnome-remote-desktop provides this natively over RDP, with system-wide credentials granting access to the login screen and per-user credentials granting access to the desktop after authentication. Several commercial platforms provide equivalent capability layered with enterprise identity, audit, and fleet management.

Can GNOME on Wayland be remote-controlled unattended?

Yes. gnome-remote-desktop (GNOME 46+) provides headless remote login via GDM. Several commercial vendors provide equivalent capability with enterprise tooling. The X11 fallback that earlier tools relied on is no longer available on GNOME 50 (Ubuntu 26.04 LTS, Fedora 44, and other distributions shipping GNOME 50).

Can KDE Plasma 6 be remote-controlled unattended?

Plasma 6 includes KRdp for Wayland RDP sessions, configurable via Settings, Networking, Remote Desktop. Plasma 6.7 retains an X11 session as well; Plasma 6.8 (October 2026) is Wayland-only. Specific unattended scenarios (login screen, post-reboot, headless) should be validated against the SDDM and KWin combination on the version you run; vendor support varies.

How does unattended Wayland access work after a reboot?

A reboot-resilient implementation is a system-level service operating independent of any user session. After the OS comes back up, the service is reachable; the operator authenticates, gets the greeter (or a configured headless target), and proceeds. Tools that store their unattended state inside a user session lose that state at reboot.

What happens to remote sessions when GNOME locks the screen?

When the screen lock activates, session-scoped portal interactions are typically disconnected. A remote operator may be dropped or restricted depending on the tool's design and the lock-screen integration. Implementations that operate at the system level rather than inside the user session can continue to function past lock; implementations that ride a per-session portal grant generally cannot.

How does unattended access work at the SDDM login screen?

SDDM is KDE's display manager. Reaching SDDM unattended on Wayland is the KDE analog of the GNOME GDM problem: a system-level component on the endpoint must be able to present the greeter and authorize an inbound operator without a user session. KRdp on KDE Plasma is one path. Vendor support for unattended at SDDM specifically should be validated per Plasma version.

Does Wayland allow screen sharing without user consent?

Not by default. The standard xdg-desktop-portal ScreenCast and RemoteDesktop flow surfaces a consent dialog and the user grants permission per session. The persistent session pattern (persist_mode + restore_token) lets an application skip the dialog after the first grant. System-level paths that are authorized at install time (for example, GDM-integrated remote login, or vendor system services) operate outside the per-session portal flow and have their own authorization model.

What is xdg-desktop-portal?

xdg-desktop-portal is a Freedesktop component that brokers requests between sandboxed and unsandboxed applications and the host system, including screen capture and remote desktop. Each desktop environment provides a backend implementation (GNOME's portal, KDE's portal, others). It is the standard interface through which Wayland applications request access to capabilities that the compositor would otherwise refuse.

What is the difference between X11 and Wayland for remote desktop?

X11 exposed framebuffer, input capture, and input injection to authenticated clients by default. Remote desktop tools used those primitives directly. Wayland places the compositor in charge of those capabilities; remote desktop is mediated through the portal, with per-session user consent or a sanctioned persistent-session pattern. The change improves desktop security and breaks the legacy unattended remote-control architecture; the modern unattended path is system-level integration with the display manager and the desktop environment.

Why hasn't every remote-support vendor solved this yet?

Two reasons. First, the upstream API for unattended remote desktop is still maturing: the persistent-session portal pattern works for some scenarios but does not cover login-screen and pre-reboot cases. Second, the alternative (proprietary integration with the desktop environment) is significant engineering investment that has to be maintained across major releases of GNOME and KDE. Vendors are at different stages along this work; the relevant question is which scenarios in your fleet are currently covered by the tool you have today.

Guide

Why Unattended Remote Desktop Is Hard on Wayland (and What Actually Works)

A practitioner-level explanation of the architectural change, why the workarounds are running out, and the patterns that actually work in 2026.

Why is unattended remote desktop hard on Wayland?

Unattended remote desktop is hard on Wayland because Wayland's display protocol places the compositor (Mutter on GNOME, KWin on KDE) in charge of screen capture and input. Capture and remote control normally require explicit user consent through the xdg-desktop-portal RemoteDesktop interface. Unattended IT support has no user present to consent. The login screen, post-reboot, and headless scenarios all hit this gap. Three patterns work today: the portal's persistent-session API, the GNOME headless remote-login service, and vendor-built system-level integration.

Last reviewed: 3 May 2026 · DeviceView editorial

Get the checklist Jump to approaches

Background

What changed between X11 and Wayland

X11 was designed in the 1980s for a model of trust that no longer applies. Any client authenticated to the X server could read the framebuffer of any other client, capture keystrokes anywhere on the system, and inject input events into any window. Most early Linux remote control software was a thin wrapper over those primitives. It worked because there was nothing in the protocol stopping it.

