This chapter covers two critical Azure Blob Storage features: Blob Storage Events and Lifecycle Management. Both are essential for building automated, event-driven storage solutions and appear frequently on the AZ-204 exam, typically accounting for 5-10% of questions in the Storage domain (Objective 2.2). You will learn how to react to blob creation, deletion, and other changes using Azure Event Grid, and how to automatically tier or delete blobs based on age using lifecycle management policies. The chapter provides deep technical explanations, step-by-step workflows, and exam-focused insights to help you master these topics.
Jump to a section
Imagine a massive automated warehouse that stores millions of packages on shelves. Each package has a barcode that includes its creation date and a 'best before' date. The warehouse has two automated systems: the 'Event Notification System' and the 'Cleanup Robot'. The Event Notification System is like a set of motion sensors and cameras at each shelf. Whenever a package is placed on a shelf (Blob Created) or removed (Blob Deleted), a camera captures the event and sends a notification to a central dispatch office (Azure Event Grid). The dispatch office then routes the notification to various departments (subscribers) that need to know—like accounting (to update inventory value) or shipping (to trigger downstream processes). The dispatch office does not move packages; it just sends messages about changes. The Cleanup Robot, on the other hand, is a separate system that patrols the aisles according to a policy set by warehouse management. It checks each package's 'best before' date and, if the date has passed, it moves the package to a disposal chute (delete) or to a discount section (tier to cool storage). The robot's patrol schedule is defined by rules: for example, 'move all packages older than 30 days to the discount section, and delete those older than 90 days.' The robot works autonomously, scanning barcodes and acting without human intervention. If a package is moved or deleted by the robot, the Event Notification System also captures that event and notifies the dispatch office, so the accounting department knows the package is gone. Importantly, the Event Notification System is near real-time—it sends notifications within seconds of the event—while the Cleanup Robot may only run once per day, depending on the policy. The two systems are independent: you can have events without lifecycle management, or lifecycle management without events, but they work best together to keep the warehouse organized and automated.
What Are Blob Storage Events and Why Do They Exist?
Blob Storage Events are notifications emitted by Azure Blob Storage when certain operations occur on blobs or containers. These events allow you to build reactive, event-driven architectures without polling or custom monitoring. Instead of continuously checking for changes, your application subscribes to events and receives push notifications via Azure Event Grid. This reduces latency, cost, and complexity.
Lifecycle Management is a policy-based automation feature that allows you to automatically transition blob data to different access tiers (Hot, Cool, Archive) or delete blobs based on age or last modification time. This helps optimize storage costs without manual intervention. The two features are independent but complementary: events can trigger actions when lifecycle management moves or deletes blobs, and lifecycle management can be used to tier data that you then process via events.
How Blob Storage Events Work Internally
Blob Storage integrates with Azure Event Grid to publish events for supported operations. When a blob is created, deleted, or when a blob tier changes, the storage service emits an event to an Event Grid topic (system topic for the storage account). Event Grid then delivers the event to one or more subscribers (endpoints) such as Azure Functions, Logic Apps, Webhooks, or other services.
The event flow:
1. An operation occurs on a blob or container (e.g., PutBlob, DeleteBlob, SetBlobTier).
2. Blob Storage generates an event with a schema defined by Event Grid. The event includes properties like topic (storage account resource ID), subject (blob path, e.g., /blobServices/default/containers/mycontainer/blobs/myfile.txt), eventType (e.g., Microsoft.Storage.BlobCreated), eventTime, and data (includes api, clientRequestId, requestId, eTag, contentType, contentLength, blobType, url, sequencer, storageDiagnostics, etc.).
3. The event is published to the Event Grid system topic associated with the storage account.
4. Event Grid filters events based on event type, subject, and data properties if configured, then delivers to subscribed endpoints.
5. The endpoint receives the event and processes it.
Supported event types:
- Microsoft.Storage.BlobCreated: Emitted when a blob is created or replaced. Covers PutBlob, PutBlockList, CopyBlob, SetBlobProperties (if blob content changes).
