The Mistakes — Vendor by Vendor
"We have one Office licence — the whole accounts team uses it."
Microsoft 365 is licensed per named user. Rahul's licence is Rahul's — Neha cannot use it, even on a different computer. Shared IDs like admin@ or finance@ are explicit violations.
Common Mistakes We See
- One Office licence shared across 3-4 employees
- Windows Server running without Client Access Licences (CALs)
- Dev/Test licences used by business teams "temporarily"
- Shared login credentials (admin@company.com)
⚠India risk: Microsoft enforces through contract law and copyright law. Audit settlements are at full list price — there is very little room for negotiation.
✓CitraInsight detects unlicensed installations, shared credentials, and missing CALs automatically.
"Our designer left, but we kept using his Photoshop login."
Adobe licences are strictly per named user. When an employee leaves, their licence must be deactivated. Continuing to use it — even on the same machine — is a violation. Adobe actively monitors login behaviour.
Common Mistakes We See
- Sharing Creative Cloud credentials between designers
- Ex-employee's licence still active after they left
- Pirated or cracked Photoshop/Illustrator installed "for testing"
- More installations than licences purchased
⚠India risk: Adobe enforces under Indian copyright law. Audits are often run directly by Adobe — civil claims and settlement demands are common.
✓CitraInsight detects cracked Adobe installations, activation mismatches, and orphaned licences.
"All our engineers share one AutoCAD login."
Autodesk licences are assigned to named users via Autodesk ID. One engineer using another's login is a violation. What starts as a "friendly licence review" can quickly become a formal audit.
Common Mistakes We See
- One AutoCAD licence shared across a design team
- Former employees still have active Autodesk IDs
- Using India-region licences for overseas projects
- Thinking "we bought the CD, we own it forever"
⚠India risk: Autodesk compliance in India involves BSA-aligned enforcement. Contractual recovery plus copyright claims.
✓CitraInsight identifies Autodesk installations versus entitlements across all your machines.
"We thought Java was free."
Oracle licences by cores and processors — not by number of users. Java used in any commercial application (even your internal payroll system) may require a paid licence. Under-counting cores is the #1 Oracle audit finding.
Common Mistakes We See
- Java running in production without a commercial licence
- Oracle Database on VMs — multiplying licence exposure unknowingly
- Assuming "developer edition" covers production use
- Not counting cores correctly in virtualised environments
⚠India risk: Oracle audits are aggressive, data-heavy, and result in high-value contractual claims with legal escalation.
✓CitraInsight detects Oracle and Java installations and flags unlicensed commercial usage.
"We classified everyone as a basic user to save money."
SAP licences are based on user classifications. Putting a finance manager on a "basic" licence when they use professional features creates retroactive exposure — sometimes across multiple years.
Common Mistakes We See
- Misclassifying Professional users as Employee users
- Assuming "technical users" or service accounts are free
- Third-party software connecting to SAP triggering indirect access fees
- Not reviewing classifications when roles change
⚠India risk: SAP audits often cover multiple years. Misclassification compounds silently into significant financial exposure.
✓CitraInsight identifies SAP installations and helps you track user counts against entitlements.
"We installed Tally on all 5 office PCs from one licence."
Tally licences are company-specific with user and connection limits. One licence does not mean unlimited installations. Educational versions cannot be used for commercial accounting. This is one of the most common violations in Indian SMBs.
Common Mistakes We See
- Single Tally licence installed on multiple PCs
- Educational Tally version used for real accounting
- Trial version still running months after expiry
- Sharing Tally data with CA firms using unlicensed copies
⚠India risk: Enforced under Indian Contract Act and Copyright Act. Tally treats misuse as a contractual breach, not a "mistake".
✓CitraInsight detects Tally installations, trial status, and licence mismatches across your systems.
"We licensed 2 out of 5 servers in the cluster."
VMware requires entire clusters to be licensed — not just the hosts you're actively using. Expired subscriptions mean no usage rights at all. This catches most companies during renewal time.
Common Mistakes We See
- Partial cluster licensing (2 of 5 hosts)
- Expired VMware subscriptions still in use
- Core count mismatch after hardware upgrades
- Merger creates unlicensed VMware environments overnight
⚠India risk: VMware compliance issues typically surface during renewals. Contract-based recovery.
✓CitraInsight identifies VMware installations and tracks subscription status.
"Everyone accesses Citrix from home — we figured one licence covers it."
Citrix licences are per user or per device. Work-from-home and BYOD access still requires licences. Concurrent usage doesn't avoid the requirement.
Common Mistakes We See
- Home/BYOD devices accessing Citrix without licences
- Shared Citrix credentials across a team
- Assuming "concurrent" means unlimited users
⚠India risk: Subscription enforcement during support renewal cycles.
