Outreach Without Bans
· 11 min readSetting Up a Facebook Business Portfolio for Multi-Account Instagram (Without Risking Your Real Facebook)
The Facebook Business Portfolio is the hidden layer behind multi-account Instagram. Set it up wrong and one ban cascades — here's the operator's setup.
Joel House
Founder, Praecora
Published
Every multi-account Instagram operation that survives at scale has one piece of infrastructure most operators set up wrong: the Facebook Business Portfolio. Get it right and one ban stops at one account. Get it wrong and one ban cascades to your whole identity graph. Here's the operator's setup guide.
The Facebook Business Portfolio (formerly known as Business Manager) is the administrative container that owns your Facebook Pages and Instagram Business accounts. Every Instagram account connected to an outreach operation needs to be linked to a Facebook Page, which lives inside a Business Portfolio, which is administered by a Facebook personal account. If you've ever set up an Instagram Business account, you walked through this chain — whether you knew it or not.
The reason this matters: Meta's risk model reads the entire administrative graph. When Meta decides an Instagram account is suspicious, the consequences ladder up the graph — potentially affecting the Page that owns the IG, the Business Portfolio that contains the Page, and the personal Facebook account that administers the Portfolio. Architect this graph wrong and one bad incident kills everything. Architect it right and the blast radius is contained.
This piece is the operator's guide. We'll cover what a Business Portfolio actually is, how the cascade-risk works, the safe architecture for multi-account operations, and the step-by-step setup. We'll also be explicit about where this enters the gray-zone of Meta's terms and how to think about that honestly.
What a Facebook Business Portfolio actually is
A Facebook Business Portfolio is a top-level administrative structure that lets one administrator manage multiple Facebook Pages, ad accounts, Instagram Business accounts, and pixels in one place. It exists at business.facebook.com (now also rebranded as Meta Business Suite for some UI surfaces).
The hierarchy:
- Personal Facebook account — owns and administers Business Portfolios. One person can own multiple portfolios.
- Business Portfolio — the container. Owns Pages, ad accounts, and Instagram Business connections.
- Facebook Pages — the public-facing brand entities. Each Page can connect to one Instagram Business account via Instagram's "Connect to Facebook" flow.
- Instagram Business accounts — the public- facing IG entities. Each one is connected 1:1 to a Page.
For Meta to allow an Instagram Business account to send messages via the official Graph API (which is what GHL and tools like Praecora use), the IG account must be connected to a Facebook Page inside a Business Portfolio. There's no API access path that bypasses this. The portfolio is required infrastructure.
Why most setups are wrong (and what gets banned together)
The mistake we see operators make over and over: one personal Facebook account (theirs) administers one Business Portfolio that contains all of their Instagram accounts' Pages.
This setup is convenient — one login, one dashboard, one place to manage everything. It's also a single point of failure that takes down the entire operation when Meta decides something looks suspicious.
The cascade we've seen happen (and personally lived through before architecting around it):
- One Instagram account gets reported by a recipient — could be for any reason, often unrelated to anything that account actually did wrong.
- Meta's risk system flags the IG account for review.
- The flag escalates up the administrative graph. The Page that owns the IG gets reviewed.
- The Business Portfolio that contains the Page gets reviewed.
- The personal Facebook account that administers the Portfolio gets reviewed.
- If any link in that chain fails review, every entity beneath it gets restricted or banned.
When this happens, you don't just lose one Instagram account. You lose every Instagram account in that portfolio, every Page in that portfolio, the portfolio itself, the ad accounts attached to it, and — most painfully — the personal Facebook account that owned it. That last one matters because your personal Facebook may also be tied to legitimate things you care about (your real life, your real contacts, your real professional history).
One bad incident in a single Instagram account shouldn't be able to take out your personal Facebook. That's the entire architectural problem.
The safe architecture: per-scout alias portfolio
The architecture we run across Praecora-managed fleets, and recommend to any operator running this work seriously:
- One alias Facebook personal account per scout. Not the scout's real Facebook. A separate alias that exists specifically to administer their outreach portfolio.
- The alias administers one Business Portfolio. That portfolio contains 5–10 Facebook Pages, each connected to one Instagram Business account.