- Microsoft.Storage.BlobDeleted: Emitted when a blob is deleted (via DeleteBlob or lifecycle management deletion).
- Microsoft.Storage.BlobTierChanged: Emitted when a blob's access tier changes (via SetBlobTier or lifecycle management tiering).
- Microsoft.Storage.AsyncOperationInitiated: Emitted when operations like copy from URL begin.
Event delivery is at least once, so your handler must be idempotent. Events are delivered within seconds of the operation (typically <10 seconds).
Key Components, Values, and Defaults for Blob Storage Events
Event Grid System Topic: Automatically created for each storage account when the first event subscription is created. You cannot delete it manually; it is removed when all subscriptions are deleted.
Event Subscription: Defines which events to receive and where to send them. You can filter by event type, subject (prefix/suffix), and data attributes.
Endpoint Types: Azure Functions, Logic Apps, Webhook (must return 200 OK within 30 seconds), Event Hubs, Queue Storage, Hybrid Connections, or another Event Grid topic.
Retry Policy: Event Grid retries delivery up to 30 times with exponential backoff (default max 24 hours). For webhooks, if the endpoint doesn't respond with 200 within 10 seconds, Event Grid retries.
Event Schema: CloudEvent v1.0 or EventGridEvent schema. Default is EventGridEvent.
Maximum Event Size: 64 KB per event.
Latency: Typically sub-second to a few seconds.
How Lifecycle Management Works Internally
Lifecycle management policies are defined as JSON rules that specify actions on blobs based on conditions. The policy is applied at the storage account level and evaluated periodically (typically once per day). The rules are stored in the account and executed by the storage service internally.
A policy consists of one or more rules. Each rule has:
- name: Unique rule name.
- enabled: Boolean to enable/disable the rule.
- type: Must be Lifecycle.
- definition: Contains filters and actions.
Filters:
- blobTypes: Array of blob types to include. Supported values: blockBlob, appendBlob.
- prefixMatch: Array of path prefixes to match (e.g., ['container1/logs/']).
- blobIndexMatch: Array of blob index tag conditions (key-value pairs).
Actions:
- baseBlob: Actions on the base blob (not snapshots or versions).
- tierToCool: Move to Cool tier after a number of days.
- tierToArchive: Move to Archive tier after a number of days.
- delete: Delete the blob after a number of days.
- snapshot: Actions on blob snapshots.
- delete: Delete snapshots after a number of days.
- version: Actions on blob versions (if versioning enabled).
- tierToCool, tierToArchive, delete.
Conditions:
- daysAfterModificationGreaterThan: Number of days since last modification (for base blobs).
- daysAfterCreationGreaterThan: Number of days since creation (for snapshots/versions).
- daysAfterLastAccessTimeGreaterThan: Number of days since last access (requires last access tracking enabled).
- daysAfterLastTierChangeGreaterThan: Number of days since last tier change (to prevent rapid cycling).
Example policy JSON:
{
"rules": [
{
"name": "tierAndDelete",
"enabled": true,
"type": "Lifecycle",
"definition": {
"filters": {
"blobTypes": ["blockBlob"],
"prefixMatch": ["container1/logs/"]
},
"actions": {
"baseBlob": {
"tierToCool": { "daysAfterModificationGreaterThan": 30 },
"tierToArchive": { "daysAfterModificationGreaterThan": 90 },
"delete": { "daysAfterModificationGreaterThan": 365 }
}
}
}
}
]
}Configuration and Verification
Blob Storage Events:
Azure Portal: Storage account -> Events -> + Event Subscription.
Azure CLI:
# Create an event subscription for BlobCreated events, sending to an Azure Function
az eventgrid event-subscription create \
--name mySubscription \
--source-resource-id /subscriptions/{sub-id}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{account} \
--endpoint-type azurefunction \
--endpoint /subscriptions/{sub-id}/resourceGroups/{rg}/providers/Microsoft.Web/sites/{functionapp}/functions/{function} \
--included-event-types Microsoft.Storage.BlobCreatedLifecycle Management:
Azure Portal: Storage account -> Data management -> Lifecycle management -> Add rule.
