The last in the series of papers I wrote in this general area has just been published and is available here. This one details the configuration you need when you want to have Outlook Anywhere use NTLM authentication when published through TMG or UAG.
Why would you ever want to do this? Well, if your clients are domain joined it does avoid the Basic authentication pop up in most cases, and because it is more secure than Basic as credentials never pass over the wire (though of course with Basic they are, or certainly should be, secured with SSL!).
It's a bit more complicated to set up than Basic, but armed with the Whitepaper and some time I'm confident you'll be able to get it working. Try it in a lab first though, always good advice.