- Joel (or the operator) is added as a Partner with limited admin access. Not as the owner. As a secondary admin, so if the alias gets compromised, the operator can recover.
- The scout's real Facebook is never involved in this graph. Not as admin, not as Partner, not as anything. Their real identity stays untouched.
- Each Page-and-IG pair runs on its own cloud phone. See our piece on cloud phones for Instagramfor the device-isolation half of the architecture.
What this buys you:
- Cascade containment per scout. If something goes wrong inside one scout's portfolio, the damage is bounded to that scout's 5–10 accounts. It doesn't touch other scouts, doesn't touch Joel's identity graph, doesn't touch the company's main Facebook presence.
- Scout identity protection. The scout's real Facebook, real reputation, and real personal network are completely separate from the outreach operation. Even if the alias gets banned, the scout's career is untouched.
- Recoverability. Operator-as-Partner means if the alias FB gets compromised (forgotten password, locked out, etc.), there's a secondary admin who can re-establish access without going through Meta's frustrating account-recovery flow.
The 21-day alias Facebook warm-up
The single most-skipped step in this whole architecture is the alias Facebook warm-up. Brand-new Facebook accounts that immediately spawn a Business Portfolio and connect five Instagram Business accounts get banned within hours. Meta's risk system knows what a freshly-created-and-immediately- business-active account looks like — it's the canonical fingerprint of an abuse operation.
The defense: 21 days of looking like a real new Facebook user before doing anything business-related.
What "looking like a real new user" means, daily:
- Friend a handful of accounts each week. Aim for plausible people in the alias's stated city and demographic. Not high-profile accounts. Not obvious bots.
- Post 1–2 personal posts per week. Photo of food, a sunset, a meme. Boring is the goal. Don't post anything business-related.
- Like content from the new friends' feeds at the cadence a casual user would.
- Join 2–3 groups related to the alias's stated interests. Comment in them occasionally.
- Watch some videos, share an article occasionally.
- Don't message anyone. Don't create a Page. Don't open Business Manager. Don't connect Instagram. Just exist as a normal new Facebook user for three weeks.
On day 22, the alias creates the Business Portfolio. On day 23, the first Facebook Page goes up. On day 24, the first Instagram Business account gets created on its own cloud phone and linked to the Page. Then a standard 7-day IG warm- up before any DM goes out.
The setup, step by step
Once the alias FB has warmed for 21 days, the technical setup of the Business Portfolio takes about 30 minutes per scout. Here's the sequence:
Step 1 — Create the Business Portfolio
From the alias FB, go to business.facebook.com/create and create a new Business Portfolio. Use a generic-sounding business name (not the scout's real name). Provide a business email — use a Gmail or workspace email that's been active for months, not one created last week. Add a phone number that matches the alias's stated geography.
Step 2 — Add the operator as a Partner
Inside the new Business Portfolio, go to Settings → Users → Partners → Add. Use the operator's Business Portfolio ID (which they'll provide). Grant the operator's portfolio Admin access to this scout's portfolio, but configure permissions carefully — Admin is broad, but limit which specific assets the operator can touch.
This pairing means that if the alias FB gets compromised, the operator's portfolio still has admin access to everything in the scout's portfolio and can restore access.
Step 3 — Create the first Facebook Page
From the Business Portfolio dashboard, Add Assets → Pages → Create a new Page. Use a brand name that matches the alias persona's Instagram brand (e.g., the alias's curated music discovery brand). Add a profile photo, a cover photo, a short description. Don't connect any apps yet.
Step 4 — Create the first Instagram Business account on its dedicated cloud phone
On the dedicated cloud phone for this account, install Instagram, create a new account with the brand identity (matching the FB Page), and switch it to a Business account. Instagram will prompt you to connect to a Facebook Page — choose the one you just created. The connection is now live.
Step 5 — Connect via GHL or Meta Marketplace App
For Praecora's stack (and any GHL-based stack), this is where you install the marketplace app onto the scout's GHL sub-account, then complete the Instagram OAuth flow from inside GHL. The OAuth flow walks through Facebook permissions to grant the marketplace app access to the Instagram Business account. Once complete, the API integration is live.
Step 6 — Repeat for accounts 2 through 5–10
Each additional Instagram account gets its own dedicated cloud phone, its own Page inside the same portfolio, and goes through the same connection flow. Spaced out over a week or so to avoid creating five Pages in one day, which is itself a slightly suspicious pattern.
Common mistakes to avoid
Don't use your real Facebook to administer
The single biggest cause of operator pain we've seen. Your real Facebook is connected to your real life, your real professional network, your real ad accounts for legitimate uses, your real ad spend history. Don't let one Instagram report ladder up the graph and destroy any of that. Use an alias.
Don't put multiple scouts under one portfolio
Same logic as above, but at the team level. If Scout A's portfolio includes Scout B's Pages and IG accounts, then a ban on one of Scout A's IGs can take out Scout B's accounts too. Each scout gets their own portfolio. Operationally slightly more overhead, structurally much safer.
Don't skip the alias FB warm-up
Brand-new Facebook accounts that immediately create Business Portfolios get banned within hours. The 21-day warm-up isn't optional. We've tested shortcuts (sometimes paid in lost accounts to test them). Three weeks is the floor.
Don't reuse the same address or phone number across portfolios
Each alias FB and Business Portfolio should have a unique email and phone number. Recycling means Meta sees the relationship between portfolios at the contact-info level — which defeats the per-scout isolation we just built.
Don't enable two-factor with the same phone number across multiple aliases
2FA is good. 2FA with shared phone numbers is identity-graph leakage. Use a different number for each alias's 2FA, or use authenticator apps (which don't share the phone-number association).
What happens when Meta does flag something
With the alias-portfolio architecture in place, the typical incident looks like:
- One Instagram account gets banned (per the standard ~1/quarter base rate we see)
- The other 4–9 IG accounts in the same portfolio keep running normally
- The Page connected to the banned IG may or may not be restricted
- The Business Portfolio is unaffected
- The alias Facebook is unaffected
- The scout's real Facebook is completely untouched
Recovery: provision a new cloud phone, create a new IG Business account on it, link to a new Page in the existing portfolio. ~10 days from incident to back online. The operation as a whole doesn't notice — the other accounts keep producing, and one slot rotates back in.
The bottom line
The Facebook Business Portfolio is the most-overlooked piece of multi-account Instagram infrastructure. Operators who set it up correctly — alias FB per scout, dedicated portfolio per scout, operator-as-Partner for recoverability, 21-day warm-up before going live — survive at scale. Operators who let their real Facebook be the admin watch one bad incident destroy years of work.
For the broader multi-account architecture (cloud phones, IP isolation, the four-layer fix), see multiple Instagram accounts: the 2026 playbook. For volume math (how many DMs per account per day, why fleet-level scaling is the answer to per-account ceilings), see Instagram DM limits in 2026. Or, if you'd rather not set up the alias-FB-and-portfolio architecture yourself, Praecora handles it end-to-end as part of onboarding — book a 20-minute demo and we'll walk you through what a managed fleet's portfolio structure looks like.
The herald that carries your message
Stop sending DMs. Start closing deals.
Praecora carries personalized Instagram and email outreach to every artist worth knowing — at a volume no human can match, with the care no bot can fake. ~30 minutes of your time per day. The rest runs itself.
Keep reading
More from the Praecora field guide
Outreach Without Bans
How to Run 7 Instagram Accounts Without Getting Banned: The 2026 Playbook
Most multi-account Instagram setups collapse within 90 days. The four structural fixes that keep an account fleet alive for 12+ months.
14 min read
Outreach Without Bans
Cloud Phones for Instagram Outreach: GeeLark vs BitBrowser vs Multilogin (2026)
The best antidetect "browser" is now a cloud phone. How GeeLark, BitBrowser, and Multilogin compare for scouts running 5+ Instagram accounts in parallel.
12 min read
Outreach Without Bans
Instagram DM Limits in 2026: How Scouts Send 140 a Day Without a Ban
The 200/hour API cap is the floor, not the ceiling. The real limit is what Instagram's spam model tolerates by account age — with the volume math.
10 min read
