@Ravikiran S Thanks for reaching out.
In order for Microsoft / Azure AD to detect any leaked credential, Microsoft must have some way of knowing the users password. Mind you this is not actual password but the hash of password which is synced from password hash sync process which does a 1000 iteration of HMAC-SHA 256 of the password before it is sent to AAD.
While investigating the leaked credential Microsoft acquires username/password pairs by monitoring many websites which leaks users data, Dark Web.
Many trusted sources are used to get these data.
When our service has access to those data, they are run with the same hashing algorithm and are checked with Azure AD users password hashes, if there is a match it is raised as leaked credential.
Since we have access to password hash only in case of Password hash sync and not the Pass through authentication, that is why leaked credential is possible only case of PHS.
-----------------------------------------------------------------------------------------------------------------
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.