Which type of user can access resources but cannot perform any administrative tasks?

The correct answer identifies a "User" as someone who can access resources but is restricted from performing administrative tasks. In a typical Microsoft Intune or Azure Active Directory (AAD) context, a "User" account is designed for individuals who need to utilize services and resources, such as accessing applications, emails, or shared files, without having rights to make changes to the system or configuration settings.

This distinction is crucial for maintaining security and appropriate access levels within an organization. By limiting users to non-administrative roles, organizations can ensure that only designated individuals can alter settings, manage devices, or handle sensitive configurations, thus minimizing the risk of unintentional changes or security breaches.

Other roles, such as Service Administrator, Global Administrator, and Custom Administrator, are designed with varying levels of administrative privileges, enabling them to manage users, configure policies, and oversee the overall management of the environment. Therefore, individuals in these roles can perform tasks that a standard user cannot, highlighting the importance of understanding user permissions and the responsibilities associated with each role in Microsoft Intune and similar platforms.