This chapter covers Blob Storage Events with Event Grid, a critical integration pattern for building event-driven architectures on Azure. For the AZ-104 exam, understanding how to configure and troubleshoot Event Grid subscriptions for blob storage events is essential, as it appears in approximately 5-10% of storage-related questions (Objective 2.4). You will learn the internal mechanism of Event Grid, how blob events are published and delivered, the exact configuration steps, and common pitfalls tested on the exam. By the end, you'll be able to design resilient event-driven workflows using Azure Blob Storage and Event Grid, and answer exam questions with confidence.
Jump to a section
Imagine a large warehouse with thousands of storage bins. Each bin contains items, and the warehouse manager wants to automatically notify different departments whenever certain events happen, like when a new shipment arrives, when an item is moved, or when stock runs low. Instead of having employees constantly walk around checking bins, the manager installs sensors on each bin. These sensors are like Event Grid topics. When a bin receives a new item (Blob Created), the sensor sends a signal to a central switchboard (Event Grid). The switchboard has a routing table that matches each signal to a list of departments that need to know. For example, when a new shipment arrives, the switchboard instantly calls the inventory system (Azure Function) to update stock counts, sends a text to the purchasing department (Logic App) to confirm receipt, and logs the event in a ledger (Event Hub). The switchboard doesn't care what the departments do with the information; it just delivers the message reliably. If a department is busy or offline, the switchboard retries up to 24 hours before discarding the message. Importantly, the warehouse manager can configure which events trigger which notifications without changing the bins themselves—this is event-driven architecture. The bins (Blob Storage) are decoupled from the actions (event handlers). The switchboard (Event Grid) ensures each event is delivered to every subscriber that expressed interest, with at-least-once delivery guarantee. This is exactly how Azure Event Grid works: it's a fully managed event routing service that connects Azure Blob Storage events (and other Azure services) to event handlers like Azure Functions, Logic Apps, Webhooks, and more.
What is Azure Event Grid and Why Does It Exist?
Azure Event Grid is a fully managed event routing service that enables event-driven, reactive programming in the cloud. It decouples event publishers from event subscribers, allowing services like Blob Storage to emit events without knowing who is listening. Event Grid then reliably delivers those events to subscribers (handlers) such as Azure Functions, Logic Apps, Webhooks, or other Azure services. This eliminates the need for polling or custom message brokers, reducing latency and cost.
How Blob Storage Events Work with Event Grid
Blob Storage can emit events for operations like blob creation, deletion, or modification. These events are published to an Event Grid system topic (automatically created for the storage account) or a custom topic. The flow is: 1. An operation occurs on a blob (e.g., PutBlob, DeleteBlob). 2. Blob Storage generates an event and sends it to Event Grid. 3. Event Grid matches the event against all subscriptions (filters based on event type, subject, etc.). 4. Event Grid delivers the event to each matching subscriber endpoint. 5. The subscriber processes the event and returns an HTTP 200 OK to acknowledge receipt.
Key Components, Values, Defaults, and Timers
- Event Schema: Event Grid uses CloudEvents v1.0 schema by default. Each event includes id, topic, subject, eventType, eventTime, data, and dataVersion.
- Event Types for Blob Storage:
- Microsoft.Storage.BlobCreated – emitted when a blob is created or replaced (PutBlob, PutBlockList, CopyBlob).
- Microsoft.Storage.BlobDeleted – emitted when a blob is deleted (DeleteBlob).
- Additional types like BlobTierChanged exist but are less common.
- Subject Filtering: The subject field follows the pattern /blobServices/default/containers/<container-name>/blobs/<blob-name>. You can filter subscriptions by subject prefix or suffix (e.g., subjectBeginsWith: /blobServices/default/containers/images/).
- Delivery Retry Policy: Event Grid retries delivery for up to 24 hours (default) with exponential backoff. Maximum retry count is 30 (default). You can configure maxDeliveryAttempts and eventTimeToLive (in minutes, max 1440).
- Dead-Lettering: If delivery fails after all retries, events can be sent to a dead-letter storage blob container. This is configured per subscription.
- Filters: Subscriptions can filter by event type, subject, and advanced filters (e.g., blob size > 1 MB). Advanced filters support operators like NumberGreaterThan, StringContains, etc.
- Endpoint Validation: For webhook endpoints, Event Grid validates the endpoint by sending a validation handshake (HTTP POST with validationCode). The endpoint must respond with the validation code in the body or URL within 10 seconds.
Configuration and Verification Commands
To enable blob events, you don't need to enable anything on the storage account – it's automatic. However, you must create an Event Grid subscription. You can do this via Azure Portal, Azure CLI, or PowerShell.
