To have the most accurate reporting would require a few things The first is that you will need to have the agent machines that are not onsite use a policy that allows for a sync with the protect cloud. Part of that requires that your console be setup to sync with the protect cloud. That will allow you agents to report their results to the cloud that acts as a relay and your console will pull that sync information periodically to stay up to date. The next thing is that you would want to have a daily scan (agent policy with a new daily scan only task, and agentless for local machines without a policy) of all your machines this is to ensure that the most recent scan before any reporting is what is being reported on. You will be able to monitor and see if any machines have not scanned recently in the environment no matter how they are scanned (agent or agentless) in view machines and reviewing the last patch scan date column. Once this is done you can use the normal reporting process to create your needed reports as needed.
Even with all the above we can only report on the results we have collected so if a machine or group of machines are not scanning or reporting back tot he console for one reason or another the results will not be accurate. This is why monitoring machines that are not scanning is important. There are other tools that you can use to give a picture of the data we have in the database but this again will only be as good as the information we can collect from the machines in the environment. Please let me know if this has completely answered your question or if you have specific questions about any of the items mentioned. I have also included documentation below about the protect cloud and how it works along with how to setup and troubleshoot issues with the agents.
Protect Cloud Overview - FAQ
How To: Install and Use a Protect Cloud Agent
Protect Cloud Agent Information and Troubleshooting