This chapter covers Azure Event Grid and Azure Event Hubs, two core eventing services for building event-driven architectures on Azure. For the AZ-204 exam, this topic area appears in roughly 10-15% of questions, primarily in the 'Integrate' domain (objective 5.3). You must understand the differences between push and pull models, when to use each service, and how to configure event subscriptions, filters, and throughput units. This chapter provides a deep, mechanistic explanation of both services, including their internal workings, configuration commands, and exam-specific traps.
Jump to a section
Imagine Event Grid as a highly efficient postal service. You subscribe to specific types of mail (events) from specific senders (publishers). When a letter (event) arrives, the postal service immediately delivers it to your mailbox (webhook/endpoint). You don't need to check for mail; the postal worker rings your doorbell every time. The postal service guarantees delivery (at least once) and can filter by envelope color (event type) or sender domain (subject prefix). Now, Event Hubs is like a global news wire service. Multiple news agencies (producers) send their articles (events) to a central hub (event hub). Subscribers (consumers) pull articles from the hub at their own pace. Each subscriber has a bookmark (offset) to track what they've read. If a subscriber is slow, the articles accumulate in the hub's buffer (partition). Unlike the postal service, the news wire doesn't push; subscribers must fetch. Also, the news wire retains articles for a set time (retention period, default 1 day for Event Hubs) before discarding them. Event Grid is reactive and push-based; Event Hubs is proactive and pull-based. Both handle events, but with fundamentally different delivery models.
What is Event Grid and Why It Exists
Azure Event Grid is a fully managed event routing service that uses a publish-subscribe model with push delivery. It is designed for high reliability, low latency (sub-second), and massive scale. The fundamental purpose of Event Grid is to react to events (state changes) in Azure resources or custom applications and deliver those events to registered subscribers (endpoints) such as Azure Functions, webhooks, or other Azure services. It enables event-driven architectures where components are loosely coupled and respond to changes in near real-time.
Event Grid is built on a topic concept. A topic is an endpoint where events are published. Subscribers create event subscriptions that define filters (e.g., event type, subject) and the destination endpoint. When an event is published to a topic, Event Grid evaluates all subscriptions and delivers matching events to their endpoints. Delivery is at least once, meaning the event may be delivered more than once; subscribers should be idempotent.
How Event Grid Works Internally
When a publisher sends an event to a topic, Event Grid: 1. Validates the event schema (must conform to Event Grid schema or CloudEvents 1.0). 2. Applies subscription filters: by event type, subject prefix/suffix, or advanced filters (e.g., numeric ranges, boolean, string contains). 3. For each matching subscription, Event Grid attempts delivery to the endpoint with exponential backoff retries (up to 30 seconds between retries, maximum 30 minutes total). 4. If delivery fails after all retries, the event can be sent to a dead-letter destination (Blob storage) if configured. 5. Event Grid guarantees at least once delivery; it does not guarantee order (except for per-subscription ordering with advanced filters? Actually, Event Grid does not guarantee order across events; each event is independent).
Key components: - Topics: System topics (Azure service events), Custom topics (user-defined), Partner topics (third-party). - Event Subscriptions: Define filter and endpoint. Can be at topic scope or resource scope (e.g., subscription to storage account events). - Event Schema: Standard format with fields: id, topic, subject, eventType, eventTime, data, dataVersion, metadataVersion. - Retry Policy: Default: retry for 30 minutes, exponential backoff (min 0.5s, max 30s). Can be customized: max delivery attempts (1-30), event time-to-live (1-1440 minutes). - Dead-Lettering: Store events that failed delivery after retries. Requires a Blob storage container. - Filters: Event type, subject begins with/ends with, advanced filters (NumberIn, StringContains, etc.).
