Microgrids are being increasing deployed to improve the operational flexibility, resilience, coordinated-energy management capabilities, self-adequacy, and increased reliability of power systems. This strong market growth is also driven by advances in power electronics, improved control systems, and the rapidly falling price and increased adoption of distributed energy generation technologies, like solar photovoltaics and storage. In the event of grid outages, microgrids can provide a backup source of power; providing resilience to the critical loads; however, this requires that the microgrid itself is resilient to physical and cyber threats. Building highly resilient microgrids requires a methodological assessment of potential threats, identification of vulnerabilities, and design of mitigation strategies. This paper provides a comprehensive review of threats, vulnerabilities, and mitigation strategies and develops a definition for microgrid resilience. The paper also develops a methodology for designing resilient microgrids by considering how microgrid designers and site owners evaluate threats, vulnerabilities, and consequences and choose the microgrid features required to address these threats under different situations.