Some of your Members are using Office365 Advanced Threat Protection (ATP) to scan their email. This results in the server scanning incoming mail and links in the mail and LM cannot tell the difference between a mail being opened or a clicked by ATP and a real subscriber opening or clicking on mail. You want to know if there is a solution or workaround to this problem.
This is the expected behaviour for LM which is only designed to record the IP address of the client or server that clicked the link.
As a workaround, it can be possible to modify the 'url.tcl' script that handles clickthru URLs in the .../ListManager/tclweb/lib directory so that it ignores the IP addresses of the ATP servers. However, modifying the 'url.tcl' script is outside the scope of Support. For assistance, contact your Account Manager to get a quote to have our Professional Services Team craft a custom solution for you.