Merged PR 14828: add link to rbac blog

add link to rbac blog

windows/security/threat-protection/windows-defender-atp/machine-groups-windows-defender-advanced-threat-protection.md

@@ -15,7 +15,6 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 05/08/2018
 ---
 
 # Create and manage machine groups in Windows Defender ATP
@@ -34,6 +33,9 @@ In Windows Defender ATP, you can create machine groups and use them to:
 - Limit access to related alerts and data to specific Azure AD user groups with [assigned RBAC roles](rbac-windows-defender-advanced-threat-protection.md) 
 - Configure different auto-remediation settings for different sets of machines
 
+>[!TIP]
+> For a comprehensive look into RBAC application, read: [Is your SOC running flat with RBAC](https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Is-your-SOC-running-flat-with-limited-RBAC/ba-p/320015).
+
 As part of the process of creating a machine group, you'll:
 - Set the automated remediation level for that group. For more information on remediation levels, see [Use Automated investigation to investigate and remediate threats](automated-investigations-windows-defender-advanced-threat-protection.md).
 - Specify the matching rule that determines which machine group belongs to the group based on the machine name, domain, tags, and OS platform. If a machine is also matched to other groups, it is added only to the highest ranked machine group.
@@ -44,6 +46,7 @@ As part of the process of creating a machine group, you'll:
 >A machine group is accessible to all users if you don’t assign any Azure AD groups to it.
 
 
+
 ## Create a machine group
 
 1.	In the navigation pane, select **Settings** > **Machine groups**.