Azure CLI:
# Set lifecycle policy from JSON file
az storage account management-policy create \
--account-name {account} \
--resource-group {rg} \
--policy @policy.jsonVerify with:
az storage account management-policy show --account-name {account} --resource-group {rg}Interaction with Related Technologies
Blob Storage Events can trigger Azure Functions to process newly created blobs (e.g., resizing images, extracting metadata). Lifecycle Management can tier old blobs to Archive, and an event can notify when a blob is tiered (BlobTierChanged). Together, they enable end-to-end automation: upload a blob -> event triggers processing -> after 30 days, lifecycle tiers to Cool -> event notifies -> after 90 days, tiers to Archive -> event notifies -> after 365 days, deletes -> event notifies.
Blob Storage Events also integrate with Logic Apps, allowing visual workflows. For example, a Logic App can be triggered by a BlobCreated event, then copy the blob to another storage account.
Lifecycle Management policies can be used with blob index tags to apply different rules to different categories of data. For example, tag blobs with department=finance and then have a rule that deletes finance blobs after 7 years.
Important Exam Considerations
Lifecycle management policy evaluation is not real-time; it runs approximately once per day. So if you set a rule to delete blobs after 30 days, the blob may be deleted between 30 and 31 days after modification.
Events are delivered at least once, so your handler must be idempotent.
Blob Storage Events are supported for general-purpose v2 (GPv2) and Blob Storage accounts. Not supported for GPv1 unless upgraded.
Lifecycle management is supported for GPv2, Blob Storage, and Premium Block Blob accounts (only delete actions, no tiering).
Lifecycle management actions are free, but storage transactions for tiering/deleting incur costs.
When a blob is deleted by lifecycle management, a BlobDeleted event is emitted.
You cannot use lifecycle management to move blobs between containers; only tier within the same container.
The Archive tier has a 180-day minimum storage duration; deleting or tiering earlier incurs an early deletion fee.
Lifecycle management can delete blob snapshots and versions, but cannot tier them to Cool/Archive (only base blobs can be tiered).
Create Storage Account and Enable Events
First, ensure you have a general-purpose v2 (GPv2) or Blob Storage account. Blob Storage Events are enabled by default on these accounts. If using a GPv1 account, you must upgrade it. In the Azure portal, navigate to your storage account, select 'Events' under the 'Monitoring' section. Here you can create event subscriptions. Alternatively, use Azure CLI to create a subscription. The storage account must be in the same region as the Event Grid topic (system topic). Note that system topics are created automatically when you create the first event subscription.
Create Event Subscription with Filters
In the 'Events' blade, click '+ Event Subscription'. Provide a name, select the event types you want (e.g., Blob Created, Blob Deleted, Blob Tier Changed). Under 'Filter to events', you can add subject filters: prefix and suffix matching on the blob path. For example, to only receive events for blobs in 'container1/images/', set subject begins with '/blobServices/default/containers/container1/images/'. You can also add advanced filters on data properties like 'api' or 'contentType'. Choose an endpoint type (e.g., Azure Function, Webhook). For Azure Function, select the function app and function. For webhook, provide the HTTPS endpoint. The endpoint must acknowledge the subscription validation event within 3 days (by returning the validation code).
Handle Events in Endpoint (Azure Function)
Your endpoint (e.g., Azure Function) receives a POST request with an array of events in the body. Each event has a 'data' object with details. For BlobCreated, the 'url' property gives the blob URL. Your function should be idempotent: if it receives the same event twice (due to retry), it should not cause duplicate processing. Use a unique identifier like the event 'id' or the blob 'eTag' to deduplicate. The function must return HTTP 200 OK within 30 seconds (for webhook) or 5 minutes for Azure Functions (default timeout). If the function fails, Event Grid retries with exponential backoff.