Azure CLI Example:
# Create an Event Grid subscription for blob created events in a specific container
az eventgrid event-subscription create \
--name MyBlobEventSub \
--source-resource-id /subscriptions/{sub-id}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{account} \
--included-event-types Microsoft.Storage.BlobCreated \
--subject-begins-with /blobServices/default/containers/mycontainer/ \
--endpoint https://myfunctionapp.azurewebsites.net/api/triggerPowerShell Example:
New-AzEventGridSubscription `
-EventSubscriptionName MyBlobEventSub `
-ResourceId (Get-AzStorageAccount -ResourceGroupName MyRG -Name MyStorageAccount).Id `
-IncludedEventType Microsoft.Storage.BlobCreated `
-SubjectBeginsWith '/blobServices/default/containers/mycontainer/' `
-Endpoint https://myfunctionapp.azurewebsites.net/api/triggerVerification:
# List all event subscriptions for a storage account
az eventgrid event-subscription list --source-resource-id /subscriptions/{sub-id}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{account}
# Get details of a specific subscription
az eventgrid event-subscription show --name MyBlobEventSub --source-resource-id ...How It Interacts with Related Technologies
Azure Functions: The most common handler. A function can be triggered by Event Grid using the EventGridTrigger binding. The function receives the event payload and can process the blob (e.g., resize image, transcode video).
Logic Apps: You can use the "When a resource event occurs" trigger to start a workflow. Logic Apps provide built-in connectors for further actions.
Event Hubs: Events can be forwarded to Event Hubs for further stream processing with Azure Stream Analytics.
Storage Queues: Alternatively, you can use blob storage events to trigger a function that writes a message to a queue for decoupled processing.
Azure Automation: Events can trigger runbooks for automated remediation.
Internal Mechanism: Step by Step
Blob Operation: A client uploads a blob to a container. The storage frontend receives the PutBlob request.
Event Generation: The storage service internally logs the operation and publishes an event to an Event Grid system topic associated with the storage account. This happens asynchronously – the client does not wait for event delivery.
Event Routing: Event Grid receives the event, evaluates all subscriptions for that topic, applies filters (event type, subject, advanced filters), and determines which subscribers should receive it.
Delivery: Event Grid sends the event to each subscriber endpoint via HTTP POST. For Azure Functions and Logic Apps, the endpoint is an internal Azure URL. For webhooks, it's your public endpoint.
Acknowledgment: The subscriber must return HTTP 200-299 within 30 seconds (default timeout). If it fails or times out, Event Grid retries based on the retry policy.
Dead-Lettering: If retries are exhausted, the event is moved to the dead-letter container if configured.
Important Exam-Relevant Details
Event Grid is regional – events stay within the region unless you configure cross-region delivery via a webhook.
Latency: Events are typically delivered within seconds, but there is no SLA on delivery time.
Ordering: Event Grid does not guarantee order of events. If order matters, use a queue or Event Hubs with partition key.
At-least-once delivery: Subscribers may receive duplicate events. Handlers should be idempotent.
System topics vs Custom topics: Blob storage events use system topics (automatic). Custom topics are for your own custom events.
Event Grid vs Queue Storage: Event Grid is for push-based, real-time notifications; queues are for pull-based, ordered processing. The exam often compares these.
Create a Blob Storage Container
First, ensure you have an Azure Storage account (v2 or BlobStorage) and create a container. For example, create a container named 'uploads'. This container will hold the blobs whose events you want to capture. Use Azure Portal, CLI, or SDK. The container name must be lowercase and between 3-63 characters. This step is straightforward but often assumed in exam scenarios.
Identify the Event Handler
Decide what will process the event. Common handlers: Azure Function (EventGridTrigger), Logic App (Event Grid trigger), Webhook (public HTTP endpoint), or another Azure service like Event Hubs or Queue Storage. For the exam, Azure Function is the most tested. Ensure the handler is deployed and accessible. For webhooks, the endpoint must be publicly reachable and able to respond to the validation handshake.
Create Event Grid Subscription
Navigate to the storage account in Azure Portal, select 'Events' blade, and click 'Event Subscription'. Provide a name, select event types (e.g., BlobCreated), optionally filter by subject (container or blob prefix), and configure the endpoint. You can also use CLI or PowerShell as shown earlier. The subscription is created under the storage account's system topic. Note: The subscription endpoint must be validated within 10 seconds.
Test the Event Subscription
Upload a blob to the container (e.g., via Azure Portal, CLI, or SDK). Within seconds, the event should be delivered to the handler. Check the handler's logs to confirm. For Azure Functions, you can monitor Application Insights. For webhooks, check your server logs. If the event doesn't arrive, verify the subscription configuration and ensure the endpoint is healthy.
