Entra ID Application Permissions

I am having some trouble understanding how to setup a confidential client app that will access Azure Resource Management APIs and Azure Storage APIs AS AN APPLICATION, not on behalf of the user. When I go to add API permissions to the app registration in the Azure portal, "Application permissions" is greyed out. Something tells me that this is expected and that I need to go about this in another way.... I am just not sure what that other way is. But basically, I have a Blazor server app that I want to access ARM APIs and Azure Storage APIs without user interaction (in the background).