Hi,@MOIZ ARSHAD
Thanks for posting your question in the Microsoft Q&A forum.
You created a rule to bypass ATP, but one user received a "400 4.7.721 Advanced Threat Protection scan in progress".
From your description, we can know that the rules you created are effective for most users.
Here are my suggestions:
- Check if the Safe Attachments policy is enabled in your organization and applied to specific recipients. Safe Attachments launches a unique hypervisor to open attachments. This can cause delivery delays for each message that is evaluated by Safe Attachments.
- You can add the user's domain name and IP address to the whitelist.
- You can try creating a rule so that emails sent to this user bypass EOP.
- I found that someone has encountered this problem, you can refer to this URL: Delays when sending or receiving emails - Microsoft Community Hub