Define Lifecycle Management Policy
In the storage account, go to 'Lifecycle management' under 'Data management'. Click 'Add rule'. Give the rule a name, enable it, and select the blob types (blockBlob, appendBlob). Define the prefix filter (e.g., 'container1/logs/') or blob index tag filter. Then add actions: for base blobs, you can tier to Cool or Archive after a number of days since modification, or delete. You can also add actions for snapshots and versions. The policy is written as JSON and stored. Once saved, the policy is evaluated automatically, typically once per day. You can also set the policy via CLI using the 'az storage account management-policy create' command.
Monitor and Verify Lifecycle Actions
After the policy is applied, you can monitor its execution. Check the 'Lifecycle management' blade for 'Last run time' and 'Last run status'. You can also use Azure Monitor metrics like 'Blob Count' and 'Blob Capacity' to see changes. To verify that blobs were tiered, check the 'Access Tier' property of blobs in the portal or using Azure Storage Explorer. Note that lifecycle management does not provide per-blob logs; you can use storage analytics logs to see delete and tier operations. Also, when a blob is deleted by lifecycle, a BlobDeleted event is emitted (if you have an event subscription for that event type).
Enterprise Scenario 1: Automated Log Archiving
A financial services company generates terabytes of application logs daily, stored in Blob Storage (GPv2). They need to retain logs for 7 years for compliance but want to reduce costs. They implement a lifecycle management policy: logs older than 30 days are moved to Cool tier, logs older than 180 days are moved to Archive tier, and logs older than 7 years are deleted. This policy is applied to a container named 'logs'. The company also uses Blob Storage Events to trigger an Azure Function when a new log blob is created. The function indexes the log metadata into Azure Cognitive Search for real-time querying. After 30 days, the blob is automatically tiered to Cool, and a BlobTierChanged event triggers another function that updates the search index to indicate the blob is now in Cool tier (slower access). The system runs seamlessly, saving 80% on storage costs compared to keeping all data in Hot tier. A common mistake is forgetting that Archive tier has a 180-day minimum storage duration; if the policy tries to delete an archived blob before 180 days, an early deletion fee applies. Also, lifecycle management runs once per day, so there is a slight delay in tiering.
Enterprise Scenario 2: Media Processing Pipeline
A media company uploads raw video files to Blob Storage. They need to transcode each video to multiple formats. They use BlobCreated events to trigger an Azure Function that starts a transcoding job in Azure Media Services. After transcoding, the output files are stored in a different container. The raw videos are no longer needed after 7 days, so a lifecycle management policy deletes them after 7 days. However, they also need to keep the transcoded outputs for 1 year in Cool tier, then delete. They set up two rules: one for the 'raw' container (delete after 7 days) and one for the 'output' container (tier to Cool after 30 days, delete after 365 days). They also use blob index tags to tag raw videos with 'status=processed' after transcoding, and the lifecycle rule filters on that tag to avoid deleting videos that haven't been processed yet. A common pitfall is that lifecycle management does not support conditions based on blob metadata other than blob index tags; if you need to filter on custom metadata, you must use blob index tags.
Enterprise Scenario 3: Backup and Compliance
A healthcare organization uses Blob Storage for backup files. They need to retain backups for 7 years, but after the first year, the data is rarely accessed. They use lifecycle management to tier backups to Cool after 90 days and to Archive after 365 days. They also need to be notified when any backup is deleted (either manually or by lifecycle) for audit purposes. They set up an event subscription for BlobDeleted events that sends notifications to a Logic App, which logs the deletion to a database and sends an email to the compliance team. A common issue is that lifecycle management can delete blobs that are still needed if the policy is misconfigured. To prevent accidental deletion, they use a rule that only applies to blobs with a specific prefix, and they enable soft delete for blobs, which allows recovery within a retention period. They also set the lifecycle rule to delete only after 7 years, and they test the policy on a small subset first.
What AZ-204 Tests on This Topic
AZ-204 Objective 2.2: 'Develop for Blob Storage' includes subtopics on event-based processing and lifecycle management. Specifically, you should know:
How to configure Blob Storage events and event subscriptions.
The supported event types (BlobCreated, BlobDeleted, BlobTierChanged).
How to filter events by subject prefix/suffix and data attributes.