Wayland, designed two and a half decades later, made the opposite choice. The compositor (the process that draws windows on the screen) owns the display. Clients cannot read other clients' surfaces. They cannot inject input events into the system. They cannot capture the framebuffer or scrape pixels off the screen. Those capabilities are not turned off; they were never exposed.

The implications are mostly good: a malicious or compromised application running in a Wayland session cannot quietly keylog the entire desktop the way it could under X11. The implications for remote support are that the legacy remote-control architecture stopped working, and the replacement architecture is mediated by the compositor through xdg-desktop-portal.

The gap

Why attended Wayland is solved and unattended is not

Attended remote desktop on Wayland is a solved problem. The portal raises a system dialog, the user clicks Allow, PipeWire streams the frames. Unattended is fundamentally different: by definition, there is no user present to click the consent dialog. Make that constraint concrete and the whole shape of the problem shows up.

Login screen

At GDM (GNOME's display manager) or SDDM (KDE's), no user session exists. There is the display manager process and a login greeter, that is it. Most portal infrastructure that gates ScreenCast and RemoteDesktop runs inside a user session. There is nothing inside the greeter for an external client to talk to in the same way.

After a reboot

The endpoint comes back up at the greeter and stays there until someone logs in. Any tool that depends on a logged-in session has nothing to attach to.

Headless

Lab equipment, kiosks, signage, and some workstation configurations have no monitor at all. Tools that capture the compositor's output have nothing to capture if the compositor is not actually rendering to a real display.

Locked screen

When GNOME locks the screen, it disconnects most session-scoped portal interactions. A remote tool that was working may drop, and reconnecting is governed by the lock screen's own rules.

Out-of-hours work

A 3 AM patch run, an off-hours configuration push, or an emergency remediation cannot wait for a user to consent. The operational model assumes an absent user.

For everyday "share my screen" the attended portal model is the right design. For IT support the missing piece is a way to authorize unattended access organizationally rather than per-session.

Architecture

The greeter problem and the reboot problem

No user, no session, no portal

The greeter case is the cleanest test of whether a remote control tool actually solves Wayland or just papers over it. Three things have to be true: the endpoint must accept an inbound remote session while no user is logged in; the component has to coordinate with the display manager (which owns the greeter and the path to the user session); and the component has to be authorized by IT, identity-bound, and auditable. The first two items are an engineering problem. The third is an organizational consent problem, the same one the portal solves with a dialog, except it has to be solved at enrollment time on a known device by an IT team, not at session time on an unknown screen by an absent user.

The reboot problem

Tools that ride on a logged-in user session implicitly assume the session will exist by the time the operator wants to reconnect. On Wayland that assumption is wrong: a freshly rebooted endpoint sits at the greeter indefinitely, and any state the remote tool was holding inside the prior user session is gone. The honest fix is not "reconnect more aggressively"; it is "do not architect around a session that is not guaranteed to exist." A reboot-resilient unattended path is a system-level service that operates independent of any user session, plus a clean handoff into the user session once one starts.

Coverage

GNOME vs KDE: the solution is not one solution

There is no single Wayland remote desktop story. The compositor is the integration surface, and Mutter and KWin are independent implementations.

GNOME (Mutter)

GNOME 50, released March 18, 2026, removed the X11 backend from Mutter entirely; GNOME 50 sessions are Wayland-only. XWayland is still present, but a native X11 session is not. gnome-remote-desktop provides RDP and VNC, integrates with GDM for headless remote login (introduced in GNOME 46), and uses the Wayland portal for in-session capture.

KDE (KWin)

KDE Plasma 6.7 (June 2026) supports both X11 and Wayland sessions. Plasma 6.8, due October 14, 2026, drops the X11 session entirely; Plasma 6.8 will be Wayland-exclusive. Plasma 6.7 X11 session support is committed through approximately early 2027. KDE's RDP path for Wayland is KRdp.

Other compositors

Sway, Hyprland, Mir, and others each ship their own portal backend; behavior varies. Compositor-specific remote desktop pathways exist (e.g. xdg-desktop-portal-hyprland) but enterprise deployment is rare.

Because the compositor is the integration surface, "works on Wayland" without a compositor named is a marketing claim, not a technical one. Real coverage is per-compositor.

Options

What approaches exist today

Five approaches a Linux endpoint operator can take to unattended remote desktop on Wayland in 2026. Each works for some configurations and fails for others.

Force the X11 session

Set WaylandEnable=false in /etc/gdm3/custom.conf (GNOME) or the equivalent in SDDM, and the session boots Xorg. Most legacy remote tools start working again. GNOME 50 (March 2026) removed the X11 backend from Mutter; RHEL 10 dropped the Xorg server; Plasma 6.8 (October 2026) drops the X11 session. Force-X11 is still viable on older LTS releases and on non-default desktops (Xfce, MATE, Cinnamon), but for the default GNOME desktop on current LTS, it has stopped being viable.

