Hi Adam,
I'm not aware of a way for the workbook to calculate any per-user discounts.
The same point would apply to the credit for windows events stored for each of your Defender for Servers assets.
I would just look at Cost Management to verify you're getting the credit.
Personally I don't recommend enabling the non-alert based logging for Defender for Endpoint unless my clients have corporate backing/compliance needs and are willing to pay for it.
From a security perspective I use the Defender portal for deeper threat hunts - I appreciate that if an investigation goes beyond 30 days you might need those logs.
There is a cost threshold where I recommend ADX if a customer needs those logs and the montly cost justifies the long term ingestion.
Hope that helps.