Configuration and Verification Commands
Create a custom topic:
az eventgrid topic create --name mytopic --resource-group myrg --location eastusCreate an event subscription with webhook endpoint:
az eventgrid event-subscription create --name mysub \
--source-resource-id /subscriptions/.../resourceGroups/myrg/providers/Microsoft.EventGrid/topics/mytopic \
--endpoint https://myfunction.azurewebsites.net/api/triggerFilter by event type:
az eventgrid event-subscription create --name mysub \
--source-resource-id ... \
--endpoint ... \
--included-event-types Microsoft.Storage.BlobCreatedEnable dead-lettering:
az eventgrid event-subscription create --name mysub \
--source-resource-id ... \
--endpoint ... \
--deadletter-endpoint /subscriptions/.../resourceGroups/.../providers/Microsoft.Storage/storageAccounts/.../blobServices/default/containers/deadletterVerify subscription:
az eventgrid event-subscription show --name mysub --source-resource-id ...What is Event Hubs and Why It Exists
Azure Event Hubs is a big data streaming platform and event ingestion service. It is designed for high-throughput data ingestion (millions of events per second) from devices, applications, and services. Unlike Event Grid, Event Hubs uses a pull model: consumers read events from the hub at their own pace. The primary purpose is to decouple event producers from consumers, acting as a durable buffer that can retain events for a configurable retention period (1-7 days, default 1 day).
Event Hubs is built on partitions (1-32 per event hub, 32 default). Each partition is an ordered sequence of events. Producers send events to a partition (either round-robin or using a partition key). Consumers read from partitions in parallel, typically using a consumer group. Each consumer group provides an independent view of the event stream.
How Event Hubs Works Internally
When a producer sends an event (a byte array with metadata) to an event hub: 1. The event is assigned to a partition. If a partition key is provided, the key is hashed to determine the partition; otherwise, round-robin is used. 2. The event is appended to the partition's log at the next available offset. 3. The event is stored durably across multiple replicas (availability zones). 4. Consumers read events from a partition starting at a specific offset or sequence number. They can also read from a specific timestamp (for replay). 5. Consumers checkpoint their progress (offset) to Azure Blob storage to resume after failure.
Key components: - Event Hubs Namespace: Management container for one or more event hubs. Provides network isolation, authentication (SAS, AAD), and capacity (throughput units). - Event Hub: An event stream with a specific retention period and partition count. - Partition: Ordered log of events. Each partition can handle up to 1 MB/s ingress (with standard tier) and 2 MB/s egress. - Consumer Group: A named view of the event hub. Each consumer group can have multiple consumers (e.g., one per partition). Default consumer group: "$Default". - Throughput Units (TU): Standard tier: 1-20 TU, each TU allows 1 MB/s ingress or 1000 events/s, and 2 MB/s egress. Premium and Dedicated tiers use processing units (PU) or capacity units (CU). - Event Retention: Events can be retained for 1 to 7 days (Standard), up to 90 days (Premium/Dedicated). - Capture: Automatically writes events to Azure Blob Storage or Data Lake Storage in Avro/Parquet format.
Configuration and Verification Commands
Create an Event Hubs namespace:
az eventhubs namespace create --name mynamespace --resource-group myrg --location eastus --sku StandardCreate an event hub:
az eventhubs eventhub create --name myeventhub --namespace-name mynamespace --resource-group myrg --partition-count 4 --retention-time 1List consumer groups:
az eventhubs eventhub consumer-group list --eventhub-name myeventhub --namespace-name mynamespace --resource-group myrgSend events using .NET SDK (example):
var producerClient = new EventHubProducerClient(connectionString, eventHubName);
using EventDataBatch batch = await producerClient.CreateBatchAsync();
batch.TryAdd(new EventData(Encoding.UTF8.GetBytes("Hello")));
await producerClient.SendAsync(batch);Receive events:
var consumerClient = new EventHubConsumerClient(consumerGroup, connectionString, eventHubName);
await foreach (PartitionEvent partitionEvent in consumerClient.ReadEventsAsync())
{
Console.WriteLine(Encoding.UTF8.GetString(partitionEvent.Data.Body.ToArray()));
}Interaction with Related Technologies
Event Grid can subscribe to events from Event Hubs (via system topic: Microsoft.EventHub.CaptureFileCreated). Event Hubs can be used as a source for Azure Stream Analytics, Azure Functions, and other data platforms. Event Grid is often used with Azure Functions for serverless event processing. Both services can be integrated with Logic Apps.
