Microsoft is adding number matching and geographic and app context to Authenticator to defend against MFA fatigue attacks.
Government officials cited progress a year after Biden's executive order, but stressed that "there's more work to do."
A trio of problems caused by a software update in some of Microsoft's data centers led to a service outage for customers of the Azure Active Directory MFA service last week.
The flaw in Microsoft's Active Directory Federation Services lets an attacker use the same second factor to bypass multi-factor authentication for any account running on the same service. Microsoft has patched the flaw.
Pawn Storm (aka Fancy Bear) has been attempting to phish webmail accounts for many years now, targeting U.S. senators and political organizations across the world, according to a recent Trend Micro report.