✓CitraInsight detects Citrix installations across all endpoints.
"The sales team shares one Salesforce login."
Salesforce is strictly per named user. If you have 5 salespeople and 2 licences, you need 5 licences — not 2 "shared" ones. Salesforce tracks usage continuously and API access may also be licensable.
Common Mistakes We See
- Shared CRM logins across the sales team
- Role-based licences not matching actual usage
- API integrations triggering extra licensing needs
⚠India risk: Contractual penalties and access suspension. Salesforce may restrict your CRM access during disputes.
✓CitraInsight helps you track SaaS user counts against purchased licences.
"We gave everyone the premium role because it was easier."
ServiceNow charges based on user roles. Assigning a premium role when a basic role would suffice creates unnecessary cost and licence exposure. Dormant users still count if enabled.
Common Mistakes We See
- Premium roles assigned to basic users
- Dormant accounts left active for months
- Usage logged but never reviewed
⚠India risk: SaaS contract back-billing during renewals.
✓CitraInsight monitors ServiceNow deployment status across your infrastructure.
"We didn't know ILMT reporting was mandatory."
IBM licences by Processor Value Units (PVU). Missing ILMT (IBM Licence Metric Tool) data is treated as non-compliance by default — even if your actual usage is within limits.
⚠India risk: Strong audit rights under enterprise contracts. Forced licence purchase on non-compliance.
✓CitraInsight detects IBM software installations and tracks deployment footprint.
"We copied the installer to save time."
Trimble software is licensed, not sold. One licence per user or device — copying installers creates unauthorised installations. Territory restrictions also apply.
⚠India risk: Civil liability and injunction risk under IP law. Trimble works with compliance partners in India.
✓CitraInsight detects all Trimble/Tekla installations and flags unlicensed copies.
"We pool floating tokens across teams — it's fine, right?"
Dassault floating licences have hard usage limits. Casual token pooling is a common violation. Even "temporary sharing" between engineers is not permitted under the licence terms.
⚠India risk: Contract-based audit enforcement. Compliance reviewed during renewals.
✓CitraInsight identifies CATIA and SolidWorks installations across your network.
"We ran out of tokens so we just let people share."
Token exhaustion doesn't permit sharing. Usage must align with your purchased configuration. Licence servers record every token checkout.
⚠India risk: Audit-led reconciliation under enterprise contracts.
✓CitraInsight tracks Siemens software deployment and usage patterns.
"Average usage is low, so we're fine."
Bentley uses usage-based licensing where peak usage matters — not average. One heavy usage spike during a project deadline can create financial exposure.
⚠India risk: Consumption-based recovery under contract law. Renewals reflect past overuse.
✓CitraInsight monitors Bentley installations and flags usage trends.
"We have dormant users but they're not doing anything."
Dormant users still count towards your licence tier if they're enabled. Shared admin accounts are violations. Overuse increases renewal cost immediately — and reducing users later doesn't erase past overuse.
⚠India risk: Renewal price escalation. Enforced through SaaS subscription terms.
✓CitraInsight tracks Atlassian deployment and user activity indicators.
"It's an Indian company — they won't audit us."
Zoho products are licensed per named user. Sharing admin or team credentials is prohibited. There are no "small team" exceptions. Non-compliance can suspend your services entirely.
⚠India risk: Subscription enforcement and service restriction. Being Indian doesn't make Zoho lenient.
✓CitraInsight tracks Zoho deployment across your organisation.
"We're using the server licence for everything."
ESRI server licences differ from desktop licences. Mixing types is a violation. External access to ArcGIS services often requires additional licensing.
⚠India risk: Licence revocation and contractual recovery.
✓CitraInsight detects ESRI installations and licence type mismatches.
"We installed antivirus on 50 machines but only bought 30 licences."
Security software is licensed per device. Every protected endpoint must be covered. Over-deployment is one of the most common — and most easily detectable — violations.
⚠India risk: Forced true-up during audits with financial recovery.
✓CitraInsight counts security software installations and compares against licences purchased.
"It's open source — we can use it however we want."
Redis is no longer fully permissive for commercial use. If Redis is embedded in your production applications — on cloud or on-premises — you may need a paid licence. The "open source" assumption is dangerous. Redis has started active compliance outreach in India.
Common Mistakes We See
- Redis running in production without verifying the licence model
- Assuming all Redis usage is free because "it's open source"
- Cloud deployments using Redis without licence awareness
- Bundled Redis in applications without reviewing RSAL/SSPL terms
⚠India risk: IP enforcement and contractual claims are increasing. Redis compliance actions have already reached Indian companies.
✓CitraInsight detects Redis and other "open source" software with commercial licence requirements.