Key Differences
| Feature | Event Grid | Event Hubs | |---------|------------|------------| | Delivery model | Push (sub-second) | Pull (consumer-driven) | | Throughput | Low to moderate (10MB/s per topic? Actually, no documented limit, but designed for reliability, not high throughput) | High (millions of events/sec) | | Event retention | Events are not retained after delivery (except via dead-letter) | Retained for configurable period (1-7 days default) | | Ordering | Not guaranteed | Guaranteed per partition | | Use case | Reactive event-driven workflows | Data ingestion, telemetry, event streaming | | Pricing | Pay per operation (million events) | Pay per throughput unit + ingress events |
Create an Event Grid Topic
Use Azure CLI or portal to create a custom topic. The topic is the endpoint where publishers send events. For example, `az eventgrid topic create --name OrderEventsTopic --resource-group ecommerce --location westus`. This creates a topic with a unique HTTPS endpoint. The topic name must be globally unique within the Azure region. After creation, note the endpoint URL and access key (primary/secondary) for authentication.
Create an Event Subscription
Define a subscription that filters events and sets the destination. For example, subscribe to 'OrderCreated' events and send to a webhook: `az eventgrid event-subscription create --name OrderCreatedSub --source-resource-id /subscriptions/.../topics/OrderEventsTopic --endpoint https://orderprocessor.azurewebsites.net/api/process --included-event-types OrderCreated`. The subscription can also filter by subject prefix/suffix. Event Grid validates the endpoint by sending a validation handshake (e.g., returning the validation code in the response).
Publish an Event to the Topic
A publisher sends an HTTP POST request to the topic endpoint with the event payload in Event Grid schema or CloudEvents 1.0 schema. The payload includes fields like id, eventType, subject, data, etc. Authentication uses a SAS key in the header 'aeg-sas-key' or a managed identity. Example: `curl -X POST -H 'aeg-sas-key: ...' -H 'Content-Type: application/json' -d '[{"id":"1","eventType":"OrderCreated","subject":"orders/123","data":{"item":"book"},"eventTime":"2023-01-01T00:00:00Z","dataVersion":"1.0"}]' https://OrderEventsTopic.westus-1.eventgrid.azure.net/api/events`
Event Grid Matches and Delivers
Event Grid evaluates all subscriptions for the topic. It checks filters: event type, subject, and advanced filters. For each matching subscription, it attempts delivery to the endpoint via HTTPS POST. If the endpoint returns 200-299, delivery is successful. Otherwise, Event Grid retries with exponential backoff (default: 30 min total, up to 30 sec between retries). After exhausting retries, if dead-lettering is configured, the event is written to Azure Blob Storage. The subscriber should process the event idempotently.
Create an Event Hub and Send Events
Create an Event Hubs namespace and an event hub using CLI: `az eventhubs namespace create --name telemetryns --resource-group iot --sku Standard` then `az eventhubs eventhub create --name telemetryhub --namespace-name telemetryns --partition-count 4`. Producers send events using SDK. For example, a .NET producer creates an EventHubProducerClient, creates a batch, adds events, and sends. The event is assigned to a partition (by key or round-robin). The event is stored in the partition's log and is available for consumers.
Receive Events from Event Hub
A consumer creates an EventHubConsumerClient with a consumer group (e.g., "$Default") and reads events. The consumer can read from all partitions or a specific partition. It must checkpoint the offset to Blob storage to avoid reprocessing after restart. Example: using `EventProcessorClient` from Azure.Messaging.EventHubs.Processor, which automatically balances partitions across multiple consumers. The consumer processes events and updates checkpoint. Events are retained for the retention period; after that, they are discarded.