Implement Idempotent Processing
Since Event Grid guarantees at-least-once delivery, your handler must handle duplicate events. For example, if processing a BlobCreated event to generate a thumbnail, check if the thumbnail already exists before creating it. Use blob metadata or a database to track processed events. The exam may ask about idempotency patterns.
Enterprise Scenario 1: Automated Image Processing Pipeline
A media company uploads user-submitted images to Azure Blob Storage. They need to generate thumbnails and watermark each image automatically. They configure an Event Grid subscription for BlobCreated events on the 'images' container, with a subject filter for common image extensions (.jpg, .png). The event triggers an Azure Function (consumption plan) that reads the blob, processes it using ImageMagick, and writes the thumbnail to a separate container. The function is idempotent: it checks for existing thumbnail metadata before processing. At scale, they handle thousands of uploads per second; Event Grid can handle millions of events per second. A common misconfiguration: forgetting to filter by file extension, causing the function to be triggered for non-image files (e.g., .txt), wasting compute. They also configure dead-lettering to a storage container to capture failed events for later analysis.
Enterprise Scenario 2: Real-Time Log Archival
A financial services company needs to archive audit logs from multiple applications into Azure Blob Storage. Each application writes logs to a specific container. They want to be notified when new log files arrive to trigger a compliance check. They create an Event Grid subscription for BlobCreated events on the 'audit-logs' container, with the endpoint being a Logic App that validates the log format and, if valid, copies the blob to a long-term retention container with immutability policy. If validation fails, the Logic App sends an alert to the security team. The challenge: logs arrive in bursts, and Event Grid's at-least-once delivery causes duplicate validation. The Logic App uses a deduplication step (checking blob metadata for a processed flag). They also set maxDeliveryAttempts to 5 and eventTimeToLive to 60 minutes to avoid processing stale events.
Scenario 3: Multi-Tier Event Processing
An e-commerce platform uses Blob Storage for product images. When a new image is uploaded, they need to: (1) generate multiple sizes, (2) update a search index, (3) invalidate a CDN cache. Instead of a single handler doing everything, they create multiple Event Grid subscriptions (one per handler) all pointing to different Azure Functions. This decouples the processing and allows independent scaling. However, they must ensure idempotency across all handlers. A common issue: if the CDN purge function fails, the image may be served stale. They configure dead-lettering and a monitoring alert on the dead-letter container. The exam tests the concept of multiple subscriptions for the same event.
What AZ-104 Tests on This Topic
AZ-104 Objective 2.4: "Configure blob storage" includes sub-objectives on configuring event subscriptions for blob storage. The exam expects you to know:
How to create an Event Grid subscription for blob events (Portal, CLI, PowerShell).
The difference between system topics and custom topics.
Event types: BlobCreated, BlobDeleted.
Subject filtering (prefix/suffix).
Endpoint validation requirement for webhooks.
Retry policy and dead-lettering.
Comparison with other event-driven options (Queue Storage, Event Hubs).
Top 4 Wrong Answers Candidates Choose
"Event Grid guarantees ordered delivery" – WRONG. Event Grid does not guarantee order. Candidates confuse it with Queue Storage (FIFO). The exam may present a scenario where order matters and ask which service to use – the correct answer is Queue Storage or Event Hubs with partition key.
"You must enable event publishing on the storage account" – WRONG. Blob storage events are automatically published; you only need to create a subscription. Candidates think they need to enable a setting.
"Event Grid delivers events exactly once" – WRONG. It's at-least-once. Duplicates are possible. The exam tests idempotency.
"Subject filter can use wildcards" – WRONG. Subject filter uses prefix/suffix matching, not wildcards. Candidates may think they can use *.
Specific Numbers and Terms
maxDeliveryAttempts: default 30, max 30.
eventTimeToLive: default 1440 minutes (24 hours), max 1440.
Endpoint validation timeout: 10 seconds.
Event types: Microsoft.Storage.BlobCreated, Microsoft.Storage.BlobDeleted.
Subject pattern: /blobServices/default/containers/{container}/blobs/{blob}.
Edge Cases and Exceptions
BlobCreated is NOT emitted for append blobs – only block blobs and page blobs. This is a common trick.
BlobCreated is emitted for copy operations – but only when the copy completes (asynchronous copy).
BlobDeleted is emitted for soft-delete – but the event is generated at the time of deletion, not when the retention period expires.
If the storage account has a firewall or private endpoint, Event Grid can still deliver events to endpoints that are in the same virtual network if the endpoint is an Azure service (e.g., Function with VNet integration).
