Hi @tippet5x, great question! Thank you for starting this discussion in the Duo Community.
We recommend something like this that shows the number of enrolled users, the percentage of licenses those users consume, and the number of partially enrolled users (i.e., users who have a username in Duo but no 2FA device associated with their account).
It sounds like you might be looking to clean up users to free up some of your licenses. If that is the case, you might want to present the number of users who can be removed compared to your license count.
One place to start would be removing all users with a status of Disabled. This will help you narrow things down from three groups to two, so you are only dealing with fully enrolled and partially enrolled users. From there, you can determine whether to push the partially enrolled users to complete enrollment, remove them from the system, or leave them in if you wish.
How are you managing your users today? It sounds like you are using AD sync from what you’ve shared here. Do you have an offboarding process in place today to remove users from AD groups as they leave the company? This will help a lot with managing users and licenses going forward!