wcroteau thank you for the great questions. Wordfence is pretty aggressive with its restrictions and I'm not surprised to hear that there is some incompatibility. In the past, I've got few support tickets where Wordfence was blocking AAM ajax calls but I haven't heard about blocking view/edit multiple roles. If you can outline step-by-step how to replicate this issue, I'll be more than happy to check this.
2FA is a different story. In the next AAM release 6, I'm planning to either add 2FA or partner with other plugin developers to integrate it. There are quite a few free and good 2FA plugins so I'll make my choice within next month or so.