(Simple high-level step-by-step for the admin that does not require screenshots. The process below is probably useful for building a lab, production deployments would require little more planning.)
TMG is basically an Outbound Proxy.
UAG is basically an Inbound Proxy.
TMG consists of 3 roles:
E-mail protection must be installed separately. It is not installed by default!