How to Eliminate Wrong Answers
If the scenario requires order, eliminate Event Grid.
If the scenario mentions exactly-once delivery, eliminate Event Grid.
If the scenario mentions polling (checking every 5 minutes), that's Queue Storage or Blob Storage index, not Event Grid.
If the scenario mentions filtering by blob size > 1 MB, that's advanced filters (supported).
If the scenario mentions endpoint validation failure, the subscription will show a validation error and events won't be delivered until fixed.
Blob Storage events are automatically published; you only need to create an Event Grid subscription.
Event types: Microsoft.Storage.BlobCreated, Microsoft.Storage.BlobDeleted.
Event Grid provides at-least-once delivery, not exactly-once.
Subject filtering uses prefix/suffix, not wildcards.
Default retry: 30 attempts over 24 hours (eventTimeToLive: 1440 minutes).
Endpoint validation for webhooks: must respond within 10 seconds.
BlobCreated events do not fire for append blobs.
Event Grid does not guarantee event order.
Dead-lettering can be configured to capture failed events.
Advanced filters allow conditions like blob size > 1 MB.
These come up on the exam all the time. Here's how to tell them apart.
Event Grid for Blob Events
Push-based: events are delivered immediately to subscribers.
Low latency: typically seconds.
No polling overhead.
Supports multiple subscribers per event.
Does not guarantee order.
Queue Storage for Blob Notifications
Pull-based: subscribers poll the queue for messages.
Higher latency due to polling interval.
Polling incurs cost and latency.
Single consumer per message (unless using multiple queues).
FIFO ordering with visibility timeout.
Mistake
You need to enable Event Grid on the storage account first.
Correct
Blob Storage automatically publishes events to an internal system topic. You only need to create an Event Grid subscription to receive them. No explicit enablement is required.
Mistake
Event Grid guarantees exactly-once delivery.
Correct
Event Grid provides at-least-once delivery. Subscribers may receive duplicate events and must be idempotent.
Mistake
Subject filters support wildcard characters like * or ?.
Correct
Subject filters only support prefix and suffix matching. For example, 'subjectBeginsWith' and 'subjectEndsWith'. Wildcards are not supported.
Mistake
Event Grid can deliver events in the order they were generated.
Correct
Event Grid does not guarantee order. If order is required, use Queue Storage or Event Hubs with a partition key.
Mistake
BlobCreated events are emitted for all blob types including append blobs.
Correct
BlobCreated events are only emitted for block blobs and page blobs. Append blob operations do not trigger this event.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Use the `az eventgrid event-subscription create` command. Provide the storage account resource ID as `--source-resource-id`, specify `--included-event-types Microsoft.Storage.BlobCreated`, and set the endpoint. For example: `az eventgrid event-subscription create --name MySub --source-resource-id /subscriptions/... --included-event-types Microsoft.Storage.BlobCreated --endpoint https://myfunc.azurewebsites.net/api/trigger`. You can also add subject filters with `--subject-begins-with`.
Yes, if your on-premises system exposes a public HTTP endpoint (webhook) that is reachable from Azure. The endpoint must be validated by Event Grid during subscription creation. Ensure your firewall allows inbound traffic from Azure IP addresses. Alternatively, you can use Azure Relay or VPN for private connectivity.
Event Grid retries delivery based on the retry policy (default: up to 30 times over 24 hours). If all retries fail, the event can be sent to a dead-letter destination (a blob container) if configured. The dead-letter allows you to inspect and reprocess failed events later.
Yes, Event Grid supports advanced filters. You can filter by blob size (e.g., `data.api` contains 'PutBlob', `data.contentLength` > 1000000). Advanced filters include operators like `NumberGreaterThan`, `StringContains`, `BoolEquals`, etc. This is useful to avoid triggering for small files.
When creating the Event Grid subscription, set the `--subject-begins-with` parameter to `/blobServices/default/containers/your-container-name/`. This filters events so only blobs in that container trigger the function. You can also use `--subject-ends-with` for file extension filtering.
A system topic is automatically created by Azure for Azure services (like Blob Storage) to publish events. You cannot create or delete system topics directly; they are managed by Azure. A custom topic is created by you for publishing your own custom events. Both can have multiple subscriptions.
Yes, Event Grid can still deliver events to endpoints that are within the same virtual network if the endpoint is an Azure service (e.g., Azure Function with VNet integration). However, the Event Grid service itself needs network access to the storage account's system topic, which is internal and not blocked by firewalls.
You've just covered Blob Storage Events with Event Grid — now see how well it sticks with free AZ-104 practice questions. Full explanations included, no account needed.
Done with this chapter?