How to handle events in Azure Functions (idempotency, validation).
How to define lifecycle management policies using JSON.
The conditions: daysAfterModificationGreaterThan, daysAfterCreationGreaterThan, daysAfterLastAccessTimeGreaterThan.
The supported actions: tierToCool, tierToArchive, delete (for base blobs, snapshots, versions).
The fact that lifecycle management runs approximately once per day.
The minimum storage duration for Archive tier (180 days) and early deletion fees.
That lifecycle management is supported for GPv2, Blob Storage, and Premium Block Blob (delete only).
Common Wrong Answers and Why Candidates Choose Them
'Lifecycle management can move blobs between containers.' This is false. Lifecycle management only tiers blobs within the same container (to Cool/Archive) or deletes them. It cannot move blobs to a different container. Candidates confuse tiering with moving.
'Blob Storage Events are real-time with sub-millisecond latency.' While events are delivered quickly (typically seconds), they are not sub-millisecond. Event Grid has a latency of <10 seconds usually. Candidates overestimate speed.
'Lifecycle management can be triggered on-demand.' Lifecycle management runs on a schedule (once per day). You cannot trigger it manually. Candidates think it's like a function that runs immediately after policy change.
'You can use lifecycle management to archive blobs to Cool tier.' No, you can only tier to Cool or Archive; you cannot tier to Hot. Also, you cannot tier append blobs to Cool or Archive; only block blobs can be tiered (except Premium).
'Event subscriptions are automatically created for all storage accounts.' No, you must create them explicitly. The system topic is auto-created when you create the first subscription.
Specific Numbers and Terms on the Exam
Event delivery: at least once.
Webhook timeout: 30 seconds.
Event size limit: 64 KB.
Lifecycle evaluation: approximately once per day.
Archive tier minimum storage duration: 180 days.
Supported blob types for lifecycle: blockBlob, appendBlob (but only blockBlob can be tiered).
Condition properties: daysAfterModificationGreaterThan, daysAfterCreationGreaterThan, daysAfterLastAccessTimeGreaterThan, daysAfterLastTierChangeGreaterThan.
Event types: Microsoft.Storage.BlobCreated, Microsoft.Storage.BlobDeleted, Microsoft.Storage.BlobTierChanged.
Edge Cases and Exceptions
If you have a lifecycle rule that deletes blobs after 30 days, and you also have a rule that tiers to Cool after 30 days, the delete action takes precedence? Actually, both can apply; the blob will be tiered and then deleted? No, the actions are evaluated independently; a blob can be both tiered and deleted if both conditions are met, but deletion happens after tiering? The order is not guaranteed; it's safer to set different thresholds.
Lifecycle management does not work on blobs in the Archive tier if you want to tier them to Cool? You cannot tier from Archive to Cool automatically; you must manually rehydrate.
If you delete a container, lifecycle management will not delete the blobs first; the container and all blobs are deleted immediately.
Events are not supported for Azure Data Lake Storage Gen2 (hierarchical namespace) accounts? Actually, they are supported, but only for Blob service endpoints, not DFS endpoints.
How to Eliminate Wrong Answers
If an answer says 'lifecycle management runs immediately after policy creation', it's wrong because it runs once per day.
If an answer says 'events are guaranteed exactly once', it's wrong because they are at least once.
If an answer says 'you can filter events by blob content', it's wrong because you can only filter by metadata (subject, event type, data properties like api).
If an answer suggests that lifecycle management can move blobs to a different storage account, it's wrong.
If an answer mentions 'tierToHot' in lifecycle actions, it's wrong (only Cool and Archive).
Blob Storage Events support three event types: BlobCreated, BlobDeleted, BlobTierChanged.
Events are delivered at least once via Azure Event Grid; handlers must be idempotent.
Lifecycle management runs approximately once per day; it is not real-time.
Lifecycle management actions include tierToCool, tierToArchive, and delete for base blobs, snapshots, and versions.
Only block blobs can be tiered; append blobs support only delete actions.
Archive tier has a minimum storage duration of 180 days; early deletion incurs a fee.