Scenario 1: E-commerce Order Processing with Event Grid
An e-commerce platform uses Event Grid to react to order events. When a customer places an order, the order service publishes an 'OrderCreated' event to a custom topic. Subscriptions route the event to an Azure Function that validates payment, another that updates inventory, and a third that sends a confirmation email. The system uses dead-lettering to capture failed deliveries (e.g., if the inventory function is down) to a Blob storage container for later analysis. In production, the topic handles about 500 events per second during peak hours. The team configured a retry policy of 10 attempts with 30-second time-to-live to avoid overwhelming downstream services. A common misconfiguration is forgetting to enable dead-lettering, causing lost events when the function fails permanently. Another issue is not making the subscriber idempotent; Event Grid's at-least-once delivery can cause duplicate processing if the function doesn't check for duplicate order IDs.
Scenario 2: IoT Telemetry Ingestion with Event Hubs
A manufacturing company collects telemetry from thousands of IoT sensors. Each sensor sends temperature and vibration data every second. They use Event Hubs with 32 partitions to handle 10,000 events per second. The data is captured to Azure Data Lake Storage Gen2 using Event Hubs Capture, which writes Avro files every 5 minutes. Downstream, Azure Stream Analytics reads from Event Hubs to detect anomalies in real-time. The team uses multiple consumer groups: one for Stream Analytics, one for a long-term archive function, and one for a dashboard. They set the retention period to 3 days to allow replay during failures. A common mistake is setting partitions too low (e.g., 2) which limits throughput and consumer parallelism. Another is not using a partition key that ensures ordering for related events (e.g., sensor ID). When a partition is overloaded, the solution is to increase partitions (but partitions cannot be changed after creation, so careful planning is needed).
Scenario 3: Serverless Event Processing with Event Grid and Functions
A media processing pipeline uses Event Grid to trigger Azure Functions when new videos are uploaded to Blob Storage. The Blob Storage system topic publishes 'BlobCreated' events. A subscription with filter subject ends with .mp4 sends events to a function that transcodes the video. The function writes the output back to Blob Storage, which triggers another event for thumbnail generation. This creates a chain of event-driven functions. The team uses managed identity for authentication between Blob Storage and Event Grid, avoiding keys. They also set max delivery attempts to 5 to avoid infinite retries if a function has a bug. A pitfall is the event schema mismatch: the function expects a specific data format, but the default Blob Storage event schema includes different fields. They had to adjust the function to handle the standard schema. Also, they learned that Event Grid does not guarantee order, so they added a sequence number in the blob metadata to handle out-of-order events.
What AZ-204 Tests on Event Grid and Event Hubs
AZ-204 objective 5.3: 'Implement event-based solutions.' The exam focuses on: - When to use Event Grid vs Event Hubs: Push vs pull, reactive vs streaming, low latency vs high throughput. - Event Grid: Creating topics and subscriptions, filtering (event type, subject), retry policy, dead-lettering, authentication (SAS keys, managed identity), supported endpoints (webhooks, Functions, Logic Apps, etc.). - Event Hubs: Creating namespaces and event hubs, partitions, consumer groups, throughput units, checkpointing, Capture, authentication (SAS, AAD). - Common integration patterns: Event Grid triggering Functions from Blob Storage, Event Hubs as source for Stream Analytics.
Top Wrong Answers and Why Candidates Choose Them
'Event Grid guarantees order of delivery' – Candidates confuse Event Grid with Event Hubs. Event Grid does NOT guarantee order; each event is independent. The exam tests this by asking about ordering in a scenario with multiple events. The correct answer: Use Event Hubs with a partition key for ordering.
'Event Hubs uses push delivery to consumers' – Many think Event Hubs pushes events because it's an event service. Actually, consumers must pull. The exam may ask: 'Which service is best for a scenario where consumers need to process events at their own pace?' Answer: Event Hubs.