Portal persistent session (persist_mode + restore_token)

An application calls SelectDevices with persist_mode set, the user grants permission once, and the application stores a restore_token. On subsequent connections it presents the token instead of going through a fresh consent dialog. The first session still requires user-side consent. Implementations vary in maturity. The token belongs to a user session, so login-screen and post-reboot, pre-login do not benefit.

GNOME headless remote login (gnome-remote-desktop + GDM)

Since GNOME 46, gnome-remote-desktop integrates with GDM to provide a graphical remote login over RDP. An RDP client connects, gets the GDM login screen, authenticates, and lands in a fresh GNOME session. Native to GNOME, shipping in current distributions. Does not provide fleet console, centralized identity (SSO, SCIM), MFA, RBAC at operator-and-device-group level, audit log shipping to SIEM, mobile console, MDM/UEM integration, or cross-platform parity with Windows and macOS.

Vendor system-level integration

Some commercial vendors have built proprietary integration with the Wayland desktop environment to deliver unattended access at the architectural level: independent of a logged-in user session, capable of presenting the greeter, and reboot-resilient. The trade-off is enterprise capability surface that gnome-remote-desktop does not provide on its own: SSO, SCIM, MFA, RBAC, audit, mobile, MDM hooks, cross-platform parity.

Switch desktop environment

Switching the default desktop from GNOME or KDE Plasma to Xfce, MATE, Cinnamon, or LXQt (most of which still ship X11 sessions in 2026) restores the legacy remote-tool path. Viable for some fleets (kiosks, embedded, lab) and a serious change-management cost for others. A strategic deferral, not a fix.

Evaluation

What IT teams should evaluate

A short checklist for a Linux desktop admin or endpoint engineer comparing options. Each item is a real failure mode someone has hit.

01
Greeter access on the actual default desktop
Not "supports Wayland" in marketing. Specifically: does the tool reach a GNOME Wayland endpoint at the GDM screen, or a KDE Wayland endpoint at SDDM, with no user logged in?
02
Post-reboot persistence
After a reboot, before any user logs in, does the remote tool re-establish operability, or does it require someone to log in first?
03
Locked-screen behavior
When GNOME or KDE locks the screen, does the operator's session continue, drop, or require re-authorization?
04
Headless support
If the endpoint has no monitor at all, does the tool produce a usable session?
05
Compositor coverage
GNOME (Mutter), KDE (KWin), and others are independent. What is supported on which compositors at what version range?
06
Consent and audit model
How is unattended authorization granted and revoked? Where does audit evidence live, and what does it contain? Is the model defensible to a security team and an external auditor?
07
OS-level authentication after the session is up
Does privileged work inside the session still go through PAM, the greeter, or polkit? It should.
08
Disable-Wayland or change-DE workarounds
Does the tool require setting WaylandEnable=false or moving the fleet off the default desktop environment? On current LTS releases that is increasingly unworkable.
09
Maintenance posture
GNOME and KDE ship every six months. Does the vendor track pre-release builds and document compatibility per major compositor release?
10
Identity, fleet management, and integration surface
SSO, SCIM, MFA, RBAC, audit log shipping, mobile operator console, MDM/UEM integration: included or out of scope?
11
Honest scope
A vendor that names which compositor versions are validated and which are not is more trustworthy than one with vague "Linux" copy.

DeviceView

How DeviceView handles it

DeviceView delivers unattended remote control of Linux endpoints running GNOME on Wayland (including the GDM login screen and after a reboot) on supported distributions. The agent operates independent of a logged-in user session and is authorized at enrollment, by IT, on a known device. The Wayland security model is preserved: per-app input isolation, no global keylogging surface, mediated screen capture. What changes is that the consent decision moves from the per-session end-user dialog to an IT-managed enrollment, governed by RBAC, MFA, audit logging, and optional session recording (a usage-based add-on).

DeviceView does not require disabling Wayland, switching desktop environments, or routing through XWayland. KDE Plasma is not in the same support tier today; refer to the Feature page for the current compatibility matrix. DeviceView does not publish implementation specifics; architectural disclosure is sufficient for evaluation, and deeper detail is available to customers under NDA.

For the supported environments matrix, security and consent model, and limitations, see Unattended Remote Control for Wayland Linux Devices.

Frequently asked questions

Where to go from here

Unattended Remote Control for Wayland Linux Devices

Verified compatibility matrix by distribution, display server, greeter, and scenario.

What is unattended remote control on Wayland?

Definition and mechanics, plus the three scenarios "unattended" has to cover.

What is Wayland remote desktop?

Components, mechanics, and how it differs from X11.

Vendor-specific deep dives on Linux Wayland support: TeamViewer, AnyDesk, Splashtop, ScreenConnect.