Yes, this is all you need to do.
As long as you generate a new token on each protected page, with <%= Html.AntiForgeryToken() %>
and always ensure it is checked in any protected action, using [ValidateAntiForgeryToken]
This implements the Synchronizer Token Pattern as discussed at the CSRF Prevention Cheat Sheet at OWASP.
In order for a script to succeed in making an acceptable request, it would have to first get the form and read the token and then post the token. Same Origin Policy will stop this from being allowed in a browser. A site canot make an AJAX style http request to another site; only to itself. If for some reason same origin policy can be breached, then you will become vulnerable.
Note that if you have a cross-site scripting vulnerability, then an attacker can abuse the xss vulnerability to circumvent the protection provided by the same origin policy (because the script is now running from your own site, so SOP succeeds). The injected script can then happily read and resubmit the token. This technique to get past CSRF protection via XSS has been common in some worms recently. Basically, if you have XSS, your CSRF-protection is a waste of time, so ensure you are not vulnerable to either.
Another thing to watch out for is Flash and Silverlight. Both of these technologies do not subscribe to the same origin policy and instead use cross domain policy files to restrict access to remote resources. Flash/Silverlight script can only access resources on your site if you publish a cross domain policy xml file on your own site. If you do publish this file, only ever allow a whitelist of trusted third-party servers and never allow *.
Read more about CSRF at OWASP
See also: XSS Prevention Cheat Sheet