'Event Grid can retain events for days' – Event Grid does not retain events after delivery (except dead-letter). Event Hubs retains events. The exam may ask about replaying events; Event Hubs supports replay via offset/timestamp.
'Increasing partitions in Event Hubs improves throughput linearly' – Partitions affect parallelism, but throughput is capped by throughput units (TU). Adding partitions without increasing TU won't increase ingress throughput. The exam may ask about scaling Event Hubs.
Specific Numbers and Terms That Appear on the Exam
Event Grid retry policy: max 30 minutes, exponential backoff (0.5s to 30s).
Event Grid dead-letter: Blob Storage only.
Event Hubs partition count: 1-32 (default 32 for Standard tier).
Event Hubs retention: 1-7 days (Standard), up to 90 (Premium/Dedicated).
Throughput Units (TU): 1 MB/s ingress, 2 MB/s egress per TU. Max 20 TU per namespace.
Consumer group limit: 20 per event hub (Standard).
Event Hubs Capture: writes to Blob/ADLS Gen2 in Avro format every 5 minutes or 200 MB.
Edge Cases and Exceptions
Event Grid supports CloudEvents 1.0 schema; the exam may ask about schema differences.
Event Grid can subscribe to Azure service events (system topics) like resource group creation, but only within the same region.
Event Hubs with Kafka protocol: Event Hubs supports Kafka clients; the exam may ask about compatibility.
Event Hubs Geo-disaster recovery: alias namespace with automatic failover, but not supported for Premium/Dedicated? Actually, supported.
How to Eliminate Wrong Answers
If the scenario mentions 'reacting to events in real-time' and 'push', choose Event Grid.
If the scenario mentions 'high throughput', 'streaming', 'pull', 'replay', choose Event Hubs.
If the question asks about 'ordering', check if partition key is mentioned; if yes, Event Hubs.
If the question asks about 'retaining events for later processing', Event Hubs.
If the question asks about 'dead-lettering', Event Grid.
Remember: Event Grid is for discrete events; Event Hubs is for continuous streams.
Event Grid uses push delivery with at-least-once guarantee; subscribers must be idempotent.
Event Hubs uses pull delivery with at-least-once guarantee per partition; checkpointing is essential.
Event Grid retry policy: max 30 minutes, exponential backoff (0.5s to 30s), configurable max attempts and TTL.
Event Hubs partitions range from 1 to 32 per event hub (Standard tier) and cannot be changed after creation.
Event Hubs throughput is limited by throughput units (1 MB/s ingress, 2 MB/s egress per TU), max 20 TU per namespace.
Event Hubs Capture writes events to Blob Storage or ADLS Gen2 in Avro format every 5 minutes or 200 MB.
Event Grid supports CloudEvents 1.0 and Event Grid schema; the exam may ask about schema differences.
Event Hubs supports Kafka protocol, enabling Kafka clients to produce/consume events.
Event Grid dead-letter destination must be a Blob Storage container; dead-lettering is optional.
Event Hubs consumer groups provide independent views of the event stream; default is '$Default'.
These come up on the exam all the time. Here's how to tell them apart.
Event Grid
Push delivery model: events are sent to subscribers immediately upon publication
Designed for low-latency (sub-second) reactive workflows
No event retention; events are not stored after delivery (except dead-letter)
Supports filtering by event type, subject, and advanced filters
Best for discrete events like resource state changes, order placements, etc.
Event Hubs
Pull delivery model: consumers read events at their own pace
Designed for high-throughput streaming (millions of events per second)
Retains events for configurable period (1-7 days standard, up to 90 premium)
No built-in filtering; consumers filter as needed (can use Stream Analytics)
Best for continuous data streams like telemetry, logs, and IoT data
Mistake
Event Grid and Event Hubs are interchangeable because both handle events.