Lifecycle management policies are defined using JSON with filters (prefix, blob type, blob index tags) and conditions (days after modification, creation, access, or tier change).
Blob Storage Events require a GPv2 or Blob Storage account; lifecycle management is supported on GPv2, Blob Storage, and Premium Block Blob (delete only).
Event subscriptions can filter by event type, subject prefix/suffix, and data properties.
When a blob is deleted by lifecycle management, a BlobDeleted event is emitted (if subscribed).
These come up on the exam all the time. Here's how to tell them apart.
Blob Storage Events
Reactive: triggered by blob operations (create, delete, tier change).
Near real-time delivery (seconds).
Uses Azure Event Grid; events can be filtered and sent to multiple endpoints.
Requires explicit event subscription configuration.
Suitable for immediate processing (e.g., image resizing upon upload).
Lifecycle Management
Proactive: scheduled policy evaluation (once per day).
Batch processing of all blobs matching conditions.
Defined as JSON rules within the storage account; no external dependencies.
No subscription needed; policy is applied automatically.
Suitable for cost optimization (tiering/delete old data).
Mistake
Blob Storage Events are delivered exactly once.
Correct
Events are delivered at least once. Due to retries, the same event may be delivered multiple times. Handlers must be idempotent.
Mistake
Lifecycle management runs immediately after you save the policy.
Correct
Lifecycle management evaluates policies approximately once per day. Changes may take up to 24 hours to take effect.
Mistake
You can use lifecycle management to move blobs to another container.
Correct
Lifecycle management only tiers blobs within the same container (to Cool/Archive) or deletes them. It cannot move blobs between containers.
Mistake
Lifecycle management can tier append blobs to Cool or Archive.
Correct
Only block blobs can be tiered to Cool or Archive. Append blobs support only delete actions in lifecycle management.
Mistake
Blob Storage Events are available for all storage account types, including classic GPv1.
Correct
Events are supported only for GPv2 and Blob Storage accounts. GPv1 accounts must be upgraded to GPv2 to use events.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Blob Storage Events are push notifications that fire immediately when a blob is created, deleted, or tiered. They are used for reactive processing (e.g., trigger a function when a new file is uploaded). Lifecycle Management is a scheduled policy that automatically tiers or deletes blobs based on age or last access time. It runs approximately once per day and is used for cost optimization. The two can work together: events can notify you when lifecycle management performs an action.
No. Lifecycle management only operates within the same storage account. It can change the access tier of a blob (e.g., from Hot to Cool) or delete it, but it cannot move blobs to a different container or storage account. For moving blobs, you need to use Azure Data Factory, AzCopy, or custom code.
Lifecycle management evaluates policies approximately once per day. The exact time is not configurable and may vary. Therefore, if you set a rule to delete blobs after 30 days, the blob will be deleted sometime between 30 and 31 days after the condition is met.
Both actions can apply. The blob will be tiered to Cool after the first condition (e.g., 30 days) and then deleted after the second condition (e.g., 365 days). However, if both conditions have the same number of days, the order of execution is not guaranteed; it's best to set different thresholds to avoid ambiguity.
Yes, Blob Storage Events are supported for storage accounts with hierarchical namespace enabled (Data Lake Storage Gen2). However, events are only emitted via the Blob service endpoint, not the DFS endpoint. The event types and schema are the same.
You can filter events by subject (prefix/suffix matching on the blob path) and by data properties such as 'api' (e.g., PutBlob) or 'blobType'. However, you cannot filter by blob content or custom metadata directly. To filter by custom metadata, you would need to use blob index tags and filter by tag in lifecycle management, but not in event subscriptions.
The Archive tier has a minimum storage duration of 180 days. If you delete a blob or move it to a different tier before 180 days, you incur an early deletion fee proportional to the remaining days. Lifecycle management will not prevent this if you set a delete rule with a shorter interval.
You've just covered Blob Storage Events and Lifecycle Management — now see how well it sticks with free AZ-204 practice questions. Full explanations included, no account needed.
Done with this chapter?