How to check if x509 certificate issuer is microsoft

Question

So for a school project I need to find out if a provided X509Certificate is issued by microsoft. If it is I have to return true, else I have to return false.

This is what i've got at the moment

private bool IsAcceptedCertificate(X509Certificate cert)
        {               
            try
            {
                //if microsoft
                if (cert.Issuer.Equals("Microsoft")) {
                    return true;
                }
            }
            catch (CryptographicException ex)
            {
                System.Diagnostics.Debug.WriteLine(ex.ToString());
            }

            //if not microsoft
            return false;
        }

Edit 1: Is this the correct way to tackle this problem. I can't test it out because the teacher can't provide me a certificate to test it. Yet I still need this thing to work correctly.

Answer 1

Something like this should be sufficient:

private  bool IsAcceptedCertificate(X509Certificate2 cert)
{
    try
    {
        if(cert.Verify() && cert.Issuer.StartsWith("CN=Microsoft"))

        {
            return true;
        }
    }
    catch (CryptographicException ex)
    {
        System.Diagnostics.Debug.WriteLine(ex.ToString());
    }

    //if not microsoft
    return false;
}

It checks that the certificate is valid, and that its issued by "some" Microsoft CA. To be more specific you can check against all Microsoft CAs, instead of CN=Microsoft*

Edit: In the Trusted Root Certificaton Authorities store on Windows 10 machines, there are 4 trusted Micorosft root certificates. "CN = Microsoft Root Authority","CN = Microsoft Root Certificate Authority", "CN = Microsoft Root Certificate Authority 2010" and "CN = Microsoft Root Certificate Authority 2011"