Hi Hagai,
I believe Windows Compliance by Computer report (Reports > Software > Patch Management > Compliance > Windows > Windows Compliance by Computer) should cover most of your requirements.
You can drill down there to see what updates are missing for specific endpoint, etc.
I can also recommend these two sources of Best Practices information:
https://knowledge.broadcom.com/external/article/180589/configuring-patch-management-for-windows.html
https://community.broadcom.com/groups/communities/community-home/librarydocuments/viewdocument?DocumentKey=c456cf8b-5071-4345-b108-63ef1091bd7a&CommunityKey=e3ce2616-e75e-43d4-8476-4abffe9fe2e5&tab=librarydocuments
Thanks,
Dmitri.