As I understand it, the MA gets the machine's IP address locally and passes it over to ePO, rather than ePO polling the endpoints and waiting for the answer. As the endpoint connected to a home router wont always see it's public-facing IP (without router reconfiguration anyway), it will only have the local IP it is allocated to report back to EPO.
With some tinkering you could get the routers/endpoints to get the public IP and report it back, but that would be a lot of reconfiguration on a lot of different router types (and not to mention various privacy matters and potential issues with the end user's ISPs having their IPs published if the users are connecting over their own internet connections and not a business-provided one)
TL;DR - it's potentially more work than it's worth.
Ok that is what I was afraid of that the agent is just reporting what it can see from say the ipconfig and it isn't like the ePO is seeing where the https connection for that machine is from during the time of reporting in and presenting that IP in the System Tree.