Correct
They serve fundamentally different purposes. Event Grid is a push-based reactive routing service for discrete events with sub-second delivery. Event Hubs is a pull-based streaming ingestion service for high-throughput event streams with durable retention and replay. Choosing the wrong one leads to architectural failure: using Event Grid for high-throughput telemetry would overwhelm it, and using Event Hubs for low-latency reaction would require polling.
Mistake
Event Grid guarantees exactly-once delivery.
Correct
Event Grid guarantees at-least-once delivery. Duplicates can occur due to retries. Subscribers must be idempotent. The exam tests this by asking about handling duplicate events.
Mistake
Event Hubs pushes events to consumers automatically.
Correct
Event Hubs uses a pull model. Consumers must actively read events from the hub using SDKs or Kafka clients. There is no push mechanism. The exam often contrasts this with Event Grid's push model.
Mistake
Increasing the number of partitions in Event Hubs always increases throughput.
Correct
Throughput is limited by throughput units (TU) or processing units (PU). Partitions allow more parallel consumers, but total ingress/egress is capped by TU. To increase throughput, you must also increase TU. The exam may ask about scaling both partitions and TU.
Mistake
Event Grid can deliver events to any HTTPS endpoint without validation.
Correct
Event Grid validates webhook endpoints by sending a validation handshake. The endpoint must respond correctly (e.g., return the validation code) for the subscription to be created. This prevents misconfigured endpoints from causing issues.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Event Grid is a push-based event routing service for reactive scenarios with sub-second latency. Event Hubs is a pull-based streaming ingestion service for high-throughput data. Use Event Grid when you need to react to events immediately (e.g., trigger a function when a blob is created). Use Event Hubs when you need to ingest and process large volumes of events over time (e.g., IoT telemetry). On the exam, remember: push vs pull, low latency vs high throughput, no retention vs retention.
No. Event Grid does not guarantee order of delivery. Each event is independent and may be delivered out of order. If you need ordering, use Event Hubs with a partition key, which ensures events with the same key are delivered in order within a partition. The exam may ask about ordering in a scenario; the correct answer is Event Hubs with partition key.
Checkpointing is the process of saving the offset (position) of the last processed event in a partition to durable storage (Azure Blob Storage). This allows a consumer to resume from where it left off after a restart or failure. The EventProcessorClient from the SDK automates checkpointing. Without checkpointing, a consumer would have to reprocess all events from the beginning or from a specified offset. The exam may ask about the storage location for checkpoints (Blob Storage) and the need for idempotent processing.
Yes. Azure Event Hubs provides a Kafka endpoint that is compatible with Apache Kafka protocol. You can use existing Kafka clients (producers and consumers) to send and receive events from Event Hubs without changing your code. This is useful for migrating Kafka workloads to Azure. The exam may ask about Kafka compatibility and the connection string for the Kafka endpoint (usually includes `$ConnectionString` and the event hub namespace).
For Standard tier, retention is 1-7 days. For Premium and Dedicated tiers, retention can be up to 90 days. Events are automatically discarded after the retention period. The exam may ask about default retention (1 day) and the maximum for each tier.
Event Grid supports two authentication methods for webhook endpoints: SAS key (using the `aeg-sas-key` header) and managed identity (using Azure AD). For Azure Functions, it can use function keys. The exam may ask about the header name for SAS key authentication (`aeg-sas-key`) and the validation handshake process where the endpoint must return the validation code.
Event Grid retries delivery with exponential backoff for up to 30 minutes (default). You can customize the retry policy (max attempts 1-30, event TTL 1-1440 minutes). If all retries fail and dead-lettering is configured, the event is sent to the dead-letter destination (Blob Storage). If dead-lettering is not configured, the event is dropped. The exam may ask about the dead-letter destination (Blob Storage only) and the default retry duration.
You've just covered Event Grid and Event Hubs — now see how well it sticks with free AZ-204 practice questions. Full explanations included, no account needed.
Done with this chapter?