Security Center provides the multi-account control feature. The feature allows you to manage multiple cloud accounts and resource accounts of your enterprise. You can view the risks that are detected in the accounts on the Multi-account Control page. This topic describes how to use the multi-account control feature.

Prerequisites

Background information

Security Center can be integrated with the Resource Directory service of Resource Management as a trusted service. After Security Center is integrated with Resource Directory, you can use the management account of your resource directory or a delegated administrator account to add other Alibaba Cloud accounts of your enterprise to the resource directory of your Alibaba Cloud account for centralized management. You can also view the risks that are detected in the accounts of your enterprise on the Multi-account Control page in the Security Center console.

You can specify a member as a delegated administrator account for Security Center. After you specify a member as a delegated administrator account, the member is authorized by the management account of your resource directory to perform the following operations: access and manage the information of your resource directory in Security Center, and view the risks that are detected in managed accounts. The information includes the organization and members of the resource directory. For more information, see Management account and Manage a delegated administrator account.

Limits

Only the Enterprise and Ultimate editions of Security Center support this feature. If you do not use these editions, you must upgrade Security Center to the Enterprise or Ultimate edition before you can use this feature. For more information about how to purchase and upgrade Security Center, see Purchase Security Center and Upgrade and downgrade Security Center. For more information about the features that each edition supports, see Features.

Add a delegated administrator account

You can log on to the Resource Management console by using the management account of your resource directory to add a delegated administrator account for Security Center. For more information, see Add a delegated administrator account.
Note You can add a maximum of five delegated administrator accounts for Security Center.

Add accounts for centralized management

You can use the management account of your resource directory or a delegated administrator account to add accounts for centralized management.

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Operation > Multi-account Control.
  3. On the Multi-account Control page, click Add.
  4. In the Add panel, select an account from the Select account. drop-down list. Add
    Note The accounts in the drop-down list are the same regardless of whether you use the management account of your resource directory or a delegated administrator account.
  5. Optional:Select When a new account is created, the account is added to the list of managed accounts by default.. Newly created accounts are automatically added to the account list.
  6. Click OK.
    You can view the added account in the account list of the Multi-account Control page.

View the risks detected in an account

You can view the risks detected in an account that is displayed in the account list of the Multi-account Control page and manage the account by using the management account of your resource directory or a delegated administrator account.

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Operation > Multi-account Control.
  3. In the account list of the Multi-account Control page, view the risks that are detected in an account and manage the account.
    • View the risks detected in an account
      You can view the information about an account. The information includes the Security Center edition that is used by the account, the security score of the assets that belong to the account, and the details about the alerts and vulnerabilities that are detected on the assets. View the risks detected in an account
    • Manage an account
      • Click View to go to the Resource Directory page in the Resource Management console. On the Resource Directory page, you can view directory information about all assets, create members, invite members, or upgrade a resource account to a cloud account.
      • Click Delete to remove the account from the account list.