Hello @Pradeep N
Thank you for reaching out. I would like to confirm that this is a known limitation and design behavior for SSPR which is also documented on following as below: Enable Azure Active Directory self-service password reset at the Windows sign-in screen
"Hybrid Azure AD joined machines must have network connectivity line of sight to a domain controller to use the new password and update cached credentials. This means that devices must either be on the organization's internal network or on a VPN with network access to an on-premises domain controller."
I hope this helps and hence would request you to please "Accept the answer" if the information helped you. This will